Tactical Cyber Security Checklist

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu.

Sun Tzu’s words still resonate today. Organizations who know their adversaries, while being aware of their own strengths and vulnerabilities, stand a better chance in the ongoing cyber security war. Don’t wait until after your organization has been attacked to bolster your security posture. Go on the offensive against attackers. 

What are some measures to ensure your organization is cyber resilient and ready for battle? We created the following tactical cyber security checklist based on best practices from the 2016 Internet Security Threat Report (ISTR), our annual report which provides an overview and analysis of the year in global threat acitivity. 

1. Ensure all devices allowed on company networks have adequate security protections.
   Use active monitoring and configuration management to maintain an up-to-date inventory of devices connected to the enterprise network. This includes servers, workstations, laptops and remote devices.
    
2. Implement a removable media policy.
   Where practical, restrict unauthorized devices such as external portable hard-drives and other removable media. Such devices can both introduce malware and facilitate intellectual property breaches, whether intentional or unintentional. If external media devices are permitted, automatically scan them for viruses upon connection to the network and use a data loss prevention (DLP) solution to monitor and restrict copying confidential data to unencrypted external storage devices.
    
3. Be aggressive in your updating and patching.
   Update, patch, and migrate from outdated and insecure browsers, applications, and browser plug-ins. This also applies to operating systems, not just across computers, but mobile, ICS, and IoT devices as well. Keep virus and intrusion prevention definitions at the latest available versions using vendors’ automatic updates. Most software vendors work diligently to patch exploited software vulnerabilities; however, such patches can only be effective if adopted in the field. Wherever possible, automate patch deployments to maintain protection against vulnerabilities across the organization.
    
4. Enforce an effective password policy.
   Ensure passwords are strong and at least 8 -10 characters long with a mixture of letters and numbers. Encourage users to avoid re-using the same passwords on multiple websites, and sharing of passwords with others should be forbidden. Passwords should be changed regularly—at least every 90 days.
    
5. Ensure regular backups are available.
   Create and maintain regular backups of critical systems, as well as endpoints. In the event of a security or data emergency, backups should be easily accessible to minimize downtime of services and employee productivity.
    
6. Restrict email attachments.
   Configure mail servers to block or remove email that contains file attachments that are commonly used to spread viruses, such as .VBS, .BAT, .EXE, .PIF, and .SCR files. Enterprises should investigate policies for PDFs that are allowed to be included as email attachments. Ensure that mail servers are adequately protected by security software and that email is thoroughly scanned.
    
7. Ensure that you have infection and incident response procedures in place.​​

• Keep your security vendor contact information handy, know who you will call, and what steps you will take if you have one or more infected systems.
• Ensure that a backup-and-restore solution is in place in order to restore lost or compromised data in the event of successful attack or catastrophic data loss.
• Make use of post-infection detection capabilities from web gateway, endpoint security solutions and firewalls to identify infected systems.
• Isolate infected computers to prevent the risk of further infection within the organization, and restore using trusted backup media.
• If network services are exploited by malicious code or some other threat, disable or block access to those services until a patch is applied.

While you check off these best practices, be sure to also test, test, and test. Are your security solutions updated regularly? Do you know how your team will respond in the event of a data breach? It’s important to constantly test not only your security technology but also the teams that manage the solutions to stay ahead of threats.