- End User Training. User Training is a vital component of today's IT Security Strategy. Users have the power to bypass all of the security controls that IT has worked so hard to implement. Train end users to:
- Prevent Phishing Attacks. Review the text between the http:// and the / (highlighted in orange). Here's an example of a phishing email from Southwest to check your Rapid Rewards status:
- https://www.southwest.com/rapidrewards - good! The text between the https:// and / is www.southwest.com which a legitimate domain and is difficult to spoof or fake.
- https://www.clickme.com/southwest.com/rapidrewards - bad!!!! The text between the https:// and / is www.clickme.com which has nothing to do with Southwest. Notice that the text in the link after the www.clickme.com does have text referring to Southwest, but this text is very easy to change and is trying to trick you to click on the link and download malware.
- Run regular Phishing tests. Create Phishing tests to see how many users click on the links. It's important to hold these tests on a regular basis.
- Notify IT. If end users suspect anything, have them notify IT immediately. See something, say something.
- Social Engineering. Train users to recognize social engineering. As you know Social Engineering is an attempt by a hacker to gain access to your company by tricking a user into giving up valuable information and/or performing a task that can grant access to a hacker. Hold regular Social Engineering tests to see how quickly users can identify a social engineering attempt.
- Patch Management. It's important to keep up to date with both Operating System and Application patches. Invest in a paid for patching tool to make this process manageable. Over 90% of computers are hacked because they were not patched.
- Uninstall Flash and Java. These applications have significant security holes. If you have to run these applications, only install them on selected computers and restrict their email and Internet access. Whenever possible uninstall these applications from your computers.
- Enterprise Grade Firewall. Look for a firewall that has multiple protection layers:
- Real time analytics. Look for a firewall that monitors the Internet in real time for new threats and has the ability to quickly protect against these threats.
- Malware scanning. The firewall should scan all traffic for malware. The malware scanner should be from a different vendor than the one used for your servers and workstations.
- Web Application Firewall Features. It's not enough to restrict inbound access on specific ports for public servers. Some firewalls know what type of traffic to expect based on the application (not port) that the Public Server is running. It has the ability to block any traffic that is not consistent with the Public Server application.
- Intrusion Prevention and Detection. Your firewall should block attempted attacks and notify IT of any potential intrusions.
- Remote user protection. The firewall should give the same protection for remote users as users that are physically behind the corporate firewall.
- Anti-Virus. Use an anti-virus program that is heuristic or rule based. Make sure it has a centralized management console to make it easier to correlate infections, identify computers with outdated anti-virus software and look for computers that are missing anti-virus protection.