At Microsoft Envision, Microsoft’s president and chief legal officer Brad Smith shared some tips for how companies can gut check their own security strategy
1. Have you enabled multi-factor authentication?
Who has the authority to grant exceptions? How many exceptions have they granted? If IT grants exceptions for its entire team, that poses a security problem
2. What is your practice for updating and patching systems?
How frequently do you patch your computers? How many computers are still running Windows 7 or older? In the WannaCry attack, more than 10% of the computers penetrated were running Windows XP, which was released in 2001 and has not been supported since 2014. “You cannot defeat the threats of the present with the tools from the past,”
3. How do you manage systems access?
What data on your network would most likely attract attackers? This is different from what you regard as being most valuable to your organization, Smith said. “We have to encourage people to think like criminals” when it comes to this, he added. Further, how many employees have access to these sites? Do they all really need to access that resource?
4. Do you whitelist applications?
What applications can employees download and install? Have you already deployed a “trusted applications only” model? Is it possible for employees to bring in other things as well that might infect the network?
5. Do you monitor the health of devices accessing your network?
Do you require modern hardware in order to access critical assets? Do you regularly scan these assets for malware?
A strong cybersecurity approach requires combining deep technical expertise with broad business management, Smith said. “One of the great lessons of 2017 is security is a team sport,” he said. “Not only an IT team sport, but one everybody in the enterprise needs to play together.”
Companies should not only celebrate new technological advances in the security space, but also preventative efforts from employees, Smith said. “IT staff should be honoured for the problems they prevent, and not just fired for the problems they couldn’t stop,” he added.
“Cybersecurity needs to become one of the importance causes for our time,” Smith said. “This is fundamental to building a more secure planet and creating a better world.
To read through the full article, click here.