“Security is a not a product, but a process”
– Bruce Schneier
Give us a call 204-257-7279. We are here to help.
If you’re a company owner or manager, then WannaCry probably made you rethink just how important it is to secure your business network.
This is the only upside of this cyberattack. However, WannaCry isn’t the starting point of cyber threats, it’s just the latest evolution. Ransomware has been the biggest threats for businesses for the past 2-3 years, and the conditions are set for it to remain so for the foreseeable future.
But ransomware is just the tip of the spear when it comes to cyber threats, there are many more such as phishing, whaling and data leakages. This short checklist of security measures will help you to protect your business network, including servers and endpoints.
1. Provide cybersecurity training to employees
Cybersecurity training for employees is now a must for every business. Too many users skip on basic security practices such as strong passwords, updating their software or not recognizing a phishing email.
To help your employees get up to speed to the best Internet security practices, we recommend you check out our helpful educational resources. To put things into perspective, nearly 41% of company data leaks happen because of negligent or untrained employees who fall even for simple phishing emails.
2. Make sure your servers run an antivirus program
Running an antivirus program on your server is a security-savvy decision. Without one, you run the risk of having an infection spread from your file or terminal server all the way to your endpoints.
An antivirus on your servers also helps to limit and mitigate the damage of an infection starting from one your endpoints.
When you’re out looking for an antivirus for your servers, evaluate them on their performance impact.
3. Use Microsoft’s Enhanced Mitigation Experience Toolkit (EMET for short)
Microsoft’s EMET is a free security tool by Microsoft that boosts your security by adding additional security protocols to protect you against certain threats.
For instance, EMET will:
- Help prevent malicious data execution. EMET does this by preventing incorrect uses of code in the system memory.
- SSL/TLS certificate trust pinning. This feature of EMET helps prevent man-in-the-middle attacks that use public key infrastructure.
- Structured exception handler overwrite protection. This blocks attackers from exploiting stack overflow
This was just a short example of what EMET can do. It’s feature list is much more extensive and warrants an article of its own.
4. Track user log in / log off activity on your business network
Knowing when a user logs in or off their work accounts or devices will help you pinpoint the start of an infection. It’s also a good prevention method, since you can track if a user has dangerous habits when connecting to work accounts.
Unfortunately, login tracking can be a hit-and-miss affair, regardless of the method you use. The one that usually gets the best results is to use a script in your login process. Here’s a short tutorial on how to set up the script.
Another thing you can do to see where an infection starts and how it spreads is to track file sharing. Dedicated programs will keep track of who and when accesses a file and what they do with it. Here’s one list of such programs plus another one.
5. Always keep your servers updated
Like any other hardware and software out there, servers also require to be constantly updated with the latest feature and security patches. These can make all the difference between a clean server and a hacked one.
There’s a reason why every cybersecurity expert’s first advice is to update your software: it works and it keeps you safe from malware designed to exploit vulnerabilities (like WannaCry did).
6. Don’t do web browsing from the server side
This includes any other kind of activity not work related. Use the server strictly for its main purpose: to manage a company’s endpoints.
The less interaction a server has with the web, the fewer chances there are for a cybersecurity threat to compromise it.
Of course, in certain instances, you need to have a browser on the server in order to access other servers using a web console functionality.
7. Don’t keep multiple server services on the same hardware
In order to cut costs, you might be tempted to run two or more of your server services (such as the SQL and file server services) on the same hardware.
From a performance perspective, this isn’t always optimal. For the best performance results, it’s best to keep each server separated on their own hardware.
From a cybersecurity perspective, keeping all your server services on the same hardware will allow the infection on one service to spread to all the others and the data they contain, unless you use virtualization.
For example, on the same device, you can use two virtual machines, one to host the file server and the other for the SQL server. If an infection hits the virtual machine hosting the file server, it will not spread to the device itself and neither to the SQL server.
In essence, the infection is trapped on the virtual machine, which you can delete and reinstall at any moment, even if you lose the information on it. But at least you keep your device hardware safe as well as the SQL server.
For the best safety measures, you should run each server service on its own hardware (so the SQL server on machine A, the file server on machine B and so on). On top of that, each service itself should be hosted on a virtual machine.
8. Keep separate users and passwords for the admin’s laptop and the servers
This way, if a malicious hacker manages to compromise the login credentials to the admin’s laptop, he won’t be able to reuse them to access the servers themselves.
This is an important security tip, since many Internet users simply decide to reuse the same password and login to whatever new account they create. Cybercriminals know this, and exploit it in creative ways.
For instance, they might brute force or dictionary attack a forum or website they know the sys admin uses (could be for work, such as StackOverflow or forums for personal use, such as gaming). If the forum has weak security, then the cybercriminal will reuse that password and username for all of the sys admin’s accounts.
9. Keep up-to-date and frequent backups
42% of businesses struck by ransomware do not recover all of their information. This includes companies that end up paying the ransom in order to get their data back.
The only way you can be sure to recover your data is by constantly backing it up. Every company is different, some need to back up their data on a weekly basis, others on a daily or multiple daily basis. What matters is that you find the best frequency for your company, and stick to it.
10. Use a good Exchange email filter
If you’re running emails through a Microsoft Exchange server, consider adjusting your email filters to block spam and other unwanted emails from unwanted sources. This will block out emails at the server level, so they won’t end up in the inboxes of your endpoints, where users might accidentally click on them.
Here’s an in-depth guide from Microsoft on how you can set up an Exchange email filter.
11. Run antivirus on all of your endpoints
Most cyber attacks against businesses target the endpoint, not the server. This is because employees are not as careful with their online activity as sys admins are.
Targeting the end points instead of the server is statistically much more prone to success. In some cases it only takes 1 infected PC to infect the rest of the network. So instead of targeting one particular user, malicious hacker will blanket all of the employee base. If just 1 out of 100 bites, then that’s something the malicious hacker can work with.
We’ve written an in-depth article to help you find out which is the best antivirus for your needs, which we recommend you check out.
12. You need to be proactive to survive in the malware economy
Antivirus programs have difficulty catching the latest kinds of malware, (what we refer to as second generation malware). This is because malware creators have become more adept at using evasive measures such as obfuscation, vulnerability exploitation or other such methods.
For this reason, a business should consider using other security products that close the gaps left by antivirus.
One particularly effective way to keep computers and endpoints safe is to use traffic filtering solutions. These scan incoming internet traffic to your PC, looking for malware and blocking it from even reaching your PC.
The traffic filter also scans outbound traffic, and blocks suspicious data leaks, keeping your files safe and information private.
Basically, a traffic filtering solution will scan incoming and outgoing traffic to your PC, and block the malware from entering your PC.
Keeping a company safe on the Internet can be a daunting task. But by following certain steps and procedures, you can cut a lot of cybersecurity risks coming your way.
If you have any questions on how Finch Computers can help you, give us a call 204-257-7279