Loading ...

FBI Cyber Defense Best Practices

A recent briefing from the FBI’s Internet Internet Crime Complaint Center (IC3) detailed current best practices and industry standards for cyber defense. Here is a summation:

Cyber Defense Best Practices

  • Backups – Regularly back up data and verify its integrity. Backups are critical in ransomware; if you are infected, backups may be the only way to recover your critical data.
  • Training – Employees should be made aware of the threat of ransomware, how it is delivered, and trained on information security principles and techniques.
  • Patching – All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system.
  • Antivirus – Ensure anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted. Centrally managed is even better.
  • File Permissions – If a user only needs to read specific files, they should not have write-access to those files, directories, or shares. Configure access controls with least privilege in mind.
  • Macros – Disable macro scripts from Office files transmitted via email.
  • Program Execution Restrictions – Implement software restriction policies or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular internet browsers, and compression/decompression programs.
  • Remote Desktop Protocol – Employ best practices for use of RDP, including use of VPN, auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts.
  • Software Whitelisting – Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy. This one takes careful planning.
  • Virtualization – Use virtualized environments to execute operating system environments or specific programs. No physical access to servers makes hacking harder.
  • Network Segmentation – Implement physical and logical separation of networks and data for different organizational units. Keep guest traffic out of your business network.
  • No Saved Passwords – Require users to type information or enter a password when their system communicates with a website. Better yet use a password management tool.

If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.

Posted in : Active Directory, Antivirus, Audit Logging, Azure, Azure Rights Management, Cloud Services, Compliance, Email, HIPAA, Network Security, Networking, Office 365, PCI DSS, Servers, Terminal Server

Leave a Reply

Your email address will not be published. Required fields are marked *

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2023- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]
And God will generously provide all you need. Then you will always have everything you need and plenty left over to share with others. As the Scriptures say,
“They share freely and give generously to the poor. Their good deeds will be remembered forever.”
For God is the one who provides seed for the farmer and then bread to eat. In the same way, he will provide and increase your resources and then produce a great harvest of generosity in you. - 2 Corinthians 9:8-10