According to Symantec’s 2016 Internet Security Threat Report, 43% of cyber-attacks target small businesses. In both the UK and US, small and medium-sized businesses (SMBs) account for approximately 99% of all businesses. To make matters worse, SMBs are usually less equipped to defend themselves against cyber-attacks due to the limited resources available to them. Additionally, cyber-attacks in the SMB sector are more likely to go unnoticed for longer periods of time. That fact is, many SMBs are simply not aware of their responsibilities when it comes to data protection, and do not have clear understanding of how the law applies to them. What we need are cost effective and automated solutions that can help SMBs stay ahead of the game. Below are some of the options that are available:
1. Scan your system for vulnerabilities
There are many solutions – both commercial and open-source – that can scan your system to identify security weaknesses, such as configuration errors and malware. Some of these include: OpenVAS, Retina CS, Microsoft Baseline Security Analyzer (MBSA), Nexpose Rapid7, SecureCheq and Qualys FreeScan. Many of these solutions will automatically discover vulnerabilities and provide reports and recommendations about how to fix them.
2. Scan your public-facing websites/applications
Hackers can infiltrate your system via your public-facing websites and apps in a variety of ways. They can try SQL Injection, Cross Site Scripting, HTTP Header Injection, PHP Code Injection and more. There are a number solutions available that can scan your server in order to discover and provide reports about potential security weaknesses. Such solutions include: Scan My Server, SUCURI, Qualys SSL Labs, Quttera etc.
3. Restrict and monitor access rights
First, you need to identify who your privileged users are before you can detect and prevent privilege abuse. These users can hold administrative right through group memberships or may have been delegated the rights to change passwords or unlock the accounts of other users. Whatever the case, users with these privileges need to be identified before action can be taken.
Once you have identified privileged users you need to be able to monitor the changes they are making to critical data. In the same vein, you need to be able to see when permission changes are taking place that may result in users holding unnecessary or unauthorised levels of privilege. Changes such as assigning “Full Control” permissions on a shared folder should raise red flags.
Restricting and monitoring access rights should all be done with the view of ensuring a least privileged policy to reduce the risk of privilege abuse. There are a number of solutions on the market that will aggregate this information and provide reports and real-time alerts when permissions are changed. For example, LepideAuditor for Active Directory is a comprehensive solution that allow admins to keep track of important changes to user permissions.
4. Password expiration reminders
The longer you use the same password, the more likely it is that a hacker will be able to guess it. It is therefore important to change system passwords frequently. Organisations will likely need an automated system for resetting passwords, and reminding both admins and users about password expirations. Lepide also provides a User Password Expiration Reminder, which will send an automated email to users notifying them about their password expiry due date. All activity relating to user passwords can be easily monitored via an intuitive console. This will ultimately both increase security and reduce helpdesk calls which will lead to more streamlined IT operations practices.
5. Active Directory Clean-up
Often, insiders target unused Active Directory accounts as a means of gaining access to sensitive data. This kind of access can be very difficult to detect as the accounts may still have levels of privilege that grant access to critical servers and data. Lepide offer an Active Directory Cleanup solution that allows you organise the inactive user accounts in Active Directory and sort them based on their last logon date, OU or user type. You can then easily select the accounts which you wish to manage and move them to another OU, reset their passwords, disable them or delete them as needed. All these actions can be automated to ensure you’re always on top of the inactive accounts in your Active Directory
6. Logon/Logoff Monitoring
One important part of ensuring that the user activities aren’t suspicious or unauthorised is monitoring logon and logoff activity. If you notice that your users are logging on at strange times or that a there is a change in the normal logon/logoff patterns that you are used to seeing, it could be an indication that there is something amiss. LepideAuditor allows you to keep track of these activities and can notify you with real time alerts and reports to ensure that suspicious activity is highlighted the moment it occurs.
7. Data Access and Configuration Changes
To really ensure that your critical files/folders are safe, you need to know who is able to access them and when they are being accessed. Similarly, it’s of vital importance that you are made instantly aware if any user attempts to make configuration changes or any type of change to critical data or within critical servers. Doing this natively is a pain, as it can be both time consuming and manual. However, due to its pro-active and continuous auditing, LepideAuditor gives you real time and alerts and reports that can keep you up to date of all access and changes being made to critical data.
Of course, there’s no getting around that fact that SMBs must ensure that their staff are sufficiently trained to be vigilant against cyber-attacks. However, by deploying the right selection of solutions, they will stand a much greater chance of preventing a data breach.