“Essential 8” IT Security Recommendations When Returning to the Office

The office has been disinfected, workspaces are rearranged, and arrows are on corridor floors to facilitate social distancing. But has the company planned for IT security challenges? Tab Bradshaw, Chief Operating Officer at Redpoint Security, has put together a list that he calls his “Essential 8” critical actions to take upon returning to the office.

How To Prevent Malware Delivery and Execution:

1. Application control

Application control prevents the execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers. This will prevent all non-approved applications (including malicious code) from being executed by employees.

2. Configure Microsoft Office macro settings

When these Microsoft Office settings are configured, they block macros from the internet and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate. If not done, Microsoft Office macros can be used to deliver and execute malicious code on systems.

3. Patch applications

Patch applications include Flash, web browsers, Microsoft Office, Java, and PDF viewers. Before usage, patch computers with ‘extreme risk’ vulnerabilities within 48 hours. Make sure to use the latest version of applications since security vulnerabilities in applications can be used to execute malicious code on systems.

4. User application hardening

Hardening user applications involves configuring web browsers to block Flash, ads, and Java on the internet. Applications like these are popular ways to deliver and execute malicious code on systems. Make sure to disable unneeded features in Microsoft Office (e.g. OLE), web browsers, and PDF viewers.

How To Limit the Extent of Cyber Security Incidents:

5. Restrict administrative privileges

Administrative privileges to operating systems and applications should be re-evaluated based on user duties. After the initial audit, regularly revalidate the need for privileges. Don’t use privileged accounts for reading email and web browsing since admin accounts are the ‘keys to the kingdom’. Adversaries will try to use these accounts to gain full access to information and systems.

6. Multi-factor authentication

Multi-factor authentication should be required for VPNs, RDP, remote access, and for all users when they perform a privileged action or access important (sensitive/high-availability) data. Stronger user authentication makes it harder for adversaries to access sensitive information and systems.

7. Patch operating systems

Security vulnerabilities in operating systems can be used to further compromise the risk of unauthorized access. Patch computers (including network devices) with ‘extreme risk’ vulnerabilities within 48 hours. Make sure to use the latest operating system version and verify the version is supported.

How To Recover Data and System Availability:

8. Daily backups

Daily backups of new or altered data, software, and configuration settings should be stored and retained for at least three months. To ensure that information can be accessed following a cybersecurity incident (e.g. a ransomware incident), test the restoration initially, annually, and when IT infrastructure changes.

Remember, returning to the office requires many risk management actions. Don’t forget to attend to IT security. The tips offered here are intended to complement and not replace the recommendation of the equipment manufacturer. For more information on loss prevention and preventative maintenance CLICK HERE.

Want more information like this delivered straight to your inbox? Click the “Follow” button on the bottom of the screen and enter your email address.

© 2020 The Hartford Steam Boiler Inspection and Insurance Company. All rights reserved. This article is for informational purposes only and is not intended to convey or constitute legal advice. HSB makes no warranties or representations as to the accuracy or completeness of the content herein. Under no circumstances shall HSB or any party involved in creating or delivering this article be liable to you for any loss or damage that results from the use of the information contained herein. Except as otherwise expressly permitted by HSB in writing, no portion of this article may be reproduced, copied, or distributed in any way. This article does not modify or invalidate any of the provisions, exclusions, terms, or conditions of the applicable policy and endorsements. For specific terms and conditions, please refer to the applicable endorsement form.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.