I Got This, Angela!

Best Practices. No matter the industry you work in, there is always that one person who is telling you that you are doing it wrong.

“Okay Gary, then how about you do it yourself because that constipated look on your face is killing me! “

We all have our Garys, Steves, or Angelas, especially Angela, that is just standing there, tapping their foot, and looking over our shoulder, and the best defense for all of these people is Best Practices.

Learning how do it right the first time will save you a whole lot of effort, and especially patience!

Let’s go over some Cyber Security Best Practices that you can implement in your Organization so you can tell those Angelas “Go soar in the sky you bird, TriForceCode has me squared me away.” Okay. Probably don’t say that. Professionalism is definitely Best Practice number one.

No matter the size of your Organization protecting your physical and digital assets should always be at the forefront of managements mind and knowing what verbiage to throw their way will help them to better understand why implementing these practices is in their best interest.

  1. Protect your Data! – I have written about this before, but it is always good to circle back, whether your data is at rest or in transit, it is important to ensure that your data is protected!
  • Encrypt, encrypt and… properly store your encryption keys or the passwords to your keys. A smart method is utilizing Key Escrow – Key escrow (also known as a “fair” cryptosystem) is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys.

Reference: https://en.wikipedia.org/wiki/Key_escrow

  • Key management systems come in quite a few options, but one of the more popular methods are Key Management Appliances like SafeNet KeySecure from Gemalto.

Check them out here: https://safenet.gemalto.com/data-encryption/enterprise-key-management/key-secure/

  1. Educate your Employees! Best Practices aren’t just for you to tell those Steves’ to shove it, following best practices is everyone’s responsibility. Team OberserverIT (2018, December 10) 10 Essential Cybersecurity Best Practices. Retrieved from https://www.observeit.com/blog/10-essential-cybersecurity-best-practices-for-2019/ We recently surveyed 1,000 employees about how they access corporate networks during work travel, and 77% admitted to connecting to free public Wi-Fi networks (which are typically unsecured) using corporate computers and phones. Only 17% of respondents said they always use a VPN when they’re away from the office.
  • That is horrifying! Company data, PII, and god knows what type of private data just flowing through unencrypted Public WiFi. I am curious if I was to go to a café and set up Wireshark, how much wonderful information would I be able to capture. Encrypt that web traffic, son!
  1. Use Vendor Documentation! – I get it, you have been in IT a few years, you know what you are doing, blah blah blah. Shut it, Sharon; I got this. Oh, wait.. what? I’m fired now because I didn’t lock down that one port the vendor suggested and we lost millions in intellectual property. Surprise Surprise. Best Practices told you so!

There is a reason vendors release this documentation, and it’s not “For your consideration,” it is called Best Practices because it is from years of tested methods and trial and error. Here are a few links to vendor best practices, but remember these get updated pretty regularly so keep your Google fingers and your brain hat at the ready.

 

Microsoft AD – https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory

Cisco Device Hardening – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180416-tsa18-106a

RedHat Linux Hardening – https://www.redhat.com/en/services/training/rh413-red-hat-security-and-server-hardening

 

I think you are starting to get the central theme to this post, so I don’t think it’s necessary to continue, as it is getting a bit long. Just remember those best practice are there to make our lives easier and make us look like IT badasses to our bosses.

Until Next time. #dontcodealone