In 2019, 70 percent of organizations hosting applications or data in the public cloud experienced a security incident, according to a Sophos report.

In response to the pandemic, businesses of all sizes are in a constant state of flux as they grapple with rapid changes to personnel, business processes, and vendors. The need for cloud providers and remote workers to access resources inside a company’s network has resulted in many quick-and-dirty workarounds and the loosening of security standards as IT personnel are overloaded by the demand.One-off configuration changes to firewalls, servers, user access privileges, and policies has created security compliance risks that could expose companies to costly and embarrassing data breaches or system outages.

Computers that were closely managed onsite are now distributed outside of the company network with little visibility or control by IT departments, thus introducing additional attack vectors for hackers. It is now more critical than ever that business leaders add cybersecurity key performance indicators to their business reviews in order to manage cyber risk and to hold IT and technology partners accountable

This purpose of this brief is to raise awareness amongst business owners and management of critical security functions that must be executed by IT departments and cloud vendors, and to describe key technology areas to monitor in order to minimize the probability of a data breach. It will also describe how companies can conduct a review of their systems and proactively measure compliance to security policies or industry regulations.

Actively Manage Your Users

Employees and vendors are coming and going rapidly as businesses adjust to a post-pandemic environment predicated on remote work. Timely removal of access rights from departing employees and vendors reduces the opportunity for insider threats to your data. Regularly reviewing the access rights for existing employees is just as critical to prevent malicious data theft or accidental data leakage. The cybersecurity best practice is to limit the number of users with privileges and access to sensitive information. If an employee doesn’t need to have access to this kind of information in order to do their work, it is better to restrict what they can see, and thus avoid improper access.

Review user access and permissions to applications and network shared folders.

Users can be accidentally added to access groups that contain elevated privileges to applications, shared folders, and files. If access rights are being managed manually for cloud platforms, special care should be taken to ensure that departed employees or contractors have been removed.

Conduct a user behavior analysis of all logins, successful and unsuccessful

Look for patterns that may highlight potential unauthorized users who log into machines they normally do not access and at times they normally do not log in. This login history also allows you to find service accounts that are not properly configured (and thus failing to login) as well as users who may be attempting (and possibly succeeding) in accessing resources (computers) which they should not be accessing.

Scan the Dark Web for breached passwords.

Many employees use their company e-mail accounts for personal business and habitually use the same passwords. As one of these small websites gets breached, e-mail addresses and user passwords can be published on the dark web which could lead to a breach of a business e-mail account. Regular scans of the dark web for your company’s web domain provides early notification.

Actively Manage Your Network and Devices

Network and device vulnerabilities occur daily as hackers find new ways around security defenses, and as manufacturers rush to create patches for said vulnerabilities. However, many companies compound their exposure by delaying the installation of security patches or updating operating systems and application versions that contain new security features.

Companies have also made network configuration changes in efforts to quickly make new cloud applications available to remote workers. Often, these configuration changes are made at the request of a vendor to facilitate a proof of concept and have not been vetted for security impacts to other company systems behind the firewall.

Backing up company data is not only to protect against accidental deletions or hardware failures, they are now critical to a company’s survival as ransomware is affecting more small and medium sized businesses. The quality and frequency of data backups should be analyzed with system and platform restorations practiced regularly. Cloud service providers should be included in your data management strategy and held to the same standards for availability as critical internal systems.

Managing remote computers used by a distributed workforce imposes a challenge for IT staff as employees use company devices for personal business or use poor data management practices by not saving workproduct to company systems. Compliance risks to the company are compounded when employees store customer personally identifiable information (PII) on remote computers. Extending monitoring capabilities to these remote computers is essential to reduce compliance risk.

Scan the networks for vulnerabilities regularly.

There are 65,535 network ports, each representing a door through which devices can communicate with each other. Comprehensive scans of these ports can alert a company to unintentional security holes and can provide informational items to inform network security decisions. Cloud service providers should also be requested to conduct vulnerability scans and to explain their security decisions.

Asset inventories should be kept current.

A company can’t secure assets they don’t know they have. A network scan can offer a complete view of all network attached physical and virtual devices so that a disciplined schedule of updating, retiring, and protecting these assets can be implemented.

Review access rights and privileges for service accounts.

Special accounts are often created with elevated privileges to facilitate a software application’s access to cloud platforms or databases. It is critical to keep the scope of access for such accounts as small as possible.

Analyze inbound and outbound network traffic

Understanding communication patterns such as the time or volume of data flow to systems can provide an early indication of a security breach. Anomalies for large data transfers by users or applications can indicate a major incident.

Review all system and data backups for speed, capacity, and reliability

Update the data management plan to account for the remote workforce and new cloud service providers. Practice system and data restorations, even with cloud partners, regularly.

Scan remote computers for personally identifiable information (PII) and for unauthorized data or applications.

Though not as easy as when computers are behind the company firewall, agentless tools are available to safely conduct scans of remote computers that will reduce a company’s compliance risk.

Review and Enforce User and Device Security policies

In addition to written security policies that are communicated to all employees, such as Bring Your Own Device (BYOD) or prohibitive device usage, companies must also include configuration rules and settings for users and devices as critical business decisions that are reviewed regularly. Configuration settings that vary between users and computers make it difficult to know if your company is in compliance with security standards and also make the user experience less predictable.

Establish a Security Operations Center (SOC) that is responsible for actively monitoring the company’s cyber threat environment.

Most small and medium sized businesses lack the inhouse expertise or resources to conduct all security related tasks effectively. As these tasks are increasingly less optional for a company’s financial viability, finding good security partners to augment your team is important. With remote monitoring capabilities and a ready team of security experts, a managed SOC is a cost effective way provide additional assurance that your company is in total compliance.

Create, review, update, and communicate all written computer and security policies to employees.

Reinforcing a set of clear device usage and security guidelines aids in fostering a security aware workforce that will minimize data breaches. All written policies should be easily accessible to all employees in places such as the employee manual or company intranet

Scan all computers and user directories to analyze the Resulting Sets of Policy (RSOP) which contain user group and computer policy settings.

Assess how many variants of settings exist. Small variants may indicate a misconfiguration or misapplication of group policies at the user/group or computer level. Create consistent policies and avoid one-off settings and misconfigurations to prevent inconsistent security policy application companywide. An example of a user group policy that should be consistent for all users is the Password Expiration or Screen Lock time interval settings. Another policy choice may be to disable the ability to use USB memory sticks on all computers. Each company needs to define security policies according to risk appetite and industry regulations.

Implement automated 24/7 network monitoring tools that will actively hunt for security threats and provide actionable notifications or alerts.

Prioritize mission critical applications, cloud platforms, or storage systems with the most sensitive alert parameters.

Proactively monitor the network for compliance

to user and device policies or standard settings by performing scans and running a standard set of reports regularly.

Add security metrics to your company’s operational performance indicators

and make them visible to senior leadership, as they are always involved in a breach response but often not as involved in breach prevention.

All security related services are available à la carte

from most reputable cybersecurity vendors. Hiring a security vendor to assess your team’s capabilities is a great cost effective first step to defining gaps in security knowledge, products, or tasks.

The Next Step in Hardening Your Defenses.

When it comes to keeping your data, assets, and transactions safe, you need experts on your team. COSEC delivers comprehensive cybersecurity consulting services from experienced professionals who face the gamut of cyberthreats every day.

Discover how COSEC can assess security threats to your technology and processes, and implement an Employee Cybersecurity Awareness Program that addresses the human element of security breaches.

Our advisement will help executives and IT Departments answer the following questions:

• Are you able to prove that your business is in compliance with HIPPA, NYDFS, FFIEC, GDPR, NIST, and other State regulatory privacy and security standards?
• Is cyber insurance right for your business and how much coverage is necessary?
• Have you measured the cybersecurity awareness of your employees?
• Are you sure that your vendors are protecting your data and will notify you when they are breached?
• Are you using the right technologies, are your systems up to date, and can you recover from a disaster?

EXPERIENCE COSEC’S INDUSTRY-LEADING CYBERSECURITY AT YOUR BUSINESS

COSEC is wholly-owned subsidiary of Cozen O’Connor that leverages the knowledge, processes, and technology of a global law firm with over thirty offices to provide superior cybersecurity consulting and advisory services to traditionally underserved small business, family office, and private clients.
Our cybersecurity and organizational controls have a perfect record of SOC 1 Type 2 AND ISO 27001 compliance.

Contact us today to schedule a free consultation.