Hopefully, you all had a relatively sane and productive summer. Security-related topics have been in the news for most of the summer with several incidents hitting fairly close to home.
Perhaps the question I have been asked the most over the last month or so has been “what do I need to do to protect my district from these types of events.” As Lisa and I begin our annual fall planning visits with each of our customers, discussing the answer to this question is going to be a significant focus of those sessions.
And while there is no magic bullet that can promise to protect you from all types of threats, paying close attention to and implementing many of the best practice recommendations that our team has shared with you at our Tech Talk’s and SYSOP meetings over the last several years will go a long way to helping minimize your risks. They also will speed your recovery if an attack does manage to slip through.
Since we are barely even a week into the start of the new year and many of you are still finishing up the needs of getting school opened, I don’t want to bury you with a lot of to-dos right out of the gate. But here are the most important take-aways from all this summer’s security activity and events:
- Patching your systems regularly and routinely is one of the most straight forward ways to minimize the risk of compromise. It’s not exciting and sometimes it’s a pain, but it just needs to be done…starting right now if you really are not paying the best attention to this.
- Minimize the placement and exposure of systems and devices directly on the Internet. Review everything that has open inbound access to it from the general Internet. Ask if you are sure it really needs to be that way for proper application function and if so, make sure only the ports and services needed are open and active. If you can put access to that device or host behind a VPN connection and have the application still be functional (think HVAC and Security systems) you are best served if you can do so. It’s all about reducing your attack surface directly facing the Internet.
- Add multi-factor authentication (2FA/MFA) to absolutely everything you can that faces the Internet and has a login prompt. Several sources have opined that using MFA will stop 99%+ of the current attacks floating around on the Internet today.
There have been a bunch of best practice documents produced by the US-CERT and others over the last few months. We will discuss them in greater detail in our various meetings and Tech Tidbits over the coming months.
For those that want to get a bit of a head start on the some of that list here are some thoughts from the Cybersecurity and Infrastructure Security Agency’s (CISA) on precautions and best practices to protect against ransomware:
- Update software and operating systems with the latest patches. Outdated applications and operating systems are the targets of most attacks.
- Never click on links or open attachments in unsolicited emails.
- Backup data on a regular basis. Keep it on a separate device and store it offline.
- Follow safe practices when browsing the Internet. Read https://www.us-cert.gov/ncas/tips/ST04-003 for additional details.
- Restrict users’ permissions to install and run software applications and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through a network.
- Use application whitelisting to allow only approved programs to run on a network.
- Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
Much more to come as we continue the discussion since proper security of our networks is now a primary component of all that we do.
Enjoy the start of the new year!