The Most Important Small Business Checklist of the Year
January 10, 2019 By Christopher George 2019 goals, contain attacks
As you begin to establish goals and reevaluate critical business risks for the year ahead, cybersecurity must be at the very top of your list. According to the Breach Level Index, the number of lost, stolen or compromised records increased by a jaw-dropping 133% in the first half of 2018 compared to the same time the previous year. As attack methods continue to evolve, you not only need a strong security platform, but the knowledge and experience to put it all together. Without the right strategy and execution, you are taking a serious gamble with your livelihood.
Our Protelligent® engineers have compiled this handy cybersecurity checklist of tactics that can help you prevent initial compromise, along with measures to contain an attack after infiltration.
UP-FRONT TACTICS TO HELP PREVENT INITIAL COMPROMISE
- □ Patch vulnerable software and restrict network access to what you cannot quickly patch
- □ Restrict Access to Remote Desktop (RDP)
- Place RDP listening ports behind a firewall
- Use an RDP Gateway
- Enable network-level authentication
- Change the default listening port
- □ Use Server Message Block (SMB) Best Practices
- Disable SMBv1
- Restrict SMB network activity by using firewalls
- □ Block Malicious File Attachments in Email
- Executable and batch files (.EXE, .BAT)
- Script files (.JS, .VBS)
- Archive files (.ZIP, .SFX, .7z )
- □ Organizational Awareness
-
Ensure your employees know and understand the current cyber-threat landscape, from ransomware and phishing to whaling and more. As part of our Premonition
™ Security Suite,
Protelligent provides online courses led by seasoned experts to help you manage human risk more effectively.
- □ Utilize Ad Blockers in Web Browsers
- □ Secure Microsoft Office
- Enforce stringent macro controls to reduce potential infection from malware and malicious scripts
- Ensure the “update automatic links at open” setting in Microsoft Word is disabled to prevent the Microsoft Dynamic Data Exchange (DDE) feature from launching malware
- Disable Microsoft’s Object Linking and Embedding (OLE) feature when possible to reduce malicious file attacks
PRECAUTIONS TO CONTAIN ATTACKS AFTER INFILTRATION
- □ Secure Windows PowerShell to keep attackers from leveraging its range of functionality
- Update to the latest version
- Block unsigned PowerShell scripts to make potential attacks more visible
- Use PowerShell “constrained language mode” to avoid many fileless-attack techniques
- Enable extended PowerShell logging, carefully monitor events and utilize an auditing tool to help process them
- Disable PowerShell if it is not necessary for your business
- □ Utilize and Secure Windows Management Instrumentation (WMI)
- Use WMI to your advantage by setting up defensive permanent WMI event subscriptions to log and respond to malicious activity
- Set up a fixed port and block if remote WMI is not necessary for your business
- □ Apply Application and Restricted Privileges Controls
- Use AppLocker to limit executable files, DLLs and scripts
- Create rules to strengthen AppLocker against bypass
- Give users the least amount of access and privileges necessary to complete their job duties
- If possible, set User Account Control (UAE) to “always notify” when a program makes an attempt to change the machine or any Windows settings
- Enforce UAC by enabling admin approval mode to prevent privilege escalation attempts
- Eliminate users from the local administrators’ group
- Disable credential caching for network authentication
- Refrain from using the same credentials across systems
- Apply automatic log-out settings to your network after a period of inactivity
- Disable anonymous access to Network File Shares (NFS) and File Transfer Protocol (FTP)
- Require strong passwords
- Require multi-factor authentication
- Administer account lockout policies or successive delays for logins
- □ Create Continuous Monitoring Processes for any the following
- Changes in the registry
- Scheduled task creations
- Questionable WMI activity
- Sketchy API calls and processes
- Processes or tasks produced with the CREATE_SUSPENDED flag
While all of these safeguards can help mitigate risk, the biggest challenge is sustaining the gain. Our all-inclusive Premonition Security Suite is designed to align cybersecurity with your business goals and objectives, enabling you to confidently do more, innovate more and grow more today and into the future.
Level the playing field now. Contact us at (855) PRO-TELL and ensure your defenses are working for you, not against you.
Recent Posts
Archives
- August 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2020 (1)
- March 2020 (1)
- February 2020 (1)
- January 2020 (1)
- December 2019 (1)
- November 2019 (1)
- October 2019 (1)
- September 2019 (2)
- July 2019 (1)
- June 2019 (3)
- April 2019 (1)
- March 2019 (1)
- February 2019 (1)
- January 2019 (1)
- December 2018 (1)
- November 2018 (1)
- October 2018 (1)
- September 2018 (1)
- August 2018 (1)
- May 2018 (1)
- March 2018 (1)
- February 2018 (1)
- January 2018 (2)
- December 2017 (2)
- November 2017 (3)
- October 2017 (3)
- September 2017 (2)
- August 2017 (3)
- July 2017 (2)
- June 2017 (5)
- May 2017 (7)
- April 2017 (5)
- March 2017 (5)
- February 2017 (1)
- January 2017 (5)
- December 2016 (1)
- October 2016 (4)
- September 2016 (1)
- August 2016 (3)
- July 2016 (1)
- June 2016 (1)
- May 2016 (1)
- April 2016 (1)
- November 2014 (1)
- July 2014 (2)
- June 2014 (1)
- May 2014 (3)
- April 2014 (3)
- March 2014 (1)
- February 2014 (2)
- January 2014 (3)
- December 2013 (1)
- November 2013 (4)
Categories
- Community (19)
- Cloud (18)
- IT (16)
- cloud backup (16)
- cybersecurity (15)
- cloud backup data recovery (9)
- cloud computing (8)
- clouddr (8)
- it security (8)
- cloud storage (7)
- data security (7)
- AWS (6)
- Education (6)
- cloud services (6)
- Giving Back (3)
- cloud restoration (3)
- compliance (3)
- data (3)
- assessment (2)
- business (2)
- chief information officer (2)
- client satisfaction (2)
- cloud data recover (2)
- cloud dr (2)
- critical power exchange (2)
- cyber (2)
- cyber responsibility (2)
- data recover (2)
- datacenter (2)
- duo security (2)
- end-to-end encryption (2)
- hackers (2)
- holiday season (2)
- internet (2)
- storage (2)
- 2019 goals (1)
- Android (1)
- Arts (1)
- Business Continuity (1)
- CASBO (1)
- Cisco Cloud Web Security (1)
- Cisco Security Intelligence Operations (1)
- Custom Design (1)
- Graphics (1)
- Protelligent (1)
- Virus (1)
- account protection (1)
- advanced persistent threats (1)
- alien vault technology (1)
- alienvault technology (1)
- antivirus program (1)
- antivirus software (1)
- apis (1)
- apt (1)
- attachment (1)
- attack (1)
- automatic updates (1)
- awareness (1)
- backup (1)
- benefits (1)
- best practices (1)
- bot-driven attacks (1)
- bring your own device (1)
- bug (1)
- business growth (1)
- byod (1)
- california joint powers insurance authority (1)
- california jpia (1)
- check cashing (1)
- cisco (1)
- cjpia (1)
- client testimonial (1)
- cloud backup vs cloud storage (1)
- cloud computing services (1)
- cloud conversion (1)
- cloud migration (1)
- cloud recovery (1)
- community link consulting (1)
- compliance program (1)
- compliance regulations (1)
- computer science (1)
- computer security (1)
- computers (1)
- contain attacks (1)
- cost of cybercrime (1)
- cost of data breach study (1)
- critical power (1)
- critical power products & services (1)
- customer testimonial (1)
- customer testimonial video (1)
- cyber liability (1)
- cyber-threat (1)
- cybercrimes (1)
- cybercriminals (1)
- cybersecurity program (1)
- data access (1)
- data breach (1)
- data breach protection (1)
- data center (1)
- data encryption (1)