This article was contributed by Peter Clay – COO of Iron Range Cyber.
Attacks by threat actors are on the rise and organizations must prepare for the cyber security threats of the day. The most common attack vector for phishing attacks is email.
Your organization should examine your email defenses even more thoroughly now to ensure you have implemented and ser the fundamental security requirements. Rapid digitalization has increased the complexity of corporate networks in recent years.
Furthermore, the post-COVID shift to remote work has resulted in an explosion of remote devices and Windows endpoints on corporate networks. Cyber assaults, business espionage, cyber extortion, and a variety of other cyber dangers are all made more likely by these devices. Organizations using Windows require powerful security solutions to safeguard their assets from threat actors and campaigns.
The most serious threat to your organization is email-based phishing attacks. Every day, threat actors send out billions of fresh phishing emails. We recommend that you configure your spam filters to reject emails that fail the Sender Policy Framework (SPF).
The SPF protects authentic email return addresses from being spoofed and helps to prevent employees from clicking on dangerous spoofed emails.
How to do this
Start at Office 365 Security & Compliance to examine your Domain Keys Identified Mail (DKIM) settings, which prohibit spoofing of the “display from” email address. When you login in as an admin, the DKIM option will appear on the right side. You may need to enable DKIM, to set up DKIM settings to review domains in your Office 365 tenant.
To prevent deadly ransomware attacks your organization can set a pre-stage Group Policy setting that enables you to turn off all network connections to servers and workstations. This means you can prepare to block the most frequently accessed ports and protocols that should be banned between workstations and non-domain controllers and non-file servers. These include:
- SMB (TCP/445, TCP/135, TCP/139)
- Remote Desktop Protocol (TCP/3389)
- Windows Remote Management / Remote PowerShell (TCP/80, TCP/5985, TCP/5986)
- WMI (dynamic port range assigned through DCOM)
How to do this
Open “Computer Configuration – Policies – Windows Settings – Security Settings – Windows Firewall with Advanced Security” in Group Policy Editor.
There, set a policy for the centralized Windows Firewall setting of “Block all connections”
Unpatched vulnerabilities disclosed on the dark web are a goldmine for cybercriminals, and there is no one-size-fits-all strategy to combat them. Because these attackers are growing more sophisticated, organizations must commit to proper patch management to prevent one of the most prevalent forms of cyber attack in 2021.
Windows users must be aware of the unique challenges and security vulnerabilities that face their devices and take appropriate cybersecurity measures to mitigate these issues. To keep malicious actors out of the endpoint perimeter and neutralize threats before they can do damage, it's critical to continually secure Windows devices.
About the author
Peter Clay – COO of Iron Range Cyber
At Iron Range Cyber we bring simplicity, clarity, and transparency to building cost-effective cybersecurity programs for small to mid-sized business. We offer adaptive cybersecurity that adjusts to your budget along with industry-leading specialists in protecting public and private institutions with a unique technology stack, customized for your needs. Peter Clay has significant experience building security and compliance programs within organizations and staffing them with world class expertise to deliver effective, efficient security programs for national and global companies and organizations.