The office has been disinfected, workspaces have been rearranged and now we can start returning to work in the office. But has the company planned IT security challenges? Tab Bradshaw, Chief Operating Officer at Redpoint Security, has compiled a list that he calls his "Essential 8" critical steps to take when he returns to office.
HOW TO PREVENT MALWARE DELIVERY AND EXECUTION:
1. Software Control
Program Control prevents the execution of unauthorized / malicious programs including .exe, DLL, scripts (eg Windows Script Host, PowerShell and HTA) and installers. This prevents all unauthorized applications (including malware) from being run by employees.
2. Configuring Microsoft Office Macro Settings
When these Microsoft Office settings are configured, they block macros from the Internet and allow only controlled macros either in "trusted sites" with limited write access or digitally signed with a trusted certificate. If not, Microsoft Office macros can be used to deliver and execute malware on systems.
3. Patch applications
Patch applications include Flash, web browser, Microsoft Office, Java and PDF viewer. Before use, patch computers with & # 39; extreme risk & # 39; vulnerabilities within 48 hours. Make sure you are using the latest version of applications as security vulnerabilities in applications can be used to run malware on systems.
4. Hardening of user programs
Hardening of user programs requires that browsers be configured to block Flash, ads and Java on the Internet. Such applications are popular ways to deliver and run malware on systems. Be sure to disable unnecessary features in Microsoft Office (such as OLE), browsers, and PDF viewers.
HOW TO LIMIT THE AMOUNT OF CYBER SECURITY EVENTS:
5. Restrict Administrative Rights
Administrative privileges for operating systems and applications should be re-evaluated based on user data. After the initial review, regularly confirm the need for privileges. Do not use privileged accounts to read email and web search as administrator accounts are "the keys to the realm". Opponents will try to use these accounts to gain full access to information and systems.
6. Multi-factor authentication
Multi-factor authentication should be required for VPN, RDP, remote access and for all users when performing a privileged action or accessing important (sensitive / high availability) data. Stronger user authentication makes it more difficult for opponents to access sensitive information and systems.
7. Patch Operating System
Operating system security vulnerabilities could be used to further compromise the risk of unauthorized access. Patch computers (including network devices) with extreme risk vulnerabilities within 48 hours. Make sure you are using the latest version of the operating system and verify that the version is supported. HOW TO RESTORE DATA AND SYSTEM AVAILABILITY:
8. Daily backups
Daily backups of new or changed data, software, and configuration settings should be stored and stored for at least three months. To ensure that information can be accessed after a cyber-security incident (such as a ransomware incident), test the restore initially, annually, and when the IT infrastructure changes.
Remember that many risk management measures are required to return to the office. Do not forget to take care of IT security. The tips offered here are intended to supplement and not replace the equipment manufacturer's recommendation.
Blog provided by:
© 2020 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved.
This article is for informational purposes only and is not intended to provide or constitute legal advice. HSB makes no warranties or representations regarding the contents of this document. Under no circumstances shall HSB or any party involved in the creation or delivery of this article be liable to you for any loss or damage arising from the use of the information herein. Unless otherwise expressly permitted by HSB in writing, no part of this article may be reproduced, copied or distributed in any way. This article does not change or invalidate any of the terms, exceptions, terms or conditions of applicable policies and approvals. For specific conditions, see the applicable approval form.