Tech Talk: User-centric Cybersecurity Foundation
Cybersecurity is one of the most important and broadest topics in the technology management space. The defense in-depth approach has always been key. Regular software patches, firewalls, intrusion detection, network monitoring, and antivirus protection are some of the many landscape components to keep the bad guys out and sensitive information in.
Mike Robey, MS, AAO-HNS/F Senior Director, Information Technology
Cybersecurity is one of the most important and broadest topics in the technology management space. The defense in-depth approach has always been key. Regular software patches, firewalls, intrusion detection, network monitoring, and antivirus protection are some of the many landscape components to keep the bad guys out and sensitive information in. These preventive technology elements are vital, but full protection to prevent data breaches requires a concentration on the end-user experience.
The focus of this article is on a user-centric cybersecurity foundation. This is critical because most breaches begin when someone is tricked into clicking on a malicious link delivered via email. As the figure suggests, there are three areas to discuss: email protection, protection against fake links, and user awareness training.
Why do the bad guys spend so much energy crafting malicious emails? Getting someone to open an email is the easiest way to bypass a network’s defenses. Think of surfing the web as a communications dialogue. Most firewalls are set up to block unsolicited inbound traffic. However, if the conversation initiates inside your firewall then two-way traffic is allowed through. This is the reason the bad guys craft socially engineered messages to entice or trick the recipient to click on a link. When a user clicks on a malicious link, the communications begin inside your network, bypassing firewall safeguards. Email protection is vital to prevent these unwanted emails from getting through in the first place.
What happens if a malicious email does make it through? You need “bad link” protection. This is where a domain name system (DNS) resolver comes in. To better understand, let me explain what DNS is. When you type in the name of a site in your browser, you typically enter something that looks like English. As an example, www.entnet.org. For you to get to this site something must translate the name to a series of numbers so that you can be routed to where you want to go. DNS is essentially the phone book for the internet. It automatically translates the entered English to the associated number.
Your internet service provider typically provides the address of a nameserver for you. These default DNS nameservers typically don’t provide a whole lot of protection. You need a third-party DNS resolver that blocks malicious and suspicious domains. With a DNS resolver, when a user clicks on a suspicious link, the DNS resolver looks it up in its blocked list. If the site is found, the resolver prevents the user from going to it. (Adult sites and other inappropriate content are often included in the blocked list.)
So far, I’ve talked about the two end points shown in the figure. Email protection blocks suspicious emails from coming in. And a DNS resolver prevents a user who clicks on a malicious link from getting to the bad or inappropriate site. Now let’s talk about the most critical piece: cybersecurity awareness training.
We can deploy a lot of technology to prevent bad things from happening. But it only takes one malicious email with a bad link to make it through and infect your entire organization. Users are the first line of defense. Do they know what a phishing email looks like? Do they know how to report a suspicious email? At the risk of oversimplifying cybersecurity awareness, here are three golden rules:
- Never click on any link. Instead, hover your mouse over the link. This will tell you where the link is pointed to.
- Never click on an attachment until you’ve verified that the email is legitimate.
- Slow down and read your emails. It’s not a race. By slowing down, you can identify the tell-tale signs of a fake email.
In-depth awareness training is necessary to fully understand each of these golden rules.
Cybersecurity is a big topic. The three elements presented here—email protection, DNS resolver, and awareness training—are foundational. Because most infections and data breaches originate from a malformed email, these steps and regular software patching will help keep a network safe. I would be remiss if I did not suggest that you consider having a security consultant do a vulnerability assessment to identify your risks so that you develop your own action plan to combat the bad guys.