Five Minimum-Security Standards to Protect Against 99% of Attacks
The cyberthreat landscape continues to add dimensions rapidly, making it exceedingly difficult to keep up with new cyberattacks and threats as they emerge. I was reading the new release of Microsoft’s Digital Defense Report 2023, and it contained a lot of valuable information. One key part of the report that really stuck with me, and it is not a new a concept, but one worth repeating, by adhering to five minimum security standards, 99% of attacks could be prevented.
Protecting against 99% of attacks is a challenging goal, but if you implement these minimum-security standards correctly and follow best practices, you can enhance your organization’s security posture. Here are those five minimum-security standards:
- Enable Multi-factor Authentication (MFA): Implement for all user accounts, especially privileged accounts, and remote access. This protects against user identities and passwords.
- Apply Zero Trust Principles: Never trust, always verify. Restrict access unless devices and users are in a good state. Only allow the minimum level access needed for someone to do their job, no more. And finally, assume breach. This means you are constantly monitoring the environment for attacks and threats.
- Use Extended Detection and Response (XDR) and Antimalware: Install software that automatically detects and blocks attacks and then communicates directly to your security operations software.
- Keep Up to Date: Running legacy and out-of-date software and keeping your software unpatched is an extremely dangerous business practice. You must ensure all software is as up to date as possible, including firmware, operating systems, and applications.
- Protect Data: You must know where your important data is stored and what defenses are implemented to keep that data safe. There is a complete security solutions stack that can be applied here.
These five minimum security standards are the fundamentals of cyber hygiene and can provide a solid foundation for security. However, it is important to tailor your security measures to the specific needs and risks of your business to give your organizations. Security is an ongoing process, and taking steps to constantly conduct risk assessments, threat modeling, and continuous monitoring is key to maintaining a robust security posture.
How is your organization doing with properly implementing the five above security standards? Not sure, or want to make sure you have them implemented properly and have best practices in place for continued success? Let the team at 2W Tech help. We can work with your organization to make sure your fundamental cyber hygiene is installed and efficient and review your security solutions stack with you to ensure it is the best combination of security solutions for your business.