Seven Best Practices to Winterize Your Cybersecurity for 2016 08/07/19, 8)20 AM

Seven Best Practices to Winterize

Your Cybersecurity for 2016
In some parts of the world, the new year comes in with the onset of
winter, which means itʼs time to winterize our cars, our houses and
ourselves. The new year is also a good time to winterize your
organizationʼs cybersecurity by adopting some best practices that will
get you safely through the snowdrifts and across the patches of black ice
on the road.

Winterization Best Practices

Security threats are constantly evolving, but the recommended best
security practices for 2016 have much in common with those for 2015, as
outlined, for example, by ObserveIT. Here are seven areas to focus on as
the calendar turns to January.

1. Threats and Compliance

The first step in winterizing your organization for 2016 is knowing what
sort of winter is predicted. Blustery storms? Cold, hard freezes? What
specific threats are on the rise that you should be particularly concerned
about? What specific new compliance rules are set to kick in that you
need to get out in front of?

This assessment tells you where your most serious potential risks lie and
what exact targets you need to be shooting for.

2. Endpoints and Architecture

Network endpoint protection is no longer the be-all and end-all of

security best practices. But just because burglars might climb in through

https://securityintelligence.com/seven-best-practices-to-winterize-your-cybersecurity-for-2016/ Page 1 of 3
Seven Best Practices to Winterize Your Cybersecurity for 2016 08/07/19, 8)20 AM

a window doesnʼt mean you donʼt lock and double-check the doors.
What endpoints or other potential targets are implicit in your architecture
and call for special attention?

Assessing your endpoints shows where security resources can be

deployed most effectively.

3. Applications

Applications are now delivered in multiple ways, including via managed

services and the cloud. And applications are no longer stand-alone
monoliths: They can be and are chained together, with one resource
calling another. Unfortunately, while this provides flexibility and power, it
also provides an access point for attacks.

Like your system architecture, your applications need to be regarded as a

road map to where your defenses must be placed. Evaluate your
application security posture and see what can be improved or what
needs to be better protected.

4. Updates

Installing updates should be a no-brainer — which means you donʼt want

to kick yourself after the fact. Make sure all software and application
updates or patches are properly installed and that updating is kept up to
date on an ongoing basis. Applying updates is probably the single most
important active security measure you can implement.

5. Event Logs

Event logs provide a detailed, ongoing and near real-time picture of what
is actually happening on your network. That means they are one of your
most important diagnostic tools when anything goes wrong.

https://securityintelligence.com/seven-best-practices-to-winterize-your-cybersecurity-for-2016/ Page 2 of 3
Seven Best Practices to Winterize Your Cybersecurity for 2016 08/07/19, 8)20 AM

Event logs also measure the overall health of your network, identifying all
sorts of incipient problems, whether they are security-related or not. All
of this makes logs a basic working tool and a critical one to assess for the
year ahead.

6. Human Factors

Cybercriminals donʼt attack computers: They attack people and

organizations of people by using computers. The human dimension is
fundamental to cybersecurity. As defenses improve, attackers are
sharpening their knives for the human factor, with tactics such as spear
phishing and social engineering via social media becoming popular and
more effective.

A lecture on security awareness and user best practices is not enough.

Do your people really understand how their human nature might be
exploited by attackers? They need to.

7. Response Plan

Attacks are constant and they come from all directions. Sooner or later,
an attacker is going to get through your defenses and do damage. When
it happens, you will need a response and recovery plan to guide you
through the rocks and shoals.

This is not something you can do on the fly! The time to draft that
response and recovery plan is now, so that it is ready when you need it.

These cybersecurity best practices are easier to list than to implement,

but keeping them at the top of your mental to-do list will go a long way
toward making this winter a safe and secure one for your organization.

https://securityintelligence.com/seven-best-practices-to-winterize-your-cybersecurity-for-2016/ Page 3 of 3