Sophos recommendations – Cybersecurity best practices

Sophos has released a list of nine cybersecurity best practices aimed at reminding organizations that it is possible to significantly increase IT security through simple but effective measures.

To ensure optimal protection against cyberattacks, it is not enough to implement state-of-the-art security solutions. An essential and often neglected aspect is the correct configuration of these systems. Time and again, we find that companies we have the privilege of supporting have a Sophos Firewall installed, but not all security features are enabled or properly configured, which can lead to significant security gaps.

Therefore, it is of great importance not only to rely on high-quality cybersecurity solutions, but also to set them up and configure them professionally. Responsible and informed action is also essential to minimize potential risks.

The following are a number of cybersecurity best practices that can help improve the security posture in the long term and build a solid foundation for enterprise security:

Patching: Regularly and immediately!

In 2021, unpatched vulnerabilities were the cause of nearly half of all cyber incidents investigated by Sophos. It clearly shows that fast and regular patching significantly increases the security of the system and minimizes the risk of these vulnerabilities being exploited.

No software is completely secure; there are potential security gaps in all of them. Regular updates are therefore essential, even if they are sometimes perceived as a nuisance. They don’t always just bring new features, but often fix critical security issues that aren’t necessarily listed in the release notes.

Although an update can occasionally cause problems, the risk of skipping an update is far greater. It is therefore advisable to remain proactive and apply patches continuously and immediately.

Backups: Automated and not in the office

According to the Sophos Ransomware Report 2022, 73% of IT managers surveyed were able to recover encrypted data through their backups after a cyberattack.

It is strongly recommended to encrypt backups. This is not only to protect against ransomware attacks, where data is encrypted to extort a ransom, but also to protect against data theft. Attackers could attempt to steal sensitive data in order to later blackmail the company by threatening to publish it. Encryption of backups is thus an important barrier that makes it much more difficult to access the data.

It is equally important to store backups offline and outside the office. This protects against physical damage caused by natural disasters or break-ins and ensures that the required data can always be accessed in crisis situations.

In addition, data recovery should be tested regularly. This allows a quick and effective response in the event of a data loss and ensures that backups will work in the event of an emergency.

Show file type

In the Windows and macOS operating systems, file extensions are not displayed by default. However, it is recommended to enable visibility to detect potentially dangerous file types, such as JavaScript files. Of course, such file extensions should not be received via e-mail anyway. A solution such as Sophos Central Email can be used to block this, among other things, so that the user cannot receive such files in the first place.

Sophos’s list of file extensions that should be blocked.

In the past, we conducted a test ourselves and took advantage of exactly that. We sent USB sticks with an HTML file disguised as an application to various companies. Many probably thought it was a PDF or Word document, but were redirected to a web page when they opened the file. More details about this experiment: Experiment – Why you should better not have plugged in this USB stick.

Despite the ability to detect file extensions, it is essential to train employees accordingly. This is the only way to ensure that they are able to effectively detect suspicious files and act with appropriate caution.

Open scripts with text editor

Opening a JavaScript file in a text editor prevents the execution of potentially malicious scripts and enables safe verification of the file contents. Provided, of course, that you have the necessary know-how.

It is advisable to be careful with executable files because they are often used for malware. It should be noted that not only JavaScript files, but also file attachments with the extensions .exe, .bat, .scr and .vbs, among others, can be potentially dangerous and have the ability to execute scripts that can cause significant damage. Of course, this also affects Office files – the subject of macros, but more on that later.

Therefore, you should only open file attachments from trusted sources and, if in doubt, check the content in a text editor first.

In the last instance, a good endpoint protection solution helps or, in the worst case, the backup mentioned above 😋.

Macros: Nope

Already a few years ago, Microsoft disabled the automatic execution of macros for security reasons. Numerous infections are only possible when macros are enabled. Therefore, you should avoid activating macros!

E-mail attachments: Caution even with known senders

Cybercriminals often exploit an old problem: Actually, you should only open a document if you are sure that it is harmless. But to gain this security, you first have to open it. In such situations, it is advisable not to open a suspicious attachment if in doubt.

It should be noted that hacked mail servers are often misused to send malicious attachments. The attacker who has control over the mail server can not only send from a legitimate domain, but also view the conversations and provide contextual responses by using AI techniques. This makes it extremely difficult to detect such emails, as they are very specific and tailored to the previous conversation.

Administrator rights: Less is more

It should be periodically checked who has local administrator rights and domain administrator rights in the network. It is advisable to control exactly who has these rights and to withdraw them if they are not needed. Furthermore, you should only log in as administrator for as long as absolutely necessary.

It is equally important to ensure the security of the network by taking appropriate precautions. One of these measures should be to make sure that no ports are left open unnecessarily to avoid potential security vulnerabilities. RDP access and other enterprise remote management protocols should be consistently locked down to prevent unauthorized access. So in short, a decently configured firewall.

In addition, it is advisable to implement two-factor authentication, which provides an additional layer of security by confirming the user’s identity through a second component. Alongside this, it should be ensured that remote users always authenticate via a VPN to ensure a secure and encrypted connection that protects the integrity and confidentiality of the data. Of course, Zero Trust would still be the better approach here.

Use strong passwords

Finally, a topic that deserves its own blog post. There is also World Password Day, which always takes place on the first Thursday in May, to remind people of this issue. Therefore, the most important thing in a nutshell.

If you look at the password for 3 seconds and remember it, it is most likely crap 💩. You can’t sugarcoat that at this point either. The smarties who now believe that 5 seconds makes everything better, yes, but somehow not.

• Length: It already depends on the length here. It should consist of at least 12 characters.
• Complexity: It should contain a mixture of upper and lower case, numbers and special characters.
• No reference to personal information: Avoid using easily accessible information such as birth dates, names or addresses.
• Unpredictability: it should not consist of easy-to-guess word combinations or common phrases.
• Uniqueness: Each password should be unique and not used for multiple accounts.
• Regular updating: It is advisable to change passwords regularly to increase security.
• Randomness: Use randomly generated passwords that are not based on words found in the dictionary. There are password generators.
• Use of passphrases: Sometimes it is safer to use a passphrase that consists of several words separated by special characters.
• Two-factor authentication (2FA): Wherever possible, two-factor authentication should be enabled to provide an additional layer of security.
• Avoid repetition: Avoid using similar or identical passwords for different services.

🙏 Amen! Or for all non-religious 🖐️🎤