How would you characterize your organization’s digital security posture?
If you’re not sure how to answer this question, or perhaps would prefer not to answer it at all, you’re not alone. Countless decision-makers, from uber-competent CTOs and CISOs to CEOs and COOs who couldn’t code their way out of a paper bag, stay up at night worrying about this very thing.
That your uncertainty puts you in good company shouldn’t deter you from taking affirmative steps to rectify your security posture’s deficiencies.
To answer your next question: yes, every security posture has its deficiencies.
In the sections that follow, we’ll take a closer look at more than a dozen digital security solutions. To be perfectly clear, your organization owes it to itself to invest in as many of these solutions as possible, provided they’re compatible with the systems you’re using today or plan to use in the future. There’s no such thing as a magic cybersecurity bullet, after all, despite what you might hear from hucksters.
Read on to learn more about how to get the most out of these common digital protections. How many have you already deployed?
1. Windows Backup
Unless you’re a Macs/iOS-only workplace — more power to you — then it’s all but certain that some of your employees use Windows devices to get work done. They need to know how to back up that work on a regular basis, without interrupting their workflows.
Scratch that. You need to show them how.
That’s where Windows backup solutions come in. Now, to be clear, Windows offers native backup solutions that provide serviceable imaging and restoration capabilities. For diligent employees who actually use them as intended, they’re better than nothing.
Professional windows backup is preferable, however. Yes, it’s true that top-shelf professional backup solutions aren’t free. But whatever you pay to keep your data safe pales in comparison to the likely cost of a serious breach that corrupts your data or destroys it forever.
By the way, it’s understandable for IT security teams to fall into the Android/iOS binary. After all, most mobile users have one or the other. But, unless and until the Windows Phone goes the way of the eight-track, you need to include Windows Mobile users in the same mobile security apparatus that keeps the great mass of your workforce safe — or, more likely, Microsoft’s own security apparatus.
2. Mac Backup
Apple has its own native backup solution, known as Time Machine. Like its Windows analogues, it’s a perfectly serviceable for diligent users. But for organizations with lots of moving parts — and lots of less-than-savvy employees — it’s simply not enough.
For Mac backup that truly offers peace of mind, look to a professional option that includes:
- Perpetual licensing availability
- Multiple system backup
- Full system imaging
- Full file and folder backup
- Incremental backup capabilities
- Differential backup capabilities
Again, the annual licensing fee for your professional Mac backup solution is likely to pale in comparison to the cost of a single data breach. It’s your call to make, but really — it’s not a close call.
3. Cloud Backup
Full-spectrum professional backup solutions do have cloud backup capabilities. Still, it’s worth calling out those capabilities separately. Even if you’re not prepared to invest in an OS backup solution, you’d do well to avail yourself of a secure cloud backup solution that ensures service interruptions at your home office don’t result in data loss or operational downtime.
The benefits of a distributed cloud backup apparatus include:
- The certitude that a temporary interruption (say, due to power loss) at one endpoint won’t affect your data systemwide
- Low cost relative to new permanent infrastructure on or off-site
- Better regulatory compliance (including retroactive compliance with new regulations and existing standards in new markets)
- Obviating the need to rely on obsolete or cumbersome technologies, such as tape backup
- Reduction of strain and time demands on internal IT resources
4. Mobile Device Protection and Syncing
In a BYOD environment, your organization’s device cloud includes a host of mobile devices: at least one smartphone per employee, and probably close to one tablet or 2-in-1 per employee.
These devices are even more vulnerable to compromise than the desktop devices ensconced safely behind your home network’s firewall. Investing in comprehensive mobile device protection — in particular, automatic syncing with a cloud-based backup system — removes (some aspects of) the human element from your mobile security program.
5. Active Ransomware Protection
Ransomware is a particularly insidious type of malware that holds infected devices hostage until the end-user pays a ransom, which usually amounts to a few hundred bucks in cryptocurrency (such as Bitcoin).
Although ransomware attacks aren’t ruinously expensive in isolation, coordinated attacks may prove prohibitively expensive for small organizations that can’t afford to pay dozens of ransom (or replace dozens of hardware devices, rather than paying the ransom).
You can use two different types of security software to combat ransomware:
- Anti-malware suites (more on these in a moment) that protect against a range of digital security threats, including known ransomware programs
- Whitelisting software programs that prevent unauthorized applications from accessing your hard drive and changing permissions
Unfortunately, new ransomware debuts all the time, and keeping up with the pace of innovation often feels like a fool’s errand. The best methods for protecting against run-of-the-mill ransomware attacks include:
- Training employees to screen email (more on this below) to reduce risk from malicious payloads
- Diligently applying OS patches and mandating that your employees do the same on BYOD devices
- Being careful with software with which you’re not familiar (including software from trusted publishers)
- Regularly backing up files to the cloud and secure external devices (consistent with best practices recommended by your IT vendors and IT security team)
6. Android Backup
We’ve already seen just how vulnerable mobile devices can be in a BYOD environment. For all its perks, Android is generally regarded as the less secure of the “Big Two” mobile operating systems (the other being iOS). Even diligent application of data hygiene best practices may not be enough to insulate your Android users — and, with them, your organization — from data loss.
Rather than institute an organization-wide Android ban, which may well leave you with a mutiny on your hands, adopt a comprehensive Android backup posture that allows your Android users to save mission-critical files and folders to the cloud and periodically image their devices for posterity.
7. iOS Backup
“More secure” doesn’t mean “invulnerable.” iOS devices can be compromised, too — and it’s not like they can’t be lost or stolen, either. Whatever security and backup best practices you choose to implement for your Android environment, apply them (as you’re able) to the iOS side of your operation.
8. Encrypted Messaging Apps
Your private conversations are not as private as you might think. Let’s not bother running down the litany of privacy risks to which the mere use of an off-the-shelf smartphone exposes you and your team — your time is better spent researching and procuring the best encrypted messaging apps on the market.
To be clear, encryption is not a panacea. Sophisticated cybercriminals, particularly those associated with nation-states and their intelligence services, have ways to crack or circumvent certain encrypted apps. And the best encryption money can buy is nothing without sound operational security — such as mandating that all end-parties delete message histories periodically.
9. Active Malware Protection
We’ve already touched on the risks of ransomware, an especially vexing type of malware. But ransomware is just one of several types of threats your team is likely to face. Others include:
- Viruses, which actually modify infected files and wreak havoc on compromised systems
- Worms, which self-replicate and disseminate without end-user action
- Trojans, which appear at first blush to be legitimate programs
- Spyware programs, which surreptitiously log end-user activity, including keystrokes
Your run-of-the-mill free anti-malware protection suite is probably set up to protect against all these types of malware, and maybe more. But, if you’re serious about addressing evolving threats as they arise, you’ll need something better. The “backup calculus” applies here: the annual cost of premium malware protection is likely to pale in comparison to the cost of an infection or breach vectored through an unprotected endpoint.
10. Virtual Private Network Capabilities
Speaking of encryption: CISOs recommend mandating that all network-connected devices use virtual private networks (VPNs) to encrypt your end-users’ traffic. Like encrypted messaging apps, even the best virtual private network options can’t protect against lapses in operational security, nor are they totally immune to compromise. If you’re seriously concerned about privacy or wish to mask the locations and identities of your team members, look for a VPN that doesn’t keep user logs.
11. Ad Blockers
Show of hands: who loves pop-up ads? Anyone?
Even if you work in an advertising-adjacent industry, you’re surely no fan of aggressive advertising. But it’s not merely that pop-up and display ads are distracting and annoying — they could well present security risks, particularly when they intentionally obscure destination links or deliver malicious payloads.
Free ad blocking software abounds, and paid versions are even better at what they do. The catch: ad blocking software is generally browser-specific — see this roundup of the best ad blockers for Google Chrome, for instance. This is a challenge for BYOD organizations, whose users might use a half-dozen (or more) mobile and desktop browsers.
12. DDoS Defense
If you haven’t yet been the victim of a distributed denial of service (DDoS) attack, consider yourself lucky. DDoS attacks are frighteningly effective at knocking websites and other web-connected assets offline with little warning; picking up the pieces can take hours or days, with operational hell to pay in the meantime.
Unfortunately, protecting against DDoS attacks is growing more difficult by the month. CSO reports that 52% of DDoS attacks now employ multiple vectors, meaning successfully identifying and isolating one source of illicit traffic may not resolve the issue. Per Cloudflare, potential mitigatory steps include:
- Blackhole routing, a “blunt force” tactic that routes legitimate and illicit traffic away from your network, essentially shutting off access to the affected portions of your network
- Rate limiting, which meters incoming traffic at a level that your server can theoretically bear (although this may not be sufficient to address sophisticated attacks)
- Network diffusion, which spreads incoming traffic across a network of distributed servers until the load is bearable
- Web application firewall, which protects the network-application interface
13. Email Security
You’re well aware of the never-ending annoyance of spam and the malignant potential of phishing and spear phishing. All it takes is a single slip by just one trusting team member to threaten your entire network.
Unfortunately, email security is an almost individual pursuit. While your organization can and should invest in email security programs that filter out spam and minimize some potentially malicious payloads, combating more sophisticated forms of email-related malfeasance requires education. Email security best practices include:
- Avoiding questionable attachments or images at all costs
- Using two-factor authentication to reduce the risk of password compromise
- Segregating private communications from company-related email (or rendering company email inaccessible outside your home network)
- Avoiding unsecured WiFi networks (and any public networks, even if nominally secure) at all costs
- Never “unsubscribing” from spam emails
Is Your Security Posture Where It Needs to Be?
In moments of candor, any seasoned CISO will tell you that the work of building a strong security posture is never done. Indeed, it’s questionable whether “strong” is a fair characterization at all, given the relentlessness with which new threats arise, change, and recede.
Let’s not end on a depressing note, however. Let’s instead focus on what you can do in the very near future to strengthen the layers of protection upon which your employees, customers, and vendors rely to safeguard their most sensitive bits of data.
If you resolve to implement the relevant digital security protocols listed above — keeping in mind, again, that you may not have need for each and every one, if for example your operation runs solely on Windows or Mac/iOS — you’ll have done more to buttress your security posture than many of your competitors. Too bad for them, right?
Just don’t rest on your laurels. Sure as the sun rises, tomorrow brings another security challenge — and next week, another. Here’s to rolling up our sleeves and facing the fray with confidence.