How to
Brianna Gammons
Jan 2017

5 Ways for Small IT Teams to Stay Ahead in the Evolving Security Landscape

Photo by Source

3_IT_amigos_blue.png

As an IT professional, your users are a constant source of worry. You’re expected to respond to everything from “the internet’s not working” to “oops I clicked on a link and now I’ve taken down our entire network.” But while you may worry about security 90% of the time, you can’t dedicate 90% of your bandwidth to it. On average, IT pros have less than 15 minutes per hour to devote to security.

How do you get in front of security while keeping up with your users, your boss, and everything else competing for your attention?

We asked security expert Troy Hunt about quick wins to help IT professionals get ahead in 2017.

 

Troy Hunt is a Microsoft Regional Director and Most Valuable Professional for Developer Security, Pluralsight author, and international speaker. His website, Have I Been Pwned?, allows you to search across multiple data breaches to see if your email addresses has been compromised.

 

Here are his tips on how to reduce anxiety and save time on security this year.

When you don’t have a big IT team, you have to be the jack-of-all-trades. It’s really hard for you to try to get everything right across the board. You and your team don’t necessarily have the time or dedicated technical expertise of people who just do backups or endpoint protection. I think particularly in smaller organizations, where there are only a few people, some of the wins are actually quite easy.

 

1. Don’t treat user training as a box to be checked

I really like some of the strategies we’ve seen recently particularly around phishing. Where the training is integrated into your daily work cycle. It pops up without you knowing it and it tests you along.

Many organizations will go “Oh that’s it, it’s March, time for annual security training.” And everyone will go in a room and play with their phones.

People are going to leave their office. They’re going to leave whatever physical and digital protection the organization has and they’re going to literally walk out the door and be on their phones opening attachments and browsing malicious sites and this sort of thing. So you really need training and education to go beyond just the organization’s wall, because if users do get phished at home, there’s a good chance that attackers are going to try and take information related to your place of work as well.

Even if they’re not on the WiFi they may be plugging in a USB. If they’re plugging into the USB, it then forges a connection for attackers to transfer files back and forth from the office. It is a really really different landscape today, and we’ve got to remember it’s only 10 years ago that we didn’t have iPhones. We sort of forget how quickly things have changed, yet we know how slow many organizations are to adapt.

 

2. Automate where possible

I think one of the really big things now, particularly for SMBs, is that there are so many good online services available that take away the need to self manage.

A decade ago, you would have been running the mail server and being responsible for that and your own file systems server. These days, we’ve got Gmail for Enterprise, Outlook.com used by enterprises, Office 365, all sorts of online document storage solutions.

Delegating the problems and paying a little bit of money for someone else to manage it helps enormously because a lot of these services have built in facilities to limit damage in the first place and then roll back if it does happen.

 

3. Apply the principle of least privilege

How do we make sure that each account has the limited set of rights that it needs?

We’re seeing ransomware particularly this year become really effective. It has even gotten as far as encrypting network drives.

Giving people access to only the things that they need limits the degree of adverse impact if someone does get impacted or affected. Just give someone the content that they need for their role.

 

4. Just because your coworker is nice doesn’t mean they won’t make mistakes

There was a story a couple of years ago where a programmer was outsourcing his job to China and he would come into the office every day and outsource his work to a company in China. He’d emailed his secure ID two-factor token off to China, where they had remote access to his machine and were doing his work for him in the corporate network. It wasn’t necessarily malicious, but it was stupid.

It just takes a little bit of stupidity for an insider to become an inadvertent malicious insider.

We’ve got so much information now that sits within an organization behind that firewall. And after events such as Snowden and Manning, the WikiLeaks drama and the Panama Papers, I think we’re more conscious of the fact that there are individuals inside the network who may wish to do you harm.

And you can split that two ways. There are individuals within our network, that we thought was secure, that are trying to get our things out for malicious purposes. And there are also individuals inside our network who may become inadvertent insiders.

 

5. Endpoint protection has to work in conjunction with everything else

We still need all the usual endpoint protection stuff to keep people safe. But it has to work in conjunction with the rest of our security. We’re sort of past the point of this thinking that the network perimeter is sector-synced, and everything inside is going to be fine. That we’re just going to keep the bad stuff out. I think that we are really getting to grips with the fact that that model is fundamentally changed now.

Security is always going to be multi-faceted. And there’s not going to be one single thing that you do and everything is ok. This is the realization we’re coming to with security in general where it’s the “defense in depth” sort of approach.

 

For more from Troy Hunt, check out our 3 practical cybersecurity training tips to inspire action. To worry a little less about security, see our security checklist for closing out the week

Brianna Gammons

Brianna Gammons

Brianna is helping us grow an active community of security beginners and experts alike. She is exploring topics like security in healthcare and how to keep companies safe from ransomware.

lock-white.png

Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo

Comments

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.