The number of security incidents and data breaches which are recorded each year has been increasing. The cost of the average data breach has also escalated to a 2023 average calculated to be .
Maintaining security has become increasingly important to ensure the protection of your systems, your client’s data, avoid security breaches, and prevent penalties, fines, and reputational damage that could heavily impact your business.
While many companies will conduct security testing or security training, it is important to think of security in a layered approach, with multiple actions that can be taken to improve security and fortify your systems.
There is no single solution that will provide your company with complete protection, so it is important to devise multiple security layers, to ensure that where one system fails additional security measures are still in place to protect your business.
A Defence In Depth Approach To Phishing
An example of this defense-in-depth approach can be demonstrated through a potential Phishing email and securing your business from this threat.
1. Securing Your Contact Forms
To minimize the number of unwanted emails you receive, particularly from contact forms made available on your website, a protection layer can be set up around contact forms.
This can be through a mechanism such as Google reCAPTCHA which can prevent the targeting of your contact forms from automated tools designed to deliver Phishing emails.
2. Protecting Your Email Inbox
Where emails are received there can still be several unwanted emails that can be automatically identified as spam or Phishing attempts.
Protection systems such as the Microsoft 365 Quarantine policies for your email inbox can be configured with specific rules to prevent the majority of unwanted emails from arriving and targeting your users.
3. Preventing Unwanted File Attachments
Where Phishing emails contain file attachments, the type of files and the size of files can also be restricted, to avoid many common attempts to deliver malware.
For many businesses there will likely only be several specific types of documents that are expected, but the remaining file types can be restricted.
Microsoft 365 also has policies available that can be used to configure these restrictions.
4. Protection From File Downloads
For those files that are allowed to arrive in a user’s inbox, or where users attempt to download a file from a provided link, further restrictions can also be enabled within a user’s browser.
Chrome, Edge, Firefox, and other browsers offer options for Download Restrictions which can be applied to restrict file downloads and identify potentially malicious files.
5. Maintaining Antivirus Updates
Where files are downloaded onto your devices, up-to-date antivirus software can be installed to automatically scan all new files that are downloaded.
The antivirus software can act as a backup to your browser’s methods to identify malicious files and attempt to quarantine or remove any files that are considered malicious.
6. Using The Principle Of Least Privilege
Where files are not identified as malicious and are allowed to execute, it is important to ensure the file runs with the fewest permissions and access as possible.
Malware initially runs with the same permissions as the current user account.
Limiting your day-to-day user accounts to be non-administrative and only having access to the minimum number of systems ensures that any malware that does execute also has these same limitations. This reduces the potential impact that the malware can have on your business.
7. Secure Device Configuration Best Practices
In the unfortunate event that malware is able to execute, it is important to reduce any potential impact it can have.
Incorporating security best practices into the initial configuration and setup of all your devices, can improve your device’s overall security and help to minimize the potential impact.
8. Implementing Automatic Updates
Where malware has been able to execute, it may attempt to exploit known vulnerabilities in your devices and software.
Ensuring your devices are set up with automatic updates, can minimize the potential risk of escalation from the malware exploiting further systems.
9. Securing Your Critical Data
Where malware has executed it may also attempt to gain access to data on shared drives and devices.
By storing your sensitive information in an encrypted state, it reduces the amount of data that any malicious program can access and minimizes the impact on your business.
10. Segmenting Your Network
Where malware has been able to execute and connect to other systems within your business, it can be useful to have effective network segmentation already in place.
This ensures that your devices are separated, and only have the necessary access to other devices which is required.
For example, a typical user is unlikely to require direct access to servers or databases for administrative authentication.
11. Monitoring For Malicious Activity
In the event that your systems are impacted by malware, it may not be immediately apparent, such as with instances of ransomware where your devices and data can be locked.
While not visibly apparent, malware can still be identifiable through its actions and activities. In this scenario, it can be necessary to maintain an Intrusion Detection System (IDS), Intrusion Prevention System (IPS), or Endpoint Detection and Response (EDR) solution to identify any unusual activity and track down the source of the issue.
12. Security Measures For Your User Accounts
When a Phishing email attempts to compromise user accounts, maintaining login restrictions, lockout policies, and Multi-Factor authentication measures can reduce the potential of your accounts becoming compromised.
This can alleviate the potential for a security breach to escalate through an account takeover attack.
13. Security Awareness Training For Your Teams
While technical settings and security measures need to be implemented, ensuring your staff stay informed regarding the potential threats that are being actively exploited is important.
It is reported that around 88% of data breaches are ultimately caused by human error, and taking steps to reduce this potential is important for your organization’s security.
14. Incident Response Training For Your Technical Staff
In addition to general staff training, your technical team needs to understand how to quickly respond and quarantine security incidents as they are identified.
Designing response procedures and conducting threat simulation training is necessary to ensure your teams can mitigate an ongoing security incident.
15. Data Classification and Outbound Restrictions
As a further layer of protection, restricting the methods that can be used to transfer data out of your organization is important to reduce your risk of data loss.
Microsoft 365 has methods that can be used for data classification. This can be used to label your data and to limit the types of data that can be transferred out of your organization via email.
As an additional measure, your company’s firewall can also be configured with outbound restrictions to reduce the options available to transfer data out of your organization.
Securing Your Business Against Cyber Threats
Security threats continue to develop and the number of security incidents continues to climb each year.
With the development of AI, it is expected that the quantity and quality of Phishing attempts that businesses receive will continue to increase.
As the number of threats increases, it is important to develop a robust and layered approach to security to minimize the potential risk for you, your business, and your customers.
Andrew Lugsden
Security Consultant at Forge Secure Limited
Working within the Cyber Security industry for over ten years to provide consultancy, security testing, and compliance services.