Highlights of the July 2024 edition of the HBK Risk Advisory Services webinar series, hosted by William J. Heaven, CPA/CITP. CISA, CSCP, Senior Director, HBK Risk Advisory Services, and featuring Chris Bowman, Scott Velmer, and Justin Krentz of Vertilocity, an HBK Company.
Watch on demand here.
The more we interconnect our businesses and implement new technologies the more we need to do to ensure our businesses and systems are properly secured. Cyber criminals are constantly on the prowl for an easy mark, regardless of the size of the business. Business owners need to understand their attack vectors, the ways attackers can enter their networks or other systems, to safeguard their businesses.
Essential tactics for managing and securing manage your information and systems:
ID and Access Management
• Has increased in importance over the last decade, especially since COVID and the massive shift to working remotely.
• Used to guard the perimeters of your networks to protect against unauthorized access. Now with remote workforce, it is not sufficient to guard the edge.
• Focus is now on validating the user and determining their correct level of access.
• IAM is a security framework
- Ensures only authorized users and devices get access and to which data and systems.
- Encompasses all systems of the organization.
- Single sign-on experience is more secure and more efficient.
- A single audit trail to follow, making proving compliance easier.
- Users can get into all apps and data seamlessly without different passwords.
- Monitors what the user does and provides an audit trail.
- Can provide risk analysis for real-time protection against malicious behaviors.
Mobile Device Management
• How to exercise sufficient control over employees’ devices
•Bring your own device means you have devices that are essentially unmanaged.
• Can improve efficiency and onboarding, and is worth overcoming resistance to deploy
• Four components:
- Device enrollment stage: a one-to-one relationship between device and management platform
- Policy enforcement: Device behaves and is configured so that it conforms to organization policy, such as being encrypted, to provide reasonable protection to organization’s data.
- Remote wipe function: Can be a granular wipe to where only company data is wiped.
- Application management: Deploy apps and configure mobile devices according to organization’s policies and best practices.
- Makes supporting bring-your-own-device policies easier and more secure.
• Overcome resistance by assigning someone in the organization to be the champion and communicate to users why this is important.
- Implement gradually.
- Provide users incentives/compensation for use of their device; explaining the impact on security.
Phishing & social engineering
• Defined as methods of manipulation to get you to provide information or perform a malicious action on their behalf.
• Most frequent scams are imposter scams and investment scams.
• Many different terms, but comes down to methodology of how they’re implementing the attack, how they’re obtaining information or reaching out to the individual.
• Most effective ways to protect yourself:
- Security awareness training: Know what kind of risks and practices to look for.
- Employ email blocks and require multi-factor authentication.
- Have a policy of verification and validation for senders, especially for large transactions.
- Have a plan to deal with an incident after the fact, and adjust it as threat landscape changes.
• AI is changing the landscape: Can write messages and do translations to make communications look more legitimate.
Backup/Data Recovery (BDR)
• Backups are serious business at all times.
• Four points of backups: data, recovery point objective, recovery time objective, failover and redundancy
• Why have BDR: data protection, business continuity, mitigation of cyber attacks
• Use recovery point objective system in place: Set a recovery time for systems, and test and validate the backup system (most critical piece).
Best Practices
• Storage: three copies of data in two different locations, one of which is geographically disparate from the other
• Encryptions
• Immutability: Can’t change the data until a predetermined period of time.
• Clear, defined, documented recovery procedures
• Incident response plan
Layered Endpoint Protection
• A comprehensive approach using multiple measures to protect individual devices from cyber threats
• Aims to provide multi-dimensional protection against the many different places and ways devices are attacked by cybercriminals, reducing the likelihood of successful attacks.
• Includes antivirus software, firewalls, intrusion detection systems, and advanced threat protection.
• Previously used lots of different software products, but trend is to more inclusive products, endpoint detection and response systems, a single solution that can be centrally managed, including mobile device management.
• Making sure that if someone gets past one defense there are other defenses in place.
• Comprehensive protection systems should be able to be applied in layers, regularly updated and regularly tested, and ensure scalability.
"*" indicates required fields