For IT directors, a lack of resources is a critical reality when it comes to cybersecurity.

Few IT teams have the necessary talent and budget to meet the increasing threat landscape. The number of bad actors profiting by illicit means continues to grow. And the software and the techniques they use are more sophisticated than ever before.

For IT directors, a lack of resources is a critical reality when it comes to cybersecurity.

That’s just for starters. The number of entry points continues to climb exponentially. Physical devices are proliferating, from mobiles to those used for the Internet of Things. What’s more, today’s businesses rely on technology with roots from a variety of sources, such as software coming from third-party SaaS or IaaS providers, from one-off vendor purchases, and from cloud solutions.

The attack surface stretches beyond what just a few years ago was unfathomable.

So, what can an IT director do to keep your organization ahead of mounting threats to stay safe and secure? The Center for Internet Security (CIS) recommends starting with basic, often-overlooked precautions when it comes to building a solid security posture.

Inventory and Control Hardware and Software Assets

You can’t secure assets you don’t know you have. Reducing your organization’s attack surface starts by having a complete view of all devices on your network. IT teams should make every effort to document and manage authorized devices and the software the devices run. IT teams must also quickly disconnect from their network all unauthorized devices, as well devices that run potentially dangerous software.

  • Secure business devices, and outline and enforce strong security guidelines for personal devices. Don’t let unsecured devices onto the network. Use guest networks for visitors.
  • Utilize inventory tools throughout the organization to facilitate up-to-date records of existing software and hardware.
  • Oversee all user access to the business network, record authentication errors and unauthorized access, and sweep the network for unusual user behavior.
  • Create an escalation workflow for afterhours incidents involving unauthorized devices.

Continuously Manage Vulnerabilities

The IT team must have 24×7 real-time cybersecurity operations that can manage vulnerabilities, monitor and detect threats, and respond to malicious and risky activity in real time.

  • Prioritize responses so that vulnerabilities and intrusions that pose the highest risk and greatest threat are addressed first, instead of concentrating on less critical and non-essential tasks.
  • Be ready to answer how security impacts business decisions, including where risk exists and how risks are mitigated

Control Administrative Privileges

Administrative credentials are like the keys to your organization’s front door, and a favorite target for cybercriminals seeking access to your data. Simple, re-used passwords and administrative accounts in disarray make stealing critical data easy for bad actors.

Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

Manufacturers design default configurations with user experience and ease-of-use in mind; security tends to be an afterthought. Basic controls, old protocols, preinstallation of unneeded bloatware, and open ports are easy targets for cybercriminals. Good configuration doesn’t stop when users get access to devices, as you’ll need to watch continuously for changes when systems are patched or updated.

To read full download the whitepaper:
5 Best Practices to Make Security Everyone’s Business