Top 10 most important IT security measures for your IT environment
Always install critical updates and security patches from vendors as soon as they become available. This applies to operating systems, applications, appliances and all other hardware and software.
In cases of deviation from this principle (when there is a specific reason for not installing updates), these deviations must be isolated. In addition, the reasons for the deviations should be documented and evaluated regularly. You should endeavour to ensure that deviations in this aspect do not exist. So in cases where deviations do exist - plan to phase out the deviating system.
Monitor continuously that all systems receive updates and that these are installed correctly. Set up monitoring to detect anomalies in your system environment.
Limit the number of accounts with privileged access. The general rule should be that no one should have access to more information than necessary to perform their tasks.
In Windows environments, you can limit the use of domain administrator permissions by using GPOs to block and allow access to resources. Then create separate, personal accounts that the administrator can use for their daily work.
Grant access based on minimum privilege and need to know. No one should have higher privileges than necessary for a specific task. This applies not only to Active Directory, but to any directory service or access platform.
Aggregate logs into a central location for storage and analysis. Centralising logs from different systems and applications makes it easier to monitor events and detect anomalies and threats. Make sure to log both system and network traffic. This will give you visibility and the ability to investigate potential crimes. This way, you can also build traffic flow baselines from which you can monitor anomalies and detect anomalies (e.g. data exfiltration).
Do the following:
Then manually verify your most important logs on a regular basis. For example, logs from domain controllers must be checked to verify changes in privileged access.
Shared accounts significantly limit your ability to investigate and troubleshoot. Sharing passwords and accounts makes it impossible to maintain control and ensure compliance. Therefore, you should never use shared accounts to run services, scripts or automated tasks. Instead, use unique accounts for specific tasks, services or scripts, with permissions that match the specified task.
Shared accounts often exist as a "break the glass" feature with full rights in the system. If your organisation has these types of accounts, they should be kept and managed securely with adequate logging of each use. You should be able to determine who has checked out a specific password/account at any given time and ensure that these accounts' passwords are changed after each use.
Most data breaches today are not through traditional "hacking", but through stolen login credentials. Secure passwords are therefore essential for strong cyber protection. Ensure that your organisation has unique device and account passwords, does not reuse passwords - and implements the use of a password planner. For Windows environments, the Microsoft Local Administrator Password Solution (LAPS) can be used to manage local administrator passwords. Use it throughout the Windows directory, on all servers and all clients.
Segment as much as is reasonable and possible - both networks and servers. This is a big job, but one that makes a big difference to your organisation's resilience in the event of an attack. By segmenting, you create the ability to log traffic between segments, and reduce the risk of exposing information or systems more than necessary.
Systems that have nothing to do with each other should be on separate networks. If they communicate, it should be with explicit (not general) rules. Systems with different exposure, such as servers exposed to the internet, should also be placed on separate networks. Similarly, servers used to access environments should be separate and only have access to the target environment. Do not design large shared environments or shared hop servers. Configure one system at a time and use it for its intended purpose.
Always use Multifactor Authentication (MFA) to grant access. This adds an additional layer of identity verification, further increasing the security of your organisation's user accounts. Make sure your organisation never trusts networks or "locations" by default.
Creating backups of important data is something most people understand the importance of, but have you tested that your backups actually work?
To ensure that your organisation has working backups, you should:
In some cases, an off-line backup is also needed to preserve copies that cannot be accessed in case of a breach. This can be done using e.g. the Air Gap backup solution completely separate from the regular backup network.
Harden your systems by activating only the functions you actually use. Switch off all unused features and services as well as ports, listeners, etc.
Most manufacturers provide clear guidelines on how to secure their products according to best practices. For more information, visit the respective manufacturer's website.
For general hardening guides, visit the Centre for Internet Security (CIS). Link: https://www.cisecurity.org/ . There you will find guides on hardening a variety of products.
Start by getting to know the systems you have today. Firewalls, for example, often have protective measures that are not used. Switch on relevant features and monitor them continuously. As for client protections, they come in many different flavours. Even if the client protection you have today is not the best protection on the market, you should make sure that it is installed and that it works as intended on all clients. For example, it should not be possible for users to uninstall or stop the protection without your knowledge.
Then upgrade when possible. If your equipment is not up to standard, replace it with something more appropriate. For example, if you have a traditional antivirus, consider upgrading to an EDR or EPP solution.