Skip to content
Avanet
Sophos Recommendations - Cybersecurity Best Practices

Sophos Recommendations - Cybersecurity Best Practices

8. SEPTEMBER 2023

Sophos has issued a list of nine Cybersecurity Best Practices aimed at reminding companies that simple yet effective measures can significantly boost IT security.

To ensure optimal protection against cyberattacks, it is not enough to implement state-of-the-art security solutions. A crucial and often neglected aspect is the correct configuration of these systems. We repeatedly find that in companies we are newly allowed to support, a Sophos Firewall is installed, but not all security functions are activated or correctly configured, which can lead to significant security gaps.

Therefore, it is of great importance not only to rely on high-quality cybersecurity solutions but also to set them up and configure them professionally. Responsible and informed action is also essential to minimize potential risks.

The following lists a number of Cybersecurity Best Practices that can help to continuously improve the security posture and create a solid foundation for corporate security:

List of Measures

Patching: Regularly and immediately!

In 2021, unpatched vulnerabilities were the cause of almost half of all cyber incidents investigated by Sophos. It is clear that rapid and regular patching significantly increases system security and minimizes the risk of these vulnerabilities being exploited.

No software is completely secure; every software has potential security vulnerabilities. Regular updates are therefore essential, even if they are sometimes perceived as annoying. They do not always bring new functions, but often also fix critical security problems that are not necessarily listed in the release notes.

Although an update can occasionally lead to problems, the risk of skipping an update is far greater. It is therefore advisable to remain proactive and apply patches continuously and immediately.

Backups: Automated and not in the office

According to the Sophos Ransomware Report 2022, 73% of IT managers surveyed were able to restore encrypted data through their backups after a cyberattack.

It is strongly recommended to encrypt backups. This not only serves to protect against ransomware attacks, where data is encrypted to extort ransom, but also to protect against data theft. Attackers could try to steal sensitive data to later blackmail the company with the threat of publishing this data. Encrypting backups thus represents an important barrier that makes access to the data significantly more difficult.

It is equally important to store backups offline and off-site. This protects against physical damage from natural disasters or burglaries and ensures that the necessary data can always be accessed in crisis situations.

Furthermore, data recovery should be regularly tested. This way, in the event of data loss, a quick and effective response is possible, and the functionality of the backups is ensured in an emergency.

Show file type

In Windows and macOS operating systems, file extensions are not displayed by default. However, it is recommended to enable visibility to identify potentially dangerous file types, such as JavaScript files. Of course, such file extensions should not be received via email anyway. With a solution such as Sophos Central Email, this can be blocked, among other things, so that the user cannot even receive such files.

Sophos list of file extensions that should be blocked.

In the past, we conducted a test ourselves and exploited exactly that. We sent USB sticks with an HTML file disguised as an application to various companies. Many probably thought it was a PDF or Word document, but when they opened the file, they were redirected to a website. More details on this experiment: Experiment – Why you shouldn’t have plugged in this USB stick.

Despite the ability to identify file extensions, it is essential to train employees accordingly. This is the only way to ensure that they are able to effectively identify suspicious files and act cautiously.

Open scripts with text editor

Opening a JavaScript file in a text editor prevents the execution of possible malicious scripts and allows for a secure review of the file’s content. Provided, of course, that you have the necessary know-how.

It is advisable to handle executable files with caution, as they are frequently used for malware. It should be noted that not only JavaScript files, but also file attachments with the extensions .exe, .bat, .scr, and .vbs, among others, can be potentially dangerous and have the ability to execute scripts that can cause significant damage. Of course, Office files are also affected – topic macros, but more on that later.

Therefore, file attachments should only be opened from trusted sources, and in case of doubt, the content should first be checked in a text editor.

Ultimately, a good Endpoint Protection solution helps, or in the worst case, the aforementioned backup 😋.

Macros: Nope

Several years ago, Microsoft deactivated the automatic execution of macros for security reasons. Numerous infections are only possible if macros are activated. Therefore, you should avoid activating macros!

Email attachments: Caution even with known senders

Cybercriminals often exploit an old problem: you should only open a document if you are sure it is harmless. To gain this certainty, however, you first have to open it. In such situations, it is advisable not to open a suspicious attachment if in doubt.

It should be noted that hacked mail servers are often misused to send malicious attachments. The attacker who has control over the mail server can not only send from a legitimate domain but also view conversations and give context-based answers using AI techniques. This makes it extremely difficult to detect such emails, as they are very specific and tailored to the previous conversation.

Administrator privileges: Less is more

It should be periodically checked who has local administrator rights and domain administrator rights in the network. It is advisable to carefully control who has these rights and to revoke them if they are not needed. Furthermore, you should only log in as an administrator for as long as absolutely necessary.

It is equally important to ensure network security through appropriate precautions. One such measure should be to ensure that no ports are left unnecessarily open to avoid potential security vulnerabilities. RDP access and other remote management protocols of the company should be consistently blocked to prevent unauthorized access. In short, a properly configured firewall.

Furthermore, it is advisable to implement two-factor authentication, which provides an additional layer of security by confirming the user’s identity through a second component. In addition, it should be ensured that remote users always authenticate via a VPN to ensure a secure and encrypted connection that protects the integrity and confidentiality of data. Of course, Zero Trust would be the better approach here.

Use strong passwords

Finally, a topic that would have deserved its own blog post. There is also World Password Day, which always takes place on the first Thursday in May, to constantly remind people of the topic. Therefore, the most important points in brief.

If you look at the password for 3 seconds and can remember it, it’s highly likely to be crap 💩. There’s no sugar-coating that. The clever people who now believe that 5 seconds make everything better, yes, but somehow not.

  • Length: Length does matter here. It should consist of at least 12 characters.
  • Complexity: It should contain a mix of uppercase and lowercase letters, numbers, and special characters.
  • No relation to personal information: Avoid using easily accessible information such as birth dates, names, or addresses.
  • Unpredictability: It should not consist of easily guessed word combinations or common phrases.
  • Uniqueness: Each password should be unique and not used for multiple accounts.
  • Regular updates: It is advisable to change passwords regularly to increase security.
  • Randomness: Use randomly generated passwords that are not based on words found in the dictionary. There are password generators.
  • Use of passphrases: Sometimes it is safer to use a passphrase consisting of several words separated by special characters.
  • Two-factor authentication (2FA): Wherever possible, two-factor authentication should be enabled to provide an additional layer of security.
  • Avoid repetition: Avoid using similar or identical passwords for different services.

🙏 Amen! Or for all non-religious 🖐️🎤

Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.