New technologies. New opportunities. New threats.
With all of the rapid changes in our world, we understand the importance and prioritization of your organization’s cybersecurity efforts.
In honor of Cybersecurity Awareness Month, Douglas Jambor, cybersecurity technical director at FORVIS, shares some quick tips to help keep your organization protected from malicious actors and cybersecurity attacks.
Douglas’ Quick Tips
- Monitor and shrink all external attack surface endpoints by removing unnecessary logins that can be managed from the internal network, e.g., firewall login, email web logins, cameras, etc.
- Ensure all remaining external endpoints residing within the attack surface footprint have MFA enabled and no endpoints remain with simple logins via command shells or web GUIs.
- Ensure all APIs or web applications with sensitive backend data are tested beyond external penetration techniques. These require specialized web application security assessments being performed on each individual API or web application from both uncredentialed and multiple forms of credentialed web application and API security testing.
Note: An external penetration test is not sufficient in evaluating the security posture and risk exposure to the backend sensitive data interacting with these web applications and APIs.
- Do not perform a sampled approach when it comes to external, internal, or cloud security assessments. Assess the security posture of all endpoints residing in these areas, including all IoT devices and endpoints.
- Perform vendor due diligence on all cybersecurity assessors and rotate them on a regular basis.
Interested in learning more about the above? Come learn more from Douglas and the rest of our IT Risk & Compliance team at our 2023 Cybersecurity Virtual Symposium later this month. Visit our webpage to register for this turnkey virtual event!
If you have questions or need assistance, please reach out to a professional at FORVIS