Do you use a data backup solution for all critical data?īackup was stressed in the cyber insurance application, but not just any backup. In my firm I find that the phishing protection “learns,” and while it may let an initial attack email in the door, by the time the attackers start sending attack emails to all the other users in the office, it has learned what is and is not malicious and starts blocking it soon after the attack emails start being sent. Many attacks come through email and uses Office macros to gain access to a system or use zero days in Office suites to gain more access to a workstation. The cyber insurance application asked if I used an email filtering solution to prevent phishing or ransomware attacks. What email filtering solutions do you use? With these tools you can better understand how the attackers accessed your system and thus can protect yourself from the next attack. They also answer the question of how the attacker got into the network and what they used to do so. Yet we are increasingly tasked by regulators and industries to identify when we have had a breach.ĮDR products automate many of the investigation techniques and allow a firm to determine if they have lateral movement issues or a malicious PowerShell script has been used to take control of systems. SMBs often don’t have the resources to investigate a security incident. If you want to purchase it separately, it is priced at $3 per user for those businesses under 300 users. If you have Microsoft 365 Business Premium, Defender for Business is already included in the monthly cost of the product. Now in addition to EDR solutions as Crowdstrike, Cylance and Carbon Black, the new kid on the block of EDR solutions is the most affordable for SMBs: Microsoft Defender for Business. Until recently, EDR has been a bit elusive to small- to medium-sized businesses (SMBs). The cyber security insurance application asked whether I had deployed an endpoint detection and response (EDR) tool. Have you deployed endpoint detection and response tools? The best way to protect email is to ensure that you have a platform that supports modern authentication protocols and the ability to add 2FA. Implied in that question is whether I have blocked older, less secure email protocols such as POP. The cyber insurance policy application also asked if I mandated two factor authentication for protecting email. I recommend designing conditional access so that it balances the need of authentication prompts in a manner that asks for 2FA when the user is behaving in a manner that places the network at risk. Additional vetting is in place should the user log in from an unusual location. I mandate 2FA for administrative roles but make it optional for uses logging in from previously vetted devices. Conditional access allows you to set up protections based on what the user is doing and mandates additional actions should the user be logging in to a specific role or from an unusual location. Having tools that validate credentials and provide additional protection is key to ensuring that attackers can’t gain access. These days, our credentials are our boundaries. Remote access for servers should be specifically set up as securely as possible. Configure Group Policy Objects that link to all domain controller organizational units (OUs) in a forest to allow RDP connections only from authorized users and systems like jump servers.
0 Comments
Leave a Reply. |