The last item I want to mention under the Protect function that supports the attack surface reduction and limits the cyber events' impact on your systems is “protective technologies.”
Remember, protecting your organization involves six critical cybersecurity categories:
- Access Control
- Awareness and Training
- Data Security
- Information Protection Processes and Procedures
- Protective Technologies
The restriction of removable media according to policy is a good first step. Restricting the use of USB drives and external hard drives are the first ones that come to mind; however, if we holistically see this category, we can include company or vendor-specific support equipment, such as tablets and laptops that are used in your data center to support diagnose or troubleshoot your equipment.
Second, and perhaps most prevalent in small businesses or micro-businesses, is to ensure your systems are single function; therefore, avoiding, for example, hosting an email server and web servers on the same device. An attack on one device would cause an interruption of service for both services.
Lastly, you can implement mechanisms to achieve business resilience; technology will fail, so having technology and the right architecture in place will minimize the impact to your business, such as:
Implementing load balancing, which will distribute workload across various systems
Hot-swap, which allows you to make maintenance repairs while your system continues to function
These are a few strategies that will turn your business more resilient.
*** Book a Call ***
*** FREE GUIDE ***
Dr. Bill Souza
CEO | Founder