Looking for remote work in tech?
Download our app Apple App Store Google Play Store
Looking for remote work in tech? Download our mobile app now! Apple App Store Google Play Store

Cyber Security & How to Be Better at it


 

March 30, 2021 | By: Adrian

Cyber security is an umbrella term that covers the tools and methods provisioned to protect your network systems, apps, and data resources from attacks. If we break down the common attacks and methods that hackers use to breach security, we can learn how to strengthen our defenses. 

Things that Go Bump in the Net

Hacking is a profitable business that has its own best practices and tried and true methods. Regardless of whether you are concerned about, or have been a victim of, Phishing Scams, DDoS Attacks, Supply Chain Hacks, or a hardware distributed virus – there are a few unchanging barriers that you can defend.

Firewall 

Firewall is a no-brainer. What better to defend against virtual hackers than an invisible barrier, right? A firewall is a barrier between your network and external networks that are potential threats. Firewalls can be very effective, and also very expensive. 

Understanding Firewall

A Network firewall isn’t the same as Web Application Firewall (WAF). Network firewall is the traditional solution for network security but it is limited in terms of flexibility as we see growth in public clouds, SaaS solutions, and the expansion of the internet of things. WAF offers a boost in protection from stemming web based application hacks that operate from remote servers.

Monitoring

Network monitoring can be an effective alerting system as well as an insightful tool that checks the functionality of your features and provides details into your user’s experience. You can choose to do external monitoring through a third-party provider, or invest in developing your own internal infrastructure to watch over your systems.

A Quick View of the Basics

Network monitoring is the process of setting up checks for system processes and features. When the checks fail alerts can be sent to your IT team or engineers. You can check things like HTTP(S) or DNS, as well as check for things like Malware. 

Verification

TECKpert Tip: Don’t just secure your systems, secure your security. 

The employee login page is built to be a portal into your secured information and having a complicated password alone isn’t enough security as a result, logging in has grown from a credential into a process with security assurances like two factor authentication (2FA), and single sign on (SSO). 

2FA

2FA is redundant security at its simplest and requires an additional device or email to confirm the user logging in is who they say they are. 

SSO

Single Sign On (SSO) allows users to use one set of credentials to authenticate with multiple sites, services, and applications. SSO plays into our next topic as many of its benefits are to lessen the security risks created by your employees managing multiple passwords. The main purpose of SSO is to streamline password and identity management to increase security.

Workforce

Not all security measures are digital, some are human and your employees are only as secure as your training methods. You can have the highest caliber tech individuals on your team but without defined processes, solid training documentation, and accountability your security becomes that much weaker. We can lump all of this into “Security Awareness” for which there are many resources like classes, consultations, and software, but don’t ignore your biggest resource: your existing systems. 

Unpopular Opinion: To keep things secure make system knowledge available to more than just a few core people.

It sounds contradictory but before you abandon this post with your eyes rolling, hear us out. The suggestion isn’t to give company secrets to every employee on your roster, it’s to inform your team generally of advanced processes:

  1. Which employee/user tiers have which permissions
  2. What information is cleared to share with users that isn’t in public documentation
  3. Where it’s ok to store company login information

Your team should also be versed in SIPOC

  • Supplier
  • Input
  • Process
  • Output 
  • Customer

The point of SIPOC is that each member of your team – especially if you are a small company or startup – will have to step outside their titled role and take on additional tasks. A system  overview allows them to do this confidently but also securely. 

Let’s talk briefly about Supply Chain Hacks as an example. There are many potential access points to your company data and not all of those points operate internally all the time. You likely partner with third-party providers, freelancers, and hire technicians, all of whom connect back to your network. 

Having a well-versed staff increases your internal monitoring at a human level and an informed staff is also more likely to recognize potential problem areas in your security that could be strengthened, or better screen the vendors and services you need. 

Cyber Security Tools You Need

Let’s recap. To secure your network you need:

  1. Network Firewall & WAF 
  2. Network Monitoring
  3. Good password practices and login verification
  4. An informed workforce
  5. A knowledgeable network of experts to help you navigate tech challenges

See how we snuck number 5 in there?

Need an expert to evaluate your cyber security? Reach out today for an Assessment to discover what your business needs are for your next digital transformation – and how TECKpert can make it happen.