How To Mitigate Cyber Intrusions

A cyber intrusion occurs when a user clicks on a malicious email that contains a link to a phishing site or includes an attachment containing a virus. When the user opens the attachment or clicks the link, his or her computer is compromised. The virus or other piece of malware may be able to corrupt files, damage the operating system, or steal sensitive data from the computer and, quite possibly, other computers on the same network. Fortunately, there are ways to mitigate these cyber intrusions. Some of the options below are more effective than others, but they often require more resources or are more costly to implement.

How To Mitigate Cyber Intrusions

Update and Patch Applications and Operating Systems

One of the most important ways of preventing the introduction of viruses and malware into a system is to make certain that all software is updated. Patches and updates should be installed as soon as they are released because they address known security vulnerabilities that hackers know about and may try to take advantage of. Patches may be available for operating systems, applications, web browsers, Java, Flash, and other pieces of software.

Use User Roles

Each user on a network can be assigned to one or more user roles or user groups. Instead of assigning access privileges to each user, privileges are assigned to roles, which are then assigned to users. This makes it easier to make certain that a user who does not need administrative rights is not accidentally assigned them, which in turn helps protect the system because if that user did try to download a virus, the virus would not have the access needed to delete or change certain files. Users who do need administrator rights should be assigned two accounts, one with an administrator role and one without. When the user needs to make changes that require full system access, he or she logs into the administrator account. Any other time, especially while browsing the web, he or she uses the account without administrative rights.

Use Application Whitelists

Using application whitelists is one of the most powerful ways of protecting a computer system. This whitelist is similar to an email whitelist in that it only allows the programs listed to run applications. By whitelisting Windows and other applications, all other malicious programs will be blocked. This option not only protects the computer system but it can also be used to detect intrusions, which some other types of cyber intrusion protection programs cannot do.

Implement Application Configuration

System administrators can configure individual user computers or roles to disable specific untrusted or unsecure applications and code. This includes disabling Java code on websites, blocking untrusted macros in Microsoft Office, and preventing untrusted web browser add-ons.

Require Multiple Authentication

When users login remotely, additional security is required because those logins could be compromised. Multiple authentication requires users to log in through several security gates, using different passwords each time. This is especially necessary when a user is attempting to access a restricted file or wants to perform an administrative function.