- 10 Steps to protect against hacker attacks
- Step 1: Think physical security
- Step 2: Work with security consultants
- Step 3: Monitor the output power
- Step 4: Invest in SIEM solutions
- Step 5: Manage device configurations
- Step 6: Train all end users
- Step 7: Implement a proactive patch management strategy
- Step 8: Use web filters
- Step 9: Check your anti-malware software
- Step 10: Ensure accountability
10 Steps to protect against hacker attacks
One conceivable explanation for why cyberattacks are happening more and more frequently and having increasingly serious consequences is that hackers’ modus operandi has become so sophisticated that defenses can no longer keep up. While this may be true in isolated cases, the reality is not usually that cybercriminals use newly developed, futuristic malware to penetrate previously invulnerable networks and leave all experts baffled.
Much more often, security breaches happen simply because of low-threshold vulnerabilities. This is both good and bad news: good in that most attacks can be avoided fairly reliably if appropriate security solutions are used. Bad because these attacks are just that: avoidable. That makes security breaches a particularly bitter pill for those organizations that fall victim to them.
If an organization wants to avoid the financial consequences and reputational damage of a large-scale cyberattack, it must make investments in security a high priority. Organizations spend much of their budgets on increasing the speed and efficiency of their data centers, which is also undoubtedly an important area that should not be overlooked. However, when looking at the numerous cybercrimes of today, it becomes clear that this should not be done at the expense of security.
In this article, I would like to share my top 10 best practices for IT security based on an analysis of recent data breaches. These methods can be implemented in any data center and go a long way toward minimizing vulnerability to attack.
Step 1: Think physical security
The rise of cloud and hybrid IT technologies brings new data protection concerns: when data is no longer stored on local servers, data center security becomes an even more complex matter. But amid all that is said about data protection concerns, it is important not to forget the threat a data center faces from internal security breaches.
The 2017 SolarWinds Federal Cybersecurity Survey Report found that “internal employees with malicious intent” were responsible for 29 percent of security incidents in government agencies. Such threats appear to be increasingly common. This makes it all the more important to prepare for the possibility of internal employees exposing protected data.
Otherwise, there can be serious consequences: in 2016, Sage, a UK accounting and HR software company, lost personal data on employees in 280 companies. The attacker was able to use an internal company login in the process.
The first line of defense against threats from malicious internal employees should be to tightly control physical access to the data center using security and surveillance technologies. Video analytics tools such as motion tracking and facial recognition are now widely available and can be used in conjunction with video surveillance to identify predefined situations within the data center that could potentially lead to security issues.
Step 2: Work with security consultants
Internal IT staff may not have the capacity or experience to implement the necessary security programs. Transfer responsibility for these tasks to external security consultants to ensure your data center is protected by a professionally developed security strategy customized to your organization’s unique needs.
Having external staff solely dedicated to testing, reviewing, and analyzing data security risks allows internal staff to spend more time managing data center performance and improving the end-user experience.
Step 3: Monitor the output power
One of the most effective methods of detecting problems is to identify the output power in the data center. If you know the “normal state” of your environment, any deviations from these values will immediately catch your eye.
This allows you to identify potential security breaches as early as possible and fix problems according to a pre-determined response plan.
Step 4: Invest in SIEM solutions
SIEM tools automatically detect unusual behavior patterns within the data center and respond accordingly. After an incident, the tool automatically conducts an investigation into the underlying cause of the problem before correlating this information with previous events to identify patterns or trends. With this knowledge, your data center will never fall victim to incidents from the same source repeatedly.
Step 5: Manage device configurations
To protect against security risks, it is important to regularly review device configurations and ensure they are up-to-date and in compliance with the latest industry policies and standards. In addition, configurations should be secured through regular archiving and the use of effective change controls, for example, using SolarWinds Network Configuration Manager.
Step 6: Train all end users
The SolarWinds 2016 U.K. IT Security Survey revealed that inadequate end-user training is one of the top three causes of organizations’ increasing vulnerability to cyberattacks. Untrained internal end-users often expose security vulnerabilities that can lead to serious data breaches. Incidents such as opening malicious phishing emails, DDoS attacks, or problems caused by personal devices connecting to corporate networks are all preventable with proper training.
To ensure that end-users no longer pose a threat to data security, executives should encourage their IT departments to train the rest of the organization on basic security principles.
Increased awareness of the security breaches they may be responsible for, as well as the damage they could cause, makes end-users aware of the benefits of incorporating preventative measures into their daily routines. Measures such as reporting suspicious emails or checking with IT before installing software are both simple and highly effective.
Step 7: Implement a proactive patch management strategy
You should always be proactive, not reactive when it comes to security. This is especially true when it comes to your patch management strategy. With the following tips, you can ensure that patching your software remains proactive:
- Start your patching efforts with the systems you use most often.
- Don’t patch all of your systems at the same time. Deploying multiple critical patches at once could lead to network problems. Then, figuring out where the root cause is and fixing the problem can become a difficult and lengthy task.
- Have a contingency plan ready in case something goes wrong during a patching operation.
- Test your patches in a controlled environment before deploying them.
- Continue to monitor updated systems after patching in case of problems occur.
- Identify the impact of cyber threats on unpatched software and adjust your strategy accordingly.
- Your data center may not have the staff or resources to implement all of these measures. The good news is that patch management software exists to automate and simplify software patching in such a case.
Step 8: Use web filters
Ransomware sites are a trap that can be quickly fallen into – and often result in devastating consequences. Once a computer is infected with ransomware, the entire network can be locked down, and already the security of your data is at the mercy of the hackers. To reduce the likelihood of such a scenario, IT professionals should regularly block known ransomware sites using web filters – either manually or with a third-party software tool.
It’s important to remember that flexible working is now an integral part of many work environments, and devices are often connected to private networks where no security filters are active. This can quickly lead to a person unintentionally landing on an unblocked ransomware site. This possibility further highlights the importance of educating end users to avoid security issues.
Step 9: Check your anti-malware software
There’s a reason this action isn’t called “buy anti-malware software” – after all, you should have that installed by now. However, when protecting against malware, it’s just as important to periodically recheck that you still have the best possible software for your network’s specific needs.
Additionally, protocols should be active to ensure that this software is never accidentally disabled – an all-too-common situation that no one likes to be responsible for. Therefore, it is advisable to set up a group policy control that prevents end users and subordinate administrators from disabling the anti-malware software.
Step 10: Ensure accountability
Accountability is key when it comes to following the previous nine best practices. By putting individuals in charge of specific tasks, you create responsibilities in your data center. This allows you to ensure that everyone is doing their best to meet their individual responsibilities while working toward the common goal of protecting the data center from security threats.
While you can’t guarantee that your data is one hundred percent protected against every threat with these methods, you can ensure that your data is secure. But when all of these measures are implemented as part of a comprehensive security strategy, you strengthen your defenses and reduce the likelihood of a data breach – helping your organization successfully withstand many cybercrime threats.