Cybersecurity Best Practices for Federal Agencies, Small/Medium Businesses, and Individuals.
When it comes to cyber threats in 2020, the environment is constantly changing. Here’s a run down of the latest developments and best practice to keep you safe today.
Threats
First, to give you an idea of the range of cyber threats that exist, here’s a short list of the kind of attacks to be aware of:
Phishing
Deepfakes
Remote User’s endpoint, BYOD (Bring your own Device)
Web Application hacking (OWASP top 10)
IOT Devices (a lot of IOT devices are not secure on a user’s network, and an attacker may be able to move laterally to a user’s federal endpoint)
Ransomware
Insider Threats – Disgruntled Employees
Nation-state or highly funded malicious actors
Disinformation in Social Media
5G (with the implementation of 5G, there will be all new security issues we’ve never had to account for
Best Practices to Stay Safe Online
For individuals and small or medium sized businesses:
Change your passwords often and make them strong.
Multi-Factor authentication: implement this when you can, as this creates several different ways to verify a login, discouraging hacks.
Avoid unsolicited emails from sources that seem unusual: for example, the Nigerian prince who happens to have your email asking you for money is as unreal as your gut is telling you.
For Federal government agencies:
For the Federal government, the best practices become more complex. When the Federal government hires a contractor to improve their cybersecurity safety measures, the most important thing is hiring an agile team who is able to keep up with the ever-changing landscape. A team that anticipates new problems that could arise and is ready to offer inventive solutions is the kind of team you want to have on your side.
Here are a few best practices for enterprise-wide cybersecurity:
Multi-Factor authentication: again, this is helpful for businesses of all sizes.
Zero Trust: this addresses lateral movement within a network. In the past, if someone got past a firewall, they had the keys to the castle. With zero trust, everything requires its own authentication to access. So even if an attacker gains access to your network, they won’t have the authorization to access files or databases or anything else on your network.
Employee Security Awareness: if you’re going to ensure state of the art cybersecurity for an enterprise wide system, it’s important to make sure you’re employees are aware of best practices, as well. Be sure to train your employees in basic security practices so that they don’t click on phishing emails or click malicious links, etc. It’s better to be safe than sorry!
Crowd-Sourced Bug Bounties: companies like Synack have started provided real life white hat hackers to attempt to infiltrate government systems. This can enable an agency to determine where their weaknesses are from a real attacker.
DevSecOps: a DevSecOps practice is able to find vulnerabilities faster than any other software. This process essentially creates a mutable infrastructure, which allows us to scan a system within minutes to seconds and identifies threats much quicker than traditional methods, which can take up to months or years to catch bugs.
Mobile Device Management: with more people moving to remote work, a lot of employees are bringing their own devices into their work. Agencies must make sure that they’ve developed a practice of managing these mobile devices, in addition to other platforms.
VPN: with remote work, VPN becomes essential to ensuring security and privacy to an employee’s remote work setting. Agencies should make VPNs for remote work mandatory for all employees.
Data Classification: agencies should also prioritize checks to see if data is classified correctly. If it isn’t, then agencies lose control over managing who is supposed to have access to what information – a very important authentication step for all users.
Data Privacy: ensure that the data at rest and in motion is secure so that personal identification information (PII) is not stolen by an attacker. Protecting agency-wide personal information is as important as protecting the American public’s personal information.
As you can see, there are a myriad of ways that hackers can attack a system and a myriad of ways to protect against those attacks, including emerging methods. At Makpar, providing top quality service to our clients means we continue to stay on top of the latest development in threats and solutions. Rather than catch up to hackers, we need to stay ahead of them.
The most effective way clients and individuals can protect themselves in this online environment is continuous monitoring and security assessments. We’ll talk more about this in future blog posts to help you get better acquainted with these practices.
Happy cybersecurity awareness month. Continue to stay safe and ensure you’re protecting yourself. For more updates from us on best practices and cybersecurity tips follow us on LinkedIn or Twitter.