IT security is becoming more and more important in the business environment. There are many reasons for this change. On the one side, the Corona pandemic favoured remote working, and on the other, the trend towards new work structures emerged years ago. Known as New Work, this way of working refers to location-independent labour, whether on the road, in a home office or in co-working spaces. Accordingly, many employees have virtual access to relevant IT systems and applications. These usually contain important information including sensitive business and customer data that is not intended for third parties. If this information becomes public (for example through a cyber attack), it can not only destroy the reputation and customer trust, but also damage the entire economic viability. A cyber attack is a real threat to companies of all sizes and industries today. The good news is: with a sophisticated IT security strategy, the risks from such an attack can be minimised and downtimes limited. Prevention activities that include several components are particularly successful.
For us, the following preventative activities proved to be effective:
1. Additional analogue data backup on tape
The additional backup to tape using physical storage media is still one of the most effective backup solutions. With this analogue variant, it is important to back up and check all business-critical data regularly. The obvious advantage of this offline alternative: tape backup offers a quick way to restore data. The information can be easily recovered to the original systems. Other advantages of this storage technology: large capacity, good price-performance ratio per gigabyte, relatively high data transfer speed and long durability. Backup to tape is of particular interest to companies that need to store or archive large data backups for long time periods. If the backup tapes are stored at the external location, they are also well protected against possible break-ins to the company rooms or natural local disasters. As offline data media, the tapes are separated from all IT networks (“air-gapped”), so they cannot be infected with malicious software.
2. Weekly tests of data backups
Regular backups of relevant business data are essential. It is equally important to test these backups on a regular basis. We recommend random tests of data backups once a week. In fact, the recovery performance relates to the purpose of the data backup: to restore the information quickly and completely in the event of an incident. Otherwise, there is a risk of data loss and, in most cases, the associated financial damage. Therefore, test data backups should be a regular part of the company’s internal backup solutions.
3. Use of Next Generation Firewall (NGFW)
In opposite to the previous versions, which examine the incoming data traffic on the basis of known protocols and ports and block access to the system in case of abnormalities, the newer firewalls differentiate much more strongly between the individual types of data transmission. They analyse not only the port and protocol, but also the content of the data stream. This makes it possible to filter out individual infected files before they are transmitted and thus proactively protect the network. The Next Generation Firewalls also act much more autonomously and can decide independently of existing rules which contents are blocked – based on their own analyses. NGFWs thus combine a rule-based approach with Intrusion Prevention Systems (IPS) and application control. This means: the Next Generation Firewall can independently take different steps to defend against the attack when dangers are detected. Some modern solutions offer additional functions, including content filters, anti-spam or anti-virus.
4. Use of Next Generation Antivirus (NGAV)
Conventional anti-virus works on the basis of signature match and heuristic analysis. The original AV solutions recognise certain sign sequences that are assigned to different types of malware and thus prevent a cyber attack. The NGAV solutions are designed as a holistic security approach and are also effective against fileless attacks or non-malware threats, among other things. In general, the term Next Generation Antivirus refers to security solutions that pursue a proactive and system-oriented protection approach and cover an even greater variety of risks. They are characterised by automatic response actions: This involves the ability to detect and fix problems on their own, without user input. Modern solutions usually require less space, and their installation and operation are less time- and resource-intensive. In addition to malware signatures or heuristic analyses, the latest generation of virus protection uses other technologies, such as cloud scans.
5. Segmentation of network areas
Network segmentation is an architectural approach in which a network is divided into several segments, creating separate segmental networks. Each one then functions as a sub-network, i.e. a small network of its own. This type of network segmentation is called physical. In logical segmentation, sub-networks are usually created by so-called Virtual Local Area Networks (VLANs). In VLAN-based approaches, data traffic is automatically routed to the appropriate sub-network based on special markers. Segmented network areas can stop the spread of threats or limit them to a single network due to the isolation. It is possible to determine security controls and requirements individually for each sub-network. The clear benefit of any segmentation: prevention of greater damage. Another less obvious benefit: thanks to network segmentation, overloads are reduced and therefore the total performance is improved.
6. Use of IPsec / SSL security protocols
The term IPsec stands for Internet Protocol Secure. It refers to a group of protocols used while building encrypted connections between devices. IPsec protects data that is transmitted over public networks by encrypting it. The term SSL stands for Secure Sockets Layer. This security protocol encodes HTTP traffic, for example in connections between user devices and web servers. The SSL is also able to block certain cyber attacks. Because this security protocol authenticates web servers, it can detect fake websites and also prevents hackers from manipulating data during transmission. Both IPsec and SSL are used in VPN setup. The main difference: with a security protocol based on SSL, it is possible to configure limited access to web applications. With IPsec VPN, every user can see all the data contained in the VPN: the function of individual access control is not available in this case.
7. Citrix Workspace with greater restrictions
Citrix Workspace offers digital workplace solutions that are available regardless of location and device. Access is provided by a standardised user interface and follows the zero-trust approach. This can prevent attacks at the network level. We carry out further special configurations, for example in terms of security policies, so that your IT security is additionally improved.
8. User account with 2FA access
2FA is an acronym for two-factor authentication (the generic term is MFA, means multi-factor authentication). This refers to a login process that requires more than just a password. In addition to the password, another factor is needed for logging into the user account. The context: many users share the same password for several accounts. If one of them is hacked, it is easy for cyber criminals to log in into other systems. Two-step verification builds an additional security barrier by asking for a one-time code or fingerprint, for example. The combination of factors from different categories, for example knowledge (password, code, security questions), biometrics (fingerprint) and property (smart card) is considered particularly secure. By the way: the same security approach can also be applied to VPN connections.
9. Weekly Nessus scans of the entire IT infrastructure
Nessus is a network and vulnerability scanner for almost every common operating system (Linux, Unix, Windows, macOS). It is one of the best established tools for testing IT security: with the help of Nessus scans, vulnerabilities can be discovered and security gaps can be closed. Users have many plug-ins available which, once downloaded, check the relevant systems and elements carefully. Thanks to the client-server principle, Nessus makes it possible to connect to one or more clients from the server. This is why it is also called a “remote scanner”. As soon as all desired scans have been executed, Nessus gives an overview of possible security gaps or open ports. We recommend weekly Nessus scans of the complete IT infrastructure.
10. Implementation and evaluation of a pentest
The so-called IT penetration test, or pentest for short, is a detailed security test of individual computers and/or networks. Basically, it is a controlled test hacker attack. Since it is an arranged monitored attack, the term Ethical Hacking is used synonymously. With your consent, we simulate a hacker attack on your systems (internal and/or external) to detect and close possible security gaps and vulnerabilities (server systems, firewalls, WLAN networks, VPN access, etc.). The pentest is a kind of snapshot, because it always refers to the current state of your systems and the threat scenarios known at the time of execution. A penetration test is a customised service and is tailored to the IT infrastructure being tested. The pentest not only allows you to identify possible vulnerabilities, but also to prevent serious reputational and financial risks. The results provide information about the current security level and vulnerability of your IT systems. The reports should be analysed in detail and serve as a basis for the company’s internal IT security concept.