COVID-19 AND CYBERSECURITY 2: INVENTORY & VULNERABILITY MANAGEMENT
When it comes to online Covid-19 equivalents, it all just comes down to the basics…
With so many of us having to work from home there are many new “nasties” which we need to be concerned with, and I’m pleased to say that they are the preventable non Covid-19 related ones.
Over the past 10 days we have been talking with customers who have been displaying some heroic efforts to ensure that their users are able to create an effective working environment away from the office, however they are quite rightly worried that they are building up issues for the future.
We understand this. Priority number one has quite rightly being enabling the workforce to be productive from a new location, but what has been the impact of this? In this series of short blogs James Preston from ANSecurity provides advice and guidance on what all organisations need to do in order reduce the risk of threats to the corporate network.
This article focuses on the basics, namely the importance of keeping inventory, and managing the vulnerabilities.
With so many new laptops (and even desktops) making the trip home from the office and so many new services open to the internet just how much do you know about the state of your IT infrastructure? You are probably thinking “I’m absolutely on top of it”, when recent history has shown us that this is almost never the case. Good security starts with a comprehensive understanding of your inventory be it your PCs, servers, software or the network which drives it all. Without this visibility you inevitably get holes in security form, whether that be a laptop without full disk encryption or an administrator exposing SSH access to the internet. It’s all about doing the basics to a high standard every single time.
So your inventory drives your ability to detect and remediate or mitigate risks while also identifying and isolating unsanctioned devices. But that’s not all, it also delivers better utilisation of time and people by targeting these resources at specific issues instead of chasing every alert in your threat detection system against services which you aren’t even running. Nobody knows what is coming around the corner when it comes to their team sizes, so making yourselves as efficient as possible cannot be a bad thing.
When it comes to doing the basics, there are some really simple questions that you absolutely need to ensure that you have asked yourself. If you’re honest you should be able to generate a clear activity which helps you focus where you need to focus your efforts in order to minimise the risk of external threats:
- Do we know how much kit we actually have, who owns it, and for what reason?
- Do we have tools in place to keep track of our laptop/desktop PCs?
- Do we have tools in place to detect where data is being held?
- Can we confidently say that all of our laptops and desktops are encrypted?
- Are we always verifying that clients which are connecting to the network (inside or on a VPN) have the latest security updates and are running AV?
- Do we have a handle of our software estate? Are we running any out of date or unsupported software, do we really know what the risks are?
- Where we have enabled remote working, is it robust enough from a security angle, how is authentication and encryption handled, have we been overly permissive in with firewall rules to get things up and running?
As a business we are committed to providing help, guidance and support to our customers, particularly those on the front line and in critical industries. We want to do our part to help, so if you have questions, want to chat some things through, you know where we are.