Top tips for improving cyber security

Having to respond to cyber security incidents can seem like a never-ending task, says Lee Harrigan-Green, senior CSIRT member, Jisc

Here are five common cyber security issues and tips for how to tackle them: 

Issue: Protecting against the spread of malware

Solution: While BYOD has increased the risk of infection in colleges, stopping it spreading beyond a single device is possible by adopting incident response policies and procedures. Having a set of policies for ensuring computer security and making sure that everyone is aware of the procedures, such as what should happen if they suspect their device has been compromised, can prevent a small incident getting out of hand.

The example I came across recently involved a device being given back to its owner before a full rebuild had taken place. They were able to take it home and use it over the weekend, and ended up inadvertently reintroducing the malware that had caused the incident in the first place. When it eventually went back to IT, it ended up compromising the whole organisation. A rigorous incident response procedure could have prevented this from happening.

Issue: Covering the whole life-cycle of an incident 

Solution: So you’ve now got an overarching policy that covers what to do if a security incident arises, but what about governing normal IT and network use? Every organisation should have an acceptable usage policy which sets out what you expect of anyone using your computer resources, and what they can and cannot do. This could be from the websites they are allowed to access, down to the personal devices they can use on the BYOD network.

Additional policies that you will require are a disaster recovery policy on what information to salvage, a backup policy which states what you backup, where, and how to restore these files, and an incident response policy which explains how to deal with an incident when it occurs and who to contact. 

Most important is that these policies are frequently reviewed and tested as fit for purpose, as relying on a policy that is not usable in practice could potentially have devastating results.

Issue: Detecting and reacting to incidents immediately

Solution: IT security is only as good as the information it receives. The quicker a college is alerted to an incident the sooner they’ll be able to assess and prioritise what they’re presented with – whether that means being able to classify the threat as low-grade to be dealt with later, an immediate reaction from their own response team, or even looking for help elsewhere for the really big challenges. 

Security alert services can help in some part by making colleges more aware of the threats they face. Better still are those that offer near real-time results. It’s something we’re looking at within CSIRT by bringing in automated security incident data notifications, to provide a streamlined service for institutions and allow them to better manage their own cyber security. 

Issue: Not having ‘big budgets’ to invest in cyber security software

Solution: The market is awash with various software for tackling malware, from anti-virus and firewalls, to malware detection and spam blockers. While it’s not sufficient to blow your budget on every single software that’s available, you do want to make sure your armoury is as strong as it can be. 

My favourite statement on this is: ‘Why do we need an Intrusion Detection System (IDS) and anti-virus software? Anti-virus is like the CSI analyst telling you that you’ve just been murdered.” You need an early warning system, but you also need software that will give context to the intruder, and another to fix the issue. Choose software that complements each other. 

Issue: No point of reference for security incidents 

Solution: An audit trail is a fact of life in professional industries such as finance and healthcare, so why should IT security be any different? Keeping a log of IT activity means you are able to properly investigate any security incidents that arise. This should help them to tackle similar incidents in future, and identify whether there might be a bigger problem over time.

How much data you hold is of course depend on individual circumstances. Some of the biggest IT businesses will hold petabytes of data on the entire internet for decades at a time. While this huge backlogue of data is unnecessary for a lot of FE institutions, even if they did have the space and capacity to do so, colleges would be advised to keep as many logs as they can, for as long as possible.