The Best Firewall for your Company: Yourself

April 13, 2018 | Views: 3029

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

I’ve seen the main facts about Security in the last months, and I still get amazing on how enterprises are being affected by several kinds of attacks. When taking a time to analyze it, we can figure out the main problem for all of these issues – a complete lack of strategies, good practices and architecture for cybersecurity.

I don´t want to blame several great Security Leaders and Corporations, because these leaders are always working on this kind of awareness, however, the culture they work to implement are not properly followed by its employees. In some cases, do the right thing is something that other levels of the companies have a problem to do and go forward, and unfortunately, great names of cybersecurity area in some companies will pay the price for this lack of commitment.

The question in this case is… why does it happens? Obviously we are always dealing with people with a huge technical knowledge and with a high skills at several social engineering methods. In some cases, even we get some old-fashioned threats, some users are caught due to the high social engineering method used to go further in the threat purpose.

At this time we get in the part where your Information Security Team needs to assume the responsibility to create an awareness to all users in the Company to avoid future problem related to Security and a complete and great Information Security Program is the way to move on! After all, you as a Security Practioner have the tools and the knowledge for this.

We can defined it like a place where people feel safe because a wide steal wall is around then avoiding external attacks or stealing attempts. Suddenly something happens and that incorruptible place is invaded and you don´t know what was the root cause for that. After some research you realize a tiny hole in that steal wall which gave to external attacks the possibility of little by little creating a big problem and putting your place as a target.

Maybe that´s the reality of your Company. Even having the best equipment, the best IT and IS professional stuff, if  you don´t have processes, responsibilitiy definition or environment analysis, Surely you will be the next target, soon or later.

How are your environment built? Are you aware about the flow of your network? Servers and workstations are installed according the the best security practices? Security should be considered at the beginning of any project and it´s the key for the success and avoid several problems and costs.

Take a time to create all possible documentation of your environment, assets and processes. use the concepts of RACI Matrix to keep clear who is responsible for each part of the environment. Below a link where you can better understand what RACI Matrix is and how it can help you:

https://project-management.com/understanding-responsibility-assignment-matrix-raci-matrix/

Define an access control policy just to make sure that only authorized people are having access to the critical places and  having the proper access to files and folders.

It´s also important to take note of the main Active Directory Groups – the ones with access to sensitive documents and information in your network. Each department needs to have an owner to control who can have access to its information.

Your company also needs to have a DLP Policy, starting at Human Resources department. Every employee must sign a document of confidentiality to avoid a leakage of sensitive corporate information. Also take care of external devices or pen drives which can be used to steal sensitive data. Most of companies are blocking any kind of USB Storage, allowing it only for authorized people using corporate devices.

Avoid giving users access to their personal emails – it´s a way to steal data.

What´s the core business of your company? Which Security Rules you need to work with? ISO, PCI, etc. Follow a method that fits to your business and goes deep inside to guarantee the most level of security. It´s just some points you should follow when creating a security program to your company. We have several others I will discuss here in future opportunities!

That’s my first contribution for Cybrary Op3n Initiative! It was a pleasure to be part of this! Hope to come back here and write more about security!

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel