Hardware stocktaking for securityWednesday, June 09, 2021
Over the last 12 to 15 months all the major seminars and conferences were, understandably, held online. Also, many of these conferences added some form of digital transformation talk to their agenda, maybe because they were experiencing this transformation first-hand as many attendees were not technically inclined.
Here is my simplified five-point strategy that, if implemented, can see an 85 per cent reduction in the risk of a primary cybersecurity breach.
Take stock – Document all the IT hardware and software you own, where they are and who has access to them. Ensure that all the software that you use is legally yours to use.
Lock shop – Enable the most secure configuration of the software and devices that you have. Remove all default passwords from the hardware and software you own. Implement multifactor authentication for access to sensitive data. Encrypt your data while at rest and in transit. Secure your Internet and Wi-Fi with the aid of virtual private networks (VPNs) and firewalls.
Plenty protection – Install anti-malware software to protect your computers, important data, and protect your customers' privacy. Have at least three backups of critical data (two local and one remote).
Patch it – You should regularly update operating systems, IT appliances, and other essential IT assessments to fix known vulnerabilities.
Be aware, be VERY aware – The human factor is massively important and is often the weakest link. Train all users and train them often on data security, e-mail attacks, and your policies and procedures.
We will dig deeper into each of these areas over the coming weeks. Today we look at hardware assets.
Take stock – Identifying all the hardware in your environment.
Hackers use sophisticated tools to scan the Internet, looking for unprotected systems in the industries or organisations they target. You cannot protect what you do not know you have. We visit many organisations and ask for the hardware inventory and, sadly, many of these are incomplete. COVID-19 work-from-home set-ups have added a new opportunity for bad actors because users are now outside of the secure organisations' perimeter and are connecting back to the office on home routers not configured to your companies' specifications. Regardless of the size of your business, you MUST be able to identify all the hardware assets authorised to access your network so you can make sure only those are allowed to connect.
Can you confidently answer these questions?
How are users accessing your organisation's systems?
Are users allowed to access important company data on their devices?
How do you protect that data if that device is reported stolen or lost?
Can you prevent “infected” devices from accessing your network?
Most, if not all, cybersecurity framework or guidelines recommend that you implement measures to manage and track all your hardware assets and allow authorised devices access to your system. You should also have a method of preventing non-compliant devices from accessing your network until they become compliant or are allowed to be managed by your internal processes. Next week we take stock of all the software in your environment.
Christopher Reckord is CEO of Managed IT services provider tTech Limited. Trevor Forrest is founder and CEO of 876 Technology Solutions. Collectively, they have approximately 80 years of experience helping organisations of varying sizes procure and implement information technology solutions and transform digitally.
Now you can read the Jamaica Observer ePaper anytime, anywhere. The Jamaica Observer ePaper is available to you at home or at work, and is the same edition as the printed copy available at https://bit.ly/epaper-login