Path Forward BlogSecurity Requirements Spotlight
These Security Measures Offer Protection from Human Error
Data security remains near the top of the list of worries for information technology teams and decision-makers. As phishing attempts are getting more creative and difficult to discern, employee training and frequent IT security reminders are more important than ever.
Yet, ultimately, no matter how vigilant your staff is, there is always the risk of human error (after all, we’re human!) These two technologies can bring peace of mind by acting as your security safety net in case someone accidentally clicks something they shouldn’t have.
One Wrong Click Doesn’t Always Mean DOOM
Formerly known as whitelisting – now referred to as allow-listing – this technology can block ransomware, viruses, and other threats. The way it works is simple in theory, but admittedly can be time-consuming to get set up and monitor ongoing.
Allow-listing technology starts by blocking ALL programs and applications from running in your information technology environment. Permissions “allow” specific trusted software to run within the IT infrastructure, while everything else remains blocked.
While this means no one internally or externally can accidentally or deliberately run malicious programs or scripts, it also puts restrictions on what IS allowed, by whom, in what scenarios.
Barriers to Allow-listing Technology
While the protection offered by this technology is considered one of the most comprehensive security measures, there are some important considerations to keep in mind:
- Allow-listing technology cannot solve or prevent every security risk. It needs to be one aspect of a broader security strategy.
- Allow-listing technology can be administratively intensive.
Broad-view, Comprehensive Security Strategy
A comprehensive security strategy addresses many types of vulnerabilities – from the age of your hardware to data encryption to EMDR. There isn’t one foolproof solution or policy that covers everything long term.
Frankly, the landscape changes so frequently that security needs to be an ongoing priority with the built-in reviews to ensure best practices in policy and practice. Assigning a team to be accountable for this oversight – either internally or outsourced – is a good idea.
Starting with a strong foundation – based on a checklist like this – can help ensure your security strategy focuses on the right technologies.
Allow-listing vs. Block-listing
While there are plenty of block-listing (formerly known as blacklisting) technology solutions in the form of anti-virus or anti-malware solutions, each organization’s allow-list looks different.
Block-listing technologies essentially use a list of URLs, file types, and coder signatures to identify things to block. If you think like a cybercriminal, you’d realize, all this is doing is creating a list of what to avoid, so they use automation to make subtle changes to bypass detection. In 2019 there were 24,610,126 “unique malicious objects” according to Kaspersky Labs.
An allow-list needs to represent the unique information technology environment for each organization. That means establishing a pre-determined set of approved software applications and scripts.
Allow-listing is an Administratively Intensive Process
The allow-list prevents anything not on that list from running – even it was successfully downloaded but creating that list can be a lot of time and work. It can also cause frustration to end-users because it blocks applications that are not on the approved list.
That said, allow-listing is still one of the most comprehensive approaches to securing your information technology environment, and it also:
- Stops most ransomware, viruses, and other threats from running in your environment;
- Enforces organizational security policies;
- Ensures compliance with HIPAA, NIST, and other regulations.
Here are some ways to initiate an allow-list strategy:
- Partner with an MSP: A trusted MSP can be your security partner to get your allow-listing strategy in place and perform the maintenance to keep it current.
- Consider a semi-automated solution: If you have the internal team and resources available to manage the process, there are several options for allow-listing technologies that are partially automated to ease the burden of building an allow-list by hand. Some of these solutions include ThreatLocker and Microsoft’s AppLocker.
The second common human error related to security is password management. Despite the number of experts that advise against it, most people use one password for multiple logins, overlapping personal and professional devices and access points.
Many successful attacks trace back to the attacker having a valid user account – i.e., a working password – and gaining access to the environment that way. There is a technology that is a safety net in this area too — multi-factor authentication (MFA) (originally referred to as “two-factor authentication”).
Multi-factor Authentication Software
MFA protects your account even if someone has guessed or stolen your password. It works like this: after entering a legitimate password and before granting access to an account, the technology confirms your identity. MFA requires you to engage with an auto-generated confirmation link, phone call, one time passcode, push notification, or text message to your personal device to authenticate your identity.
The common downside with MFA is, by design, it will be much more challenging to gain access to your account if you don’t have the other factor available.
Focus on What’s Within Your Control
There isn’t a single technology that will stop a determined attacker. Your only control over the matter is making it as difficult as possible to penetrate your environment.
An attacker is often working on several – even hundreds – of targets simultaneously to see where the most accessible opportunities are. That said, the more barriers there are, the more likely a criminal will deem an organization as requiring too much effort. While they will move on, there’s always another attacker ready to take their place.
Allow-listing technologies and multi-factor authentication are two ways to create formidable barriers that can dissuade some attackers. These two technologies are two of our ten recommended security technologies. Download the full list here.