10 Best Practices to Prevent Cyber Attacks
KLC Consulting helps Defense Industrial Base (DIB) companies prevent cyber attacks. The time is now – don’t wait on cyber attack prevention! We developed this service to align with recommendations from U.S. Intelligence and Security agencies. Prioritize and complete these ten NIST 800-171 / CMMC practices immediately.
1. Validate Access Controls
We evaluate your personnel’s access to IT resources based on employees’ assigned roles, privileges, and responsibilities. We recommend ways to set “Least Privilege” to restrict access to only those IT resources necessary to perform job functions. Beyond NIST 800-171 and CMMC compliance, validating Access Controls is critical to minimize information a cyber attacker can steal if a user account becomes compromised. And it limits an attacker’s ability to compromise other systems & resources within your IT environment.
2. Conduct Vulnerability Assessments / Penetration Tests
We identify your security holes – where you’re exposed and vulnerable on the internet with a Vulnerability Assessment. Then we conduct a Penetration Test to simulate how a cyber attacker might navigate your IT environment to steal, hold ransom, or destroy your information. We recommend what to do to close security gaps and offer assistance if you need help.
3. Enhance Network Perimeter Security
Firewall Rules Review
We check to determine that you’ve blocked traffic in-and-out from domains belonging to sanctioned countries like Russia, North Korea, and Belarus. We also check to see you’ve blocked IP address ranges known to belong to U.S. sanctioned countries and recommend improvements to improve your firewall rules.
Block Intrusion Activities
We verify that you’ve blocked scanning activities coming from U.S. sanctioned countries and recommend how to block it. Collectively these are known as Intrusion Detection and Prevention measures.
Black List Review
We review your black-listed domain names, websites, and URLs to recommend additions and improvements.
NOTE: We often find clients block potential adverse incoming traffic but overlook blocking outgoing traffic. But blocking outgoing traffic to known malicious websites helps to reduce the risk of data theft through phishing attacks. It also helps prevent your compromised IT resources from being utilized as a botnet/zombie resource to attack other computer resources (a distributed denial of service or “DDOS” attack).
We determine whether your log configurations enable a rebuild & restore in the event of a data loss.
4. Enable Multi-Factor Authentication (MFA)
We evaluate your system’s ability to enable MFA in accessing hardware and software resources and recommend segmenting alternatives where it cannot. MFA is a critical information security component because it minimizes an attacker’s ability to access system resources. It further impedes their ability to use your network resources in a compromise.
Call for an Introductory No-Cost Consultation: 617.314.9721 x158
Cyber Attack Prevention based on top recommendations of our U.S. Intelligence and Security agencies.
5. Validate Backup Functionality
Clients often put backup procedures in place but are disappointed to learn it isn’t working as expected. And they haven’t fully considered their Maximum Tolerable Downtime, Recovery Time Objective, and Recovery Point Objective. Ransomware attacks often successfully encrypt company backups due to a lack of offline segmentation. So we ensure your Backup practices are effective to help you prevent cyber attacks.
We verify that the encryption/decryption key is active and available. And we ensure you understand the steps for your restoration and that the process works as intended.
6. Endpoint Detection and Response (EDR)
Gartner coined the term EDR and described it as a security system that detects and investigates suspicious activities on hosts and endpoints. And EDR employs a high degree of automation to enable security teams to identify and respond to threats quickly.
EDR goes beyond standard antivirus software by monitoring & analyzing endpoint data threat patterns, automatically removing & containing them and alerting security staff. We recommend alternatives for cyber attack prevention.
7. Verify Security Patching
We perform (or guide you with performing) a patch scan to identify missing patches for your hardware, software, and devices to determine that you’ve applied the latest security patches. We can assist with testing and approval within your test environment and provide a test machine if you don’t have a test environment. Let’s develop procedures to align your monthly patching process with your software companies’ disclosure and regular patch release schedules (like Microsoft, Apple, Adobe, Oracle, & Cisco). We’ll also help with IMMEDIATE emergency patch releases (a/k/a “Out of Band” releases) that require immediate patching for “Zero Day” critical vulnerabilities (like recent Log4J and Microsoft Exchange vulnerabilities).
8. Provide Cybersecurity Awareness Training
We provide DoD CUI and phishing training, a cyber awareness challenge, and Incident Response training. We automate training management, scheduling, and monitoring of the status of employee completion. Automation also produces documentary artifacts for compliance reporting purposes. Our system supports CMMC and NIST 800-171 compliance by providing progressive levels of training based with increasing roles and responsibilities within your organization.
9. Segment and Patch IoT, OT, and Test Equipment
IoT (Internet of Things) is a great modern convenience. But are IoT devices a part of your corporate network? If so, they’re a potential cybersecurity attack vector. Example: A smart Starbucks coffee maker “talks” with Starbucks. If Starbucks is hacked and becomes compromised, you’re vulnerable! The same applies to other common IoT devices like Amazon Echo, Apple Siri, Google Alexa, and other smart devices – even refrigerators and lightbulbs.
OT (Operational Technology), including SCADA, PLC, and ICS. These frequently are older systems, but they’re still commonly used and integrated with CNC and other manufacturing machines & test equipment.
We help you inventory these items, validate their patching status, and segment them to minimize risk from cyber threats. We’ll help you prevent cyber attacks by reducing the risk of an email compromise by navigating through these devices to halt manufacturing production.
10. Incident Response Plan Development and Testing
We verify (or help you develop) an Incident Response Plan to align with NIST 800-61 requirements. A strong IRP includes preparation, detection and analysis, containment, eradication, recovery, and post-incident activities. It also should identify the roles and responsibilities of your staff and external IT support vendors (i.e., managed service providers – MSP), incident declaration process, incident severity, analyzing incidents, and communication with customers and law enforcement.
The IRP should fit your organization’s size and operations to best prevent cyber attacks. Your Incident Response Team Lead trains key stakeholders in their processes and responsibilities. DFARS 252.204-7012 requires DIB companies to implement an Incident Response plan and have the ability to report cyber incidents when they occur. (This requires a Common Access Card (CAC) or a Medium Assurance Certificate (ECA). Prudent Incident Response planning to prevent cyber attacks includes periodic tabletop exercises to ensure staff know what to do and that the IRP is effective.
Cyber Attack Prevention Consulting Costs
Our fee structure reflects that every client is unique. Medium size clients often only require our expert guidance and direction. Others need more direct hands-on help. We quote Cyber Attack Prevention Consulting fees on a case-by-case basis, recognizing clients usually prefer a fixed monthly fee that also encourages greater utilization of our expertise.
Regardless, this package is designed to provide SMB DIB clients with the most affordable consulting solutions available today.
Free (and useful) advice and resources
Learn More About KLC Consulting
Our cybersecurity team educates, protects and empowers clients.
How to Prevent Cyber Attacks with Vulnerability Assessments and Penetration Testing