Skip Ribbon Commands
Skip to main content

10 Tips to Boost Your Cyber Security

10/11/2016


​Cyber criminals put the spotlight on Cyber Security Awareness Month this October, with digital giants like Twitter, PayPal and Amazon the victims of a massive denial-of-service attack.

​With cyber security more top of mind than ever for business leaders, Danny Timmins, National Cyber Security Leader, has outlined 10 tips to start making your business more secure in the face of rising cyber threats.

  1. Reduce the number of external connections
    Trim the number of discrete external connections to a departmental network by using the consolidated Internet gateways pro​vided. Users will benefit from the protection provided by higher level cyber defences deployed at the enterprise level that monitors for, and can respond to, unauthorized entry, data exfiltration or other malicious activity.

  2. Patch operating systems (OSs) and applications
    Implement a timely patch maintenance policy for OSs and third-party applications to reduce departmental exposure to threats that could exploit known vulnerabilities. Use supported, up-to-date, and tested versions of applications, tested and approved by your IT department, ideally via an automatic patch management system.

  3. Enforce the management of administrative privileges
    Minimize the number of users with administrative privileges and revalidate the need for privileged accounts on a regular, frequent basis.   Use two factor authentication  for accessing sensitive applications or for remote network access. Perform administrative functions on a dedicated workstation that does not have Internet or open e-mail access.

  4. Harden Operating Systems (OSs)
    Prevent compromise of assets and infrastructures connected to the Internet by disabling all non-essential ports and services and removing unnecessary accounts. Both an enterprise-level auditing and anti-virus solution are key elements of any secure configuration. Ensure the appropriate network architecture choices and security procedures are in place.

  5. Segment and separate information
    Information stores and protection needs should be categorized, based on sensitivity or privacy requirements. Zone networks by segmenting infrastructure services into logical groupings with similar communication security policies and information protection requirements. This approach is used to control and restrict access and data communication flows.

  6. Provide tailored awareness and training
    IT security awareness programs and activities focused on user behaviour should be reviewed and maintained frequently and made accessible to all users with access to departmental systems. The human element will continue to provide an element of exposure. Management involvement in information protection decisions is essential in choosing appropriate security controls.

  7. Manage devices at the enterprise level
    Use Government of Canada-furnished equipment within a device management framework and provide control over configuration change management. If a bring-your-own-device scheme is considered for a network with low expectations of confidentiality and integrity, a strict control policy must still be implemented as one element of the risk mitigation strategy.

  8. Apply protection at the host level
    Deploy a Host-based Intrusion Prevention System (HIPS) solution to protect systems against both known and unknown malicious activity. HIPS can also take active measures by stopping an application or closing ports in the event of an intrusion. Monitoring HIPS alerts and logging information will provide early indications of intrusions.

  9. Isolate web-facing applications
    Use virtualization to create an environment where web-facing applications can run in isolation. Internet browsers and e-mail clients are examples of applications that are susceptible to malware. Any malware that infects the virtualized environment cannot get out of the sandbox; therefore, the malware cannot infect the host or enterprise.

  10. Implement application whitelisting
    Explicitly identify authorized applications and application components and deny all others by default to reduce the risk of executing zero-day malware. Application whitelisting technologies can control which applications are permitted to be installed or executed on a host. Application whitelisting policies should be defined and deployed across the organization using group policy management.

​​​We hope you find the information useful – to learn more about what MNP’s Technology Solutions can do for you, contact Danny Timmins at 905.607.9777 ext. 230 or [email protected]