The office has been disinfected, work spaces are rearranged, and now we can begin our return to working in the office. But has the company planned for IT security challenges? Tab Bradshaw, Chief Operating Officer at Redpoint Security, has put together a list that he calls his “Essential 8” critical actions to take upon returning to the office.
HOW TO PREVENT MALWARE DELIVERY AND EXECUTION:
1. Application control
Application control prevents the execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers. This will prevent all non-approved applications (including malicious code) from being executed by employees.
2. Configure Microsoft Office macro settings
When these Microsoft Office settings are configured, they block macros from the internet and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate. If not done, Microsoft Office macros can be used to deliver and execute malicious code on systems.
3. Patch applications
Patch applications include Flash, web browsers, Microsoft Office, Java, and PDF viewers. Before usage, patch computers with ‘extreme risk’ vulnerabilities within 48 hours. Make sure to use the latest version of applications since security vulnerabilities in applications can be used to execute malicious code on systems.
4. User application hardening
Hardening user applications involves configuring web browsers to block Flash, ads, and Java on the internet. Applications like these are popular ways to deliver and execute malicious code on systems. Make sure to disable unneeded features in Microsoft Office (e.g. OLE), web browsers, and PDF viewers.
HOW TO LIMIT THE EXTENT OF CYBER SECURITY INCIDENTS:
5. Restrict administrative privileges
Administrative privileges to operating systems and applications should be re-evaluated based on user duties. After the initial audit, regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing since admin accounts are the ‘keys to the kingdom’. Adversaries will try to use these accounts to gain full access to information and systems.
6. Multi-factor authentication
Multi-factor authentication should be required for VPNs, RDP, remote access, and for all users when they perform a privileged action or access important (sensitive/high-availability) data. Stronger user authentication makes it harder for adversaries to access sensitive information and systems.
7. Patch operating systems
Security vulnerabilities in operating systems can be used to further compromise the risk of unauthorized access. Patch computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Make sure to use the latest operating system version and verify the version is supported.
HOW TO RECOVER DATA AND SYSTEM AVAILABILITY:
8. Daily backups
Daily backups of new or altered data, software, and configuration settings should be stored and retained for at least three months. To ensure that information can be accessed following a cybersecurity incident (e.g. a ransomware incident), test the restoration initially, annually, and when IT infrastructure changes.
Remember, returning to the office requires many risk management actions. Don’t forget to attend to IT security. The tips offered here are intended to complement and not replace the recommendation of the equipment manufacturer.
Blog provided by:
© 2020 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved.
This article is for informational purposes only and is not intended to convey or constitute legal advice. HSB makes no warranties or representations as to the accuracy or completeness of the content herein. Under no circumstances shall HSB or any party involved in creating or delivering this article be liable to you for any loss or damage that results from the use of the information contained herein. Except as otherwise expressly permitted by HSB in writing, no portion of this article may be reproduced, copied, or distributed in any way. This article does not modify or invalidate any of the provisions, exclusions, terms, or conditions of the applicable policy and endorsements. For specific terms and conditions, please refer to the applicable endorsement form.