In this portion of our latest webinar, Fortifying Your Business: Exploring Cybersecurity Best Practices and the Impact of AI, Principal Mark Anderson outlines best practices to protect every entry point into the “castle” that is your business network.
If video isn’t for you, the transcript for this portion of the talk is below. To view the full webinar and transcript, fill out the form below to access the recording.
Mark Anderson: We’ve tried to pack these 45 minutes with a lot of great content. There is quite a bit to go through, and this is a meaty topic. If you want to have a deeper conversation about anything that we bring up, we love helping people, so just reach out. We’d love to have a deeper conversation with you about really anything related to the topic we’re going to be addressing today. We’re talking about Fortifying Your Business: Exploring Cybersecurity Best Practices and the Impact of AI.
Just a little bit about myself as we’re moving forward here. I started in 1989 as a software engineer at McDonnell Douglas, and then went to IBM in ’93 as a computer system and network administrator, ultimately helping to start our business in ’95. My first client that I consulted with was SBC Communications, which is now AT&T. Almost 30 years later, we now are helping clients in 28 different states.
Fun fact: very apropos for our topic, my better half Amy, my wife and business partner, started in the McDonnell Douglas Artificial Intelligence Center in 1988. I say that because even though ChatGPT has burst on the scene and we’re all “Ah! AI!”—none of this really is new. It’s just a lot of marketing and hype and social media excitement. We’re going to unpack some of that.
We’re going to paint a picture about cybersecurity best practices and the current landscape. Then we’re going to get into artificial intelligence—friend or foe? That’s an open question, I think. We’re going to review how cybercriminals utilize AI to do what they do. Then we’re going to discuss AI in the cybersecurity space and then conclude.
Protecting Your Castle
Let’s quickly go over the best practices. We like to think about protecting your data, our data, as a castle. Cyber criminals are opportunists. In general, I think they’re quite lazy. The best way to thwart them is to put as much friction between your data and them. We do that with this multi-layer approach.
Moat = email. Why is that important? The vast majority of threat introductions come to us via email. We want to keep that moat full of water and keep people on the outside. That’s the equivalent of email hardening.
Your outer gate is the equivalent to MFA (multi-factor authentication) and a really good password policy. You want strong, long passwords and to use a password management tool in order to help do that well.
A business grade firewall is an absolute must have, got to do it. That’s equivalent to your castle wall and drawbridge.
Your guards on the outside proactively doing threat hunting is the equivalent to a next generation endpoint security, which utilizes AI to do pattern matching to try to determine “This user doesn’t normally send a bunch of emails out at 3 a.m. on a Saturday morning, I think I’m going to shut that down, I’m not going to let 5000 emails go out.” That’s what’s going on there.
Your masons on that inner wall are the equivalent of patching your operating system and security updates for all your third-party applications.
Your sentinels are antivirus/anti-malware software running on your servers, your workstations. Any Compute Engine needs to be protected with something like that.
The inner wall of your castle is what we would call the only silver bullet that you have. That’s your educated employees of your organization or business. If someone can be tricked to clicking on something that unwinds all of the other protections, it’s all moot at that point.
The keep inside the castle is your backups. They are protecting your crown jewels, or your company data.
That’s your basic protection. You’ve got to have those layers. Some additional add-ons to your castle are as follows.
We just talked about backups. We would posit that your backups, you may as well not do them if you are not regularly scheduling data restore tests to prove that you’re actually backing up what you think you’re backing up and it’s being done with the frequency that you need.
You need a BCDR, a Business Continuity and Disaster Recovery plan. In the case of a physical emergency, a fire or an earthquake, a storm or whatever where you can’t go to your office, where are you going? Who’s calling whom? What access to the information do we have? How long would it take to spin up a secondary server somewhere else? Am I virtualizing in an AWS cloud, etc.
Segregated Wi-Fi: often overlooked but important. You need a public side to your Wi-Fi and a private side to your Wi-Fi, especially if people are coming to your office.
A cybersecurity insurance policy. I think we’ve been hammered by the insurance companies time and time again about this. But it’s important that your policy is sized appropriately for your business.
Penetration tests. This is often overlooked. If you’re in a regulated industry, or HIPAA is part of what is important to your business, having a third party or an outside party conduct those penetration tests rather than your own IT staff.
Regularly scheduled employee cybersecurity awareness training is very, very important. You know, tides rise all boats. This is a constantly changing environment that we’re in and we just need that educational mindset to be out there.
Password management tools are sometimes overlooked. We don’t want to see the sticky notes on the monitors anymore. As password length is getting longer and longer and longer it’s very hard to deal with 16- and 24-character passwords unless you type really, really quickly.
An appropriate password policy for your organization.
Limited employee access. You really want your employees only to be able to access the data they need to access to do their job, no more, no less. You don’t want everyone to have carte blanche access to all data throughout your organization because that’s a much bigger attack surface that you want to try to choke down, not because you’re big brother, but just to give them exactly what they need and no more.
You want to limit the authority that your users have to install software on their own individual devices. We don’t want widespread admin privileges throughout the organization. When you have that, if a machine is able to be compromised, they can use that as a jumping off spot and go do a bunch of things we don’t want them to.