Malware Manual – Part 4: Basic Tactics for Cybersecurity Monitoring & Maintenance

GettyImages_459434713
  • September 13, 2017
  • Print This Post

In the last installment of our Malware Manual series, we called today’s business security challenges a “cyber siege in the digital realm” because to many companies – large or small – the onslaught of cybercrime can feel like one. Why? Check out this sampling of recent headlines from around the globe and across industries:

For a thorough, structured approach to coping with these multiplying cybersecurity risks, we advocate applying the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST). The NIST framework promotes five tenets for holistically managing cybersecurity: IdentifyProtect, Detect, Respond, Recover

For the third tenet of the NIST framework, “Detect,” we’ve touted many times in this blog the support of IT Managed Services Providers (MSPs) for continuous monitoring and maintenance services. Yes, making your own staff aware of cyber risks and educating them about recognizing cyber attacks is critical, as we’ve argued in many past posts such as “Why Education is Your Best Cybersecurity Defense.” But patrolling the vast virtual perimeter of your business is a big job these days, especially in the era of digital transformation. So, navigating the cybersecurity landscape alone is not a course we recommend.

So, what should your team of IT MSPs and internal staff being doing to monitor and maintain a cybersecure organization? We reviewed advice from security experts. Here’s a digest of basic tactics:

      • Provision Specifically for Monitoring and Maintenance – Make detecting threats and attacks a specific part of your annual IT budget – or a stand-alone item in your corporate security budget. Allocating money to ensure security safeguards remain fully funded and up-to-date is critical to cyber vigilance.
      • Establish a Specific Cyber Security Policy – “This should include advice on storing passwords, connecting to WiFi networks and granting app permissions,” writes columnist Ross Howard in a recent Baseline article. “You should also ensure that your employees are aware of the dangers of connecting unknown USB drives, and clicking on links in emails, even when the sender appears to be a known contact.” We concur and add our own wisdom in the recent post “7 Tips for Better IT Policy Awareness Building and Enforcement.”
      • Launch – and Sustain – a Core Campaign – Security guru Kevin Cardwell tells Small Business Computing that a core campaign of cybersecurity monitoring and maintenance should include:
        • Application Whitelisting to help defelct malicious software and unapproved programs
        • Regular Patching for operating systems, browsers and applications (e.g., Flash, Microsoft Office, Java and PDF viewers)
        • Administrative Privilege Restrictions for operating systems and applications based on user duties

In addition to Cardwell’s list, Howard suggests testing for weaknesses in your systems on a recurring basis – even hiring professional hackers as guides on occasion. Plus, as we’ve counseled in several posts, performing consistent backups.

Need Help With
Your IT?

Find a Location

0 Comments

Need Help with your IT?

Find a Location
Near You.

Gain
weekly
insight

into the evolving world of IT for business.
Subscribe now.

Follow Us
Friend me on FacebookFollow me on TwitterFollow my company on LinkedInRSS Feed

Follow us on Twitter

About

ITinflections is a blog that covers a wide range of technology-based articles IT in the workplace, focusing on small- to medium-sized businesses.

If you’re looking to improve your company’s productivity through the effective use of technology, enjoy ITinflections, the blog about technology for business.