devices, servers, switches, Wi-Fi access points, routers, printers, and every other piece of hardware connected to your network.
All the software connected to your network: That includes operating systems, web browsers, Microsoft Office applications, and any other programs your organization uses. It also includes cloud service providers such as Office 365, online meeting platforms, cloud storage providers, and so on. Finally, it includes the software that runs on devices such as routers, switches, printers, and other similar devices.
All the people connected to your network, typically represented by Active Directory accounts: You need to understand who they are, what their jobs are, what permissions they require, what devices they use, and so on.
With the information gleaned from this asset management, you can deploy specific preventive measures to protect each asset. The following list is not complete, but it’s a good starting point:
Firewalls: Your Internet connection must be protected by a firewall device that’s configured to keep dangerous traffic out of your network. (For more information, see Book 10, Chapter 2.)
Wi-Fi security: All wireless access to your network must be encrypted and protected by password access. (For more information, see Book 4, Chapter 2.)
Antivirus software: Every computer on your network must be protected by active antivirus software. That includes every computer — workstations, laptops, tablets, and servers. All it takes is one unprotected computer to expose your entire environment to attack. (For more information, see Book 10, Chapter 2.)
Antispam software: Most cyberattacks come in through email. Make sure all email is protected by antispam software that can block email that contains malicious code or suspicious links. (For more information, see Book 10, Chapter 3.)
Strong passwords: All accounts that have access to your systems should be secured by strong passwords. (For more information, see Book 10, Chapter 1.)
Multifactor authentication: The most critical access, such as for those with administrative control, should be controlled by multifactor authentication, which requires additional verification beyond a username and password. (For more information, see Book 10, Chapter 1.)
Data protection: All shared data on your network should be protected with roll-based security so that only those users who have a demonstrated need for the data are allowed access. This is done by controlling access permissions on files and folders, as well as share permissions. (For more information, see Book 6, Chapter 5.)
Encryption: Encryption refers to the process of encoding data so that it can be read only by those who possess the secret encryption key. Encryption is one of the most important aspects of data security and should be employed whenever possible.One common way to use encryption is on wireless networks, where all data should be encrypted. This type of encryption is called data-in-flight encryption because it encrypts data while it’s in transit from one computer or device to another. It’s also common to encrypt data that resides on disk drives — this type of encryption is called data-at-rest encryption and is especially important if someone were to physically steal your disk drives (or the computers that contain them).
User life-cycle management: All user accounts should be subject to a documented life-cycle management policy that ensures that when a user leaves the organization, that user’s access is terminated.
Auditing: All aspects of your security environment should be regularly audited to ensure everything is operating as expected and is appropriate for the current environment. This includes regularly reviewing your user accounts and file permissions; reviewing firewall, antivirus, and antispam software to make sure it’s functioning; and reviewing event logs.
User training: The weakest points in any network are its users. Make sure to regularly offer security training for your users. (For more information, see Book 10, Chapter 1.)
Physical security: This aspect of cybersecurity is often overlooked. Any hacker worth her salt can quickly defeat all but the most paranoid security measures if she can gain physical access to a computer on your network. Make sure the server room is locked at all times. Make sure your users lock their computers when they step away from their desks.
Recovery
No matter how good your prevention measures are, cybersecurity events are bound to happen. A user will exercise bad judgement and click a link in a phishing email, an important security patch will be neglected and an intruder will exploit the resulting weakness, or someone’s password will be compromised. It’s bound to happen, so your cybersecurity plan must include recovery measures as well as prevention measures.
A recovery plan should also protect you against threats that aren’t necessarily malicious. For example, what if a hardware failure takes out a key file server and you lose all its data? Or what if there’s a fire in the server room? Disasters like this are unlikely but not impossible. For more information about disaster recovery planning, check out Book 10, Chapter 4.
The basis of any recovery plan is a good backup plan. In fact, planning for backup is an integral part of planning any network. I’ve devoted Book 3, Chapter 6 to this topic, so I won’t go into every detail here. But for now, know that backups must be:
Comprehensive: Identify every critical server and data store in your organization and make sure it’s backed up regularly.
Up to date: When you’re forced to recover from a backup, you’ll be rolling your business back to the date the backup was made. If that was three weeks ago, you’ll lose three weeks’ worth of work.
Redundant: You should keep multiple copies of your backups, each representing a different recovery point. At the minimum, keep at least three generations of backups. That way, if the most recent set of backups doesn’t work, you can revert to the set before that and, if necessary, the set before that. A key factor to consider is that if your files have been corrupted by a cyberattack and you don’t discover the attack right away, your backups may contain copies of the corrupted data. You want to make sure that you have a good backup that was made before the attack occurred.
Kept off-site: If a fire burns down your server room and your backups are kept on a shelf next to the servers, you’ll lose the backups, too. At that point, you won’t be able to restore anything.
Offline: It’s not enough to keep backups off-site, they must also be offline. Backing up to the cloud
