Best Practices to Protect You, Your Network, and Your Information

["US-CERT" <US-CERT () ncas us-cert gov>]

NCCIC / US-CERT

National Cyber Awareness System:

Best Practices to Protect You, Your Network, and Your Information [ 
https://www.us-cert.gov/ncas/current-activity/2015/07/31/Best-Practices-Protect-You-Your-Network-and-Your-Information ] 
07/31/2015 06:46 PM EDT 
Original release date: July 31, 2015

The National Cybersecurity and Communications Integration Center (NCCIC) and its partners responded to a series of data 
breaches in the public and private sector over the last year, helping organizations through incident response actions, 
conducting damage assessments, and implementing restoration and mitigation actions.

During NCCIC’s recent work, following best practices proved extremely effective in protecting networks, the information 
residing on them, and the equities of information owners. The recently updated National Institute of Standards and 
Technology Cybersecurity Framework [ http://www.nist.gov/cyberframework ] highlights best practices.

Cybersecurity is a risk management issue. Our experience demonstrates that individuals and organizations may reduce 
risk when they implement cybersecurity best practices. The following are examples of best practices you should consider 
implementing today as part of your cybersecurity strategy:


  * *Implement Two-Factor Authentication*: Two-factor authentication works to significantly reduce or eliminate 
unauthorized access to your networks and information. 
  * *Block Malicious Code*: Activate application directory whitelisting to prevent non-approved applications from being 
installed on your network. 
  * *Limit Number of Privileged Users*: System administrators have privileged access that gives them the “keys to your 
kingdom.” Limit system administrator privileges only to those who have a legitimate need as defined by your management 
directives. 
  * *Segment Your Network*: Don’t put all your eggs in one basket by having a “flat network”. Use segmentation 
techniques so that if one part of your network is breached that the integrity of the rest of the network is protected. 
  * *Lock Your Backdoors*: Third parties that share network trust relationships with you may prove to be an Achilles 
heel by serving as an attack vector into your network. Take action to ensure that all network trust relationships are 
well-protected using best practices. Have a means to audit the effectiveness of these defenses. Consider terminating or 
suspending these relationships until sufficient controls are in place to protect your backdoors. 

For more information on cybersecurity best practices, users and administrators are encouraged to review US-CERT 
Security Tip 13-003: Handling Destructive Malware [ https://www.us-cert.gov/ncas/tips/ST13-003 ] to evaluate their 
capabilities encompassing planning, preparation, detection, and response. Another resource is ICS-CERT Recommended 
Practice: Improving Industrial Control Systems Cybersecurity with Defense-In-Depth Strategies [ 
http://ics-cert.us-cert.gov/sites/default/files/recommended_practices/Defense_in_Depth_Oct09.pdf ].

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]