By: Ernesto Fuller, Network Security Engineer
If you have been in the IT field long enough, you should know what it takes to run a smooth network. If you are new to IT, then you should listen carefully.
Best practice documents are written for a reason. Whether an internal document written by someone in your organization or not, chances are these documents are crucial to maintain the stability of your network infrastructure. Security posture should be extremely important to everyone. Forward-thinking organizations should always be running multiple layers of security in both individual systems as well as enterprise network configurations. The size of your environment, as well as the importance of the data and users you are protecting, should have an influence on the resources you consider when investing in protection. When security is considered a low-priority you run a major risk of getting compromised.
Second to security are back-ups. How often is your organization running adequate back-ups? How often are they testing the back-ups? Consider this, what costs more, investing in good secure protection and data back-ups or paying to recover from a disaster/malware infection?
By now you probably have heard of many victims falling to malware infections, especially Ransomware. Ransomware is simply malware that infects systems by encrypting anything the malware author wants it to take control of. There are many varieties of malware with newer variants of each of them being built consistently.
I would advise that you should invest a little extra time and money to safeguard your environment. Continually evaluate your security posture by running vulnerability scans, updating your systems; and be sure to set up and run a proper security program. Continually back-up your data and test the back-ups. Develop and document a process for updating, checking, and documenting your environment in detail.
CIS (Center for Internet Security) put together 20 Controls you should consider implementing in your organization.
Don’t make it easy to fall victim to malware. When the folks in North Carolina Health System fell victim to this attack they had a plan ready for this situation.
Once the malware was discovered, the health system immediately implemented its security protocols.
These controls lay out a solid Best Practice process (https://www.cisecurity.org/controls/)
CIS Critical Security Controls – Center for Internet Security
CIS Controls: Follow our prioritized set of actions to protect your organization and data from known cyber-attack vectors.