Skip to content
Avanet
Sophos Recommendations - Cybersecurity Best Practices

Sophos Recommendations - Cybersecurity Best Practices

Sophos has published a list of nine Cybersecurity Best Practices to remind companies that simple but effective measures can significantly improve IT security.

To ensure optimal protection against cyberattacks, it is not enough to implement state-of-the-art security solutions. A crucial and often neglected aspect is the correct configuration of these systems. We repeatedly see this with companies we start supporting: a Sophos Firewall is installed, but not all security functions are activated or correctly configured, which can lead to significant security gaps.

Therefore, it is of great importance not only to rely on high-quality cybersecurity solutions but also to set them up and configure them professionally. Responsible and informed action is also essential to minimize potential risks.

Below is a set of Cybersecurity Best Practices that can help sustainably improve the security posture and create a solid foundation for corporate security:

List of Measures

Patching: Regularly and immediately!

In 2021, unpatched vulnerabilities were the cause of almost half of all cyber incidents investigated by Sophos. It is clear that rapid and regular patching significantly increases system security and minimizes the risk of these vulnerabilities being exploited.

No software is completely secure; every application can have potential security vulnerabilities. Regular updates are therefore essential, even if they are sometimes perceived as annoying. They do not always bring new functions, but often also fix critical security problems that are not necessarily listed in the release notes.

Although an update can occasionally lead to problems, the risk of skipping an update is far greater. It is therefore advisable to remain proactive and apply patches continuously and immediately.

Backups: Automated and not in the office

According to the Sophos Ransomware Report 2022, 73% of IT managers surveyed were able to restore encrypted data through their backups after a cyberattack.

It is strongly recommended to encrypt backups. This not only helps protect against Ransomware attacks, where data is encrypted to extort a ransom, but also against data theft. Attackers may try to steal sensitive data and later blackmail the company by threatening to publish it. Encrypting backups therefore creates an important barrier that makes access to the data significantly more difficult.

It is equally important to store backups offline and off-site. This protects against physical damage from natural disasters or burglaries and ensures that the necessary data can always be accessed in crisis situations.

Furthermore, data recovery should be regularly tested. This way, in the event of data loss, a quick and effective response is possible, and the functionality of the backups is ensured in an emergency.

Show file type

In Windows and macOS operating systems, file extensions are not displayed by default. However, it is recommended to enable visibility to identify potentially dangerous file types, such as JavaScript files. Of course, such file extensions should not be received via email anyway. With a solution such as Sophos Central Email, this can be blocked, among other things, so that the user cannot even receive such files.

Sophos list of file extensions that should be blocked.

In the past, we conducted a test ourselves and exploited exactly this behavior. We sent USB sticks with an HTML file disguised as an application to various companies. Many people probably thought it was a PDF or Word document, but when they opened the file, they were redirected to a website. More details on this experiment: Experiment โ€“ Why you shouldn’t have plugged in this USB stick.

Despite the ability to identify file extensions, it is essential to train employees accordingly. This is the only way to ensure that they are able to effectively identify suspicious files and act cautiously.

Open scripts with text editor

Opening a JavaScript file in a text editor prevents the execution of possible malicious scripts and allows for a secure review of the file’s content. Provided, of course, that you have the necessary know-how.

It is advisable to handle executable files with caution, as they are frequently used for malware. It should be noted that not only JavaScript files, but also file attachments with extensions such as .exe, .bat, .scr, and .vbs can be potentially dangerous and may execute scripts that cause significant damage. Office files are of course also affected, keyword macros, but more on that later.

Therefore, file attachments should only be opened from trusted sources, and in case of doubt, the content should first be checked in a text editor.

As a last line of defense, a good Endpoint Protection solution helps, or in the worst case, the aforementioned backup. ๐Ÿ˜‹

Macros: Nope

Several years ago, Microsoft deactivated the automatic execution of macros for security reasons. Numerous infections are only possible if macros are activated. Therefore, you should avoid activating macros!

Email attachments: Caution even with known senders

Cybercriminals often exploit an old problem: you should only open a document if you are sure it is harmless. To gain this certainty, however, you first have to open it. In such situations, it is advisable not to open a suspicious attachment if in doubt.

It is worth noting that compromised mail servers are often abused to send malicious attachments. An attacker who controls the mail server can not only send from a legitimate domain, but also view conversations and provide context-aware replies using AI techniques. This makes such emails extremely difficult to detect because they are highly specific and tailored to the previous conversation.

Administrator privileges: Less is more

You should periodically check who has local administrator rights and domain administrator rights in the network. It is advisable to control exactly who has these rights and revoke them when they are not needed. You should also only log in as an administrator for as long as absolutely necessary.

It is equally important to ensure network security through appropriate precautions. One such measure should be to ensure that no ports are left unnecessarily open to avoid potential security vulnerabilities. RDP access and other remote management protocols of the company should be consistently blocked to prevent unauthorized access. In short, a properly configured firewall.

It is also advisable to implement two-factor authentication, which provides an additional layer of security by confirming the user’s identity with a second component. In addition, remote users should always authenticate via a VPN to ensure a secure, encrypted connection that protects the integrity and confidentiality of the data. Of course, Zero Trust would be the better approach here.

Use strong passwords

Finally, a topic that would deserve its own blog post. There is even World Password Day, which takes place on the first Thursday in May and regularly brings the topic back to mind. So here are the most important points in brief.

If you look at a password for 3 seconds and can remember it, it is very likely crap ๐Ÿ’ฉ. There is no sugar-coating that. For the clever people now thinking that 5 seconds makes everything better: yes, but somehow also no.

  • Length: Length does matter here. It should consist of at least 12 characters.
  • Complexity: It should contain a mix of uppercase and lowercase letters, numbers, and special characters.
  • No relation to personal information: Avoid using easily accessible information such as birth dates, names, or addresses.
  • Unpredictability: It should not consist of easily guessed word combinations or common phrases.
  • Uniqueness: Each password should be unique and not used for multiple accounts.
  • Regular updates: It is advisable to change passwords regularly to increase security.
  • Randomness: Use randomly generated passwords that are not based on dictionary words. Password generators exist for this.
  • Use of passphrases: Sometimes it is safer to use a passphrase consisting of several words separated by special characters.
  • Two-factor authentication (2FA): Wherever possible, two-factor authentication should be enabled to provide an additional layer of security.
  • Avoid repetition: Avoid using similar or identical passwords for different services.

๐Ÿ™ Amen! Or for all non-religious ๐Ÿ–๏ธ๐ŸŽค

Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.