Derived from recommendations by leading security organizations, the Totem Top 10™ is our take on the 10 most important cybersecurity safeguards you should put in place right away. Whether you are pursuing NIST 800-171/CMMC compliance or are just looking to establish a cybersecurity program to reduce overall risk, the Totem Top 10™ provides you with the most relevant and cost-effective information to get started.
Our list contains safeguard descriptions, as well as helpful resources to assist you along the way. We have also included all corresponding NIST 800-171 controls that you can assess against as you implement each Totem Top 10™ safeguard.
1. Know Your Assets
This is the first step to building a cybersecurity program. Perform an inventory of all your IT system assets, including your hardware, software, and system users, and understand their role in facilitating the flow of sensitive information throughout your environment. Be sure to update your inventory when assets are changed, added, or removed. You can’t protect what you don’t know exists!
2. Train Your Users
Simply put, a trained and aware workforce is your greatest defense against cyberattacks; even more than any technology in this list. Train your users to identify and prevent dangerous and common threats such as phishing, and look for ways that you can establish a cybersecurity culture within your organization.
3. Protect Your Endpoints
An endpoint is any device that is connected to and exchanges information with a network. Protect your endpoints from malware by using an Endpoint Detection & Response (EDR) or eXtended Detection & Response (XDR) solution. Consider a solution which offers a software whitelisting capability, where you can lock down your environment to only the software you approve to run.
4. Patch Software & Operating Systems
Old and outdated software and operating systems are a significant cybersecurity risk, because any associated vulnerabilities have already been identified and likely exploited. Establish a routine patching strategy to remediate these vulnerabilities. Apply automatic updates wherever possible, and run recurring vulnerability scans to ensure that patches are being adequately applied.
5. Restrict Admin Privileges
Administrative privileges (also known as root or superuser privileges) grant a user practically unlimited control over a given system. These accounts are highly sought after by adversaries, as they make possible crippling attacks such as ransomware. Create a non-admin user account for all employees to operate full-time, and limit administrative privileges to only the IT staff who require them.
6. Harden System Components
Each component within your IT system asset scope needs to be “hardened”. To harden a system component means to take it from its default (or current) vulnerable state and make it secure. For example, you can harden a router by disabling WEP and WPS or by resetting the administrator username and password. There are many different ways that a system could be hardened, which is why it is crucial to refer to an official security baseline when doing so.
7. Segment Your Network
Operating on a “flat” network is akin to fighting on a flat battlefield. There are no obstacles, so an adversary can see everything and move in whichever direction they choose. You can prevent an adversary from moving around your network with impunity through segmentation. Divide your network into multiple pieces based on device type or function, and actively monitor your network for suspicious activity.
8. Backup Your Data & Test Restoration
Data backups are one of the simplest methods for protecting your business when something goes wrong. Once you have determined your recovery metrics and begun backing up your data, test your restoration plan to ensure that it will work when needed.
9. Enable Multi-Factor Authentication
Multi-factor authentication (MFA) adds another layer of security to your networks, applications, or wherever else sensitive information may be stored. Require your users to provide at least two authentication factors (e.g., a password and an authenticator push notification) when accessing company networks, devices, and accounts.
10. Collect & Analyze Event Logs
A “log” is simply a digital record of some computer event, whether that event be human or computer-initiated. Analyzing event logs and looking for anomalies can help you spot an adversary in your system before major damage is done. The most effective way to achieve this is to partner with a Managed Security Service Provider (MSSP), who would utilize a Security Incident and Event Management (SIEM) tool to actively monitor your collective network and alert you when suspicious activity is taking place.