With recent events triggering a nationwide alert to the Iranian cyber threat, organizations and individuals are feeling the pressure to increase their cybersecurity. Articles and guides have been published that aim to help organizations do just that, but often only describe basic cyber hygiene, failing to recognize the more stringent response that the situation requires. Don’t get me wrong, those tips are helpful in the day-to-day, but in our current cyber landscape, we should be well past the basics.
One article that took things a step further was Cybersecurity Law Report’s “Eight Data Security Best Practices Revealed by Recent AG and FTC Enforcement Actions.” By focusing on the steps taken after a security breach, this article gives the reader a better understanding of cyber and how best to secure an organization.
As the CEO of a company whose customers are among the most security-conscious organizations in the world, I see first-hand the steps we take to maintain our own security posture. I see the work done by my team to constantly reevaluate how best to secure our organization today. The landscape is constantly changing, and risks and cyber threats become more advanced every day, so we need to as well.
Speaking of my team, Ian Fagan, Telos’ lead information security analyst, agreed that the best practices mentioned in Cybersecurity Law Report’s article are great steps in the right direction. And, with a combination of the article’s and Telos’ best practices, Ian created the following list of recommendations for you and your organization:
- Implement multi-factor authentication
- Require password vaults
- Ensure stored passwords are properly hashed and salted
- Limit the scope of access (user permissions, network access controls)
- Use a security information and event management (SIEM) product to monitor and log network activity
- Conduct regular penetration testing and remediation
- Train employees to safeguard personal information
- Segment networks using Virtual Local Area Networks (VLANs) and dedicated firewalls, etc.
- Patch in a timely manner
- Encrypt data, devices, backups, stored information, etc.
It is in your organization’s best interest to check in on your security posture, to make the appropriate changes, and to continuously monitor your security. Learn from the mistakes made by other companies, and the changes they made as a result, before you find yourself in their position. In the current cyber landscape, we all need to be anticipating the next cyber threat.