Because cybercriminals do not take a break even during the summer, Gatewatcher gives you 5 good practices which will help you to leave this summer in all peace!
Want to go on vacation relaxed? Here are 5 priorities to keep in mind!
1. Have your IT equipment up to date
The first rule of maintaining network security is to have an up-to-date set of applications/ IT equipment before you leave. Otherwise, you are opening the door to cybercriminals who will take advantage of this to methodically exploit critical unpatched security flaws.
The key lies in effective and early patch management:
- Each piece of equipment must be updated with the latest rules recommended in particular by the ANSSI – Agence Nationale de la Sécurité des Systèmes d’Information. Regularly, recommendations are presented following alerts raised by the CERT-FR, which allow each actor to update his equipment in the face of identified vulnerabilities.
- In the same logic, it is important to check the next deadlines: the expiration date of the last security appliance licenses, or the dates of the next deployments to avoid that it takes place during this period.
With these few checks beforehand, you’ll be anticipating potential vulnerabilities while combating the reduced manpower of the summer period. To view the latest and most exploited critical vulnerabilities, check out the Gatewatcher Cyber Threats Barometer
2.Maintain an operational SOC
Having an up-to-date and secure park will help reduce the attack surface and increase the operational availability of your SOC so that all detection tools are able to function on a daily basis, even in a crisis situation and, above all, in the absence of the CISO.
- Therefore, avoid any major changes during the summer. This period should allow you to take stock of certain points to be improved once the whole team has returned from vacation.
- Guaranteeing an operational SOC by anticipating demands and needs will allow you to guarantee an acceptable level of protection and resilience against cyberattacks. To complete this security, it may be relevant to consider a dynamic detection technology such as NDR which allows to identify with certainty malicious actions and suspicious behaviors at the network level by providing a response and an automatic remediation. Detect suspicious or malicious actions related to your cybersecurity – Gatewatcher.
3.Raise employee awareness
None of the actions mentioned above can be carried out if all employees – employees, managers, CISOs, CEOs – are not made aware of the significant vigilance required during vacation periods, particularly during the summer.
As this period approaches, before the manager leaves, add to your weekly briefing a reminder of the procedures to follow and the right reflexes to have in case of a potentially risky situation. The benefits? An organized team able to ensure business continuity in the event of a crisis; and informed and mobilized employees, especially in the face of social engineering attacks such as spear phishing.
For this, a few essential reminders to each employee before leaving:
- Connecting to a public wifi network from your office or personal computer, you’ll forget.
- The disconnection, you’ll make it your mantra: let’s limit the remote work, on a personal device (not secured like the one at work), to check some mails or others. Whether it takes 2 hours or 2 minutes, the principle remains the same. Summer is about being disconnected.
- The connection of external devices on your PC (USB key, camera) or on free charging stations in public places, you will be wary.
- The good gestures of daily life, you’ll keep (password manager, session lock, encryption of removable media, antivirus analysis of attachments before opening…)
4.Ensure crisis management capabilities
A crisis can happen quickly if the above rules are not respected. The difference will be your ability to respond effectively and, above all, quickly. The reaction time is indeed a key element on which the cybercriminal will play to destabilize your company and achieve his goals.
- First and foremost, you need to be able to identify at least one contact person in each department who can ensure a minimum availability and a first level of reaction and alert in the event of a crisis. Thus, by establishing an operational relay, you will avoid the associated tunnel effect.
- The goal is to ensure business continuity and a response to this attack, with clear, digitized and automated instructions and procedures. Remember: your ally in a crisis is time. Giving clear instructions upstream will drastically reduce the reaction time of your employees in case of a crisis.
- Automating and rehearsing the procedures to be triggered upstream will allow you to have a well-functioning crisis plan and to anticipate the unexpected. For this, simulation training is the key.
5. Do not forget interconnection with third-party partner networks
“Just like employees, suppliers and service providers are possible entry points for cyber attackers. The company can thus be targeted through one of them or be a collateral victim.” *
The recent multiplication of supply-chain attacks such as Colonial Pipeline or Sunburst-SolarWinds should lead you to increase your vigilance if your IS has EDI interconnections with third-party systems authenticated as legitimate.
- A CISO or other relay person should identify the capabilities of subcontractors or suppliers in case of a problem over the summer period.
- It is important to ensure a minimum presence on their side as well, and to review the data, files, shared applications and interconnection modes with stakeholders to determine what procedures to put in place to protect yourself should a major event occur this summer.
You now have all the keys to a summer without cybersecurity contingencies!
Author: Clara Petit @ Gatewatcher