Password management
Strong passwords are crucial when it comes to network protection. Attackers frequently try to steal employee credentials or use leaked passwords found on the dark web to gain network access. Companies should require employees to use strong and complex passwords or passphrases with capital letters, numbers, and special characters because they are much harder to crack with brute force. Using a different password for each system decreases the likelihood of attackers successfully reusing leaked passwords or stolen credentials. Using a password manager is a great way to keep track of your different passwords.
Multifactor Authentication (MFA)
Multifactor authentication requires additional identity verification to allow a successful login, which prevents attacks. While many authentication methods are email or text-based, we recommend app-based authentication. Email and text information can be intercepted, unlike an app on your phone.
Keep systems up-to-date
All systems across the business need to be updated and patched to the newest version. Attackers look for out-of-date systems because of their vulnerabilities. If your company cannot patch vulnerabilities in-house, work with a trusted 3rd party to ensure systems run on the latest version.
Use modern network devices
Firewalls, intrusion detection systems (IDS) and intrusion prevention systems (IPS) can all be applied to the network to increase security. Utilizing a secure domain system (DNS) can ensure links within an email are safe to click, reducing the risk of attack. With a security information event manager (SIM), these can all work together, which allows everything to be managed in one central location by a security team.
Continuous network monitoring
If your company invests money into cloud-based and endpoint security, the activity needs to be monitored 24/7. Continuous monitoring can identify indicators of compromise (IOCs) faster and prevent or limit the impact of an attack. This monitoring can be done internally or using a trusted 3rd party service.
Network segmentation
Properly segmenting the network means that if an attacker breaches a machine, they cannot take over the whole network. This slows down attackers and makes it difficult to access the entire company.
Employee cybersecurity training
Employees being aware of cybersecurity issues is not enough. Training shows employees how to recognize suspicious activity and—most importantly—what to do when they find it.
Access control
Role-based access control (RBAC) is an industry best practice. Employees are assigned a role at the lowest level possible, determining their network access. If an attacker steals an employee’s access at a low level, they cannot simply elevate their privilege and steal sensitive data. Access control is an enormous issue if companies are careless when assigning admin access (a master key to the entire network) by giving it to all or those who do not need it. Attackers have a direct route to the entire network if they compromise an employee with admin access.
Regular assessments of cyber hygiene
Cyber hygiene includes vulnerability scanning, penetration (pen) testing, phishing awareness campaigns and updating/patching. Companies that do this regularly have improved security and can address vulnerabilities before exploitation. The more often your company assesses security weaknesses, the smaller the window of opportunity is for exploitation.
Data encryption
Data should be encrypted at rest (data on the device) and in transit (when the employee is working and traffic is flowing). This is particularly important with the number of employees now working remotely. If data is encrypted and an employee loses a device, the data will remain secure. Remote workers should use an encrypted connection to protect their devices while working in public. Companies typically use a virtual private network (VPN) for this encryption.
By being prepared for an attack, your company will be ready for pen tests and audits.
Test your network the right way with the Gambler’s Penetration Test
This test is the industry’s first of its kind and is designed to align the incentives of Blue Team Alpha with our customers. In a standard pen test, the vendor is paid regardless of their success, meaning the customer pays even if they did not get a valuable service and were not tested properly.
The Gambler’s Pen Test is different. In this test, if we are not successful, the customer does not have to pay; however, if we are successful, the customer pays double our standard rate.
Offensive services like pen tests are not commodities—you cannot switch companies and expect the same service. Each business has its methods, and some are better than others.
Testers must emulate an attacker for a pen test to be truly realistic. Testing becomes more realistic and produces better results by using the same tools and methods as threat actors. The Gambler’s Pen Test applies even more pressure because, like real attackers, if we aren’t successful, we don’t get paid.
Contact Blue Team Alpha today to schedule a Gambler’s Pen Test.