5 Quick Wins for your IT Security system

Finding and Prioritising the Right IT Security Controls for your Organisation. 20 Critical Security Controls to secure the most fragile asset in your business: data. Introduction. Proudly brought to you by AVeS.

With an increasing trend of overworked employees1, we know that your time is valuable. That is why we thought to bring you the first five quick wins that you as an IT professional can easily implement in your organisation to proactively reduce the risk of cyber attacks. These fundamental cyber defence tactics provide the greatest risk reduction and protection against the most dangerous threat actors2:

  1. Whitelist applications

    on each type of business system, including servers, workstations, laptops and other mobile devices. Application whitelisting technology can be used to only allow authorised software to run, whether the software is commercial or custom-built.

  2. Use standard, secure system configurations

    that represent hardened versions of the underlying operating system and installed applications. Validate and refresh these images on a regular basis to update their security configurations and thereby protecting the system against recently discovered vulnerabilities and attack vectors.

  3. Patch application software within 48 hours.

    These processes can be usually automated easily with the specific vendor’s technology. When the application can no longer be patched, update the software to its latest version. And lastly, schedule at least annual system checks to remove outdated or unused software as the applications may become easy access points if left untouched on the system.

  4. Patch system software within 48 hours.

    As with application software, effective patch management is the most important security tool you have at your disposal. Run SCAP-validated vulnerability scanners on your network at least once a week to detect and prioritise critical vulnerabilities on two levels: code-based vulnerabilities, and configuration-based vulnerabilities.

  5. Reduce the number of users with administrative privileges

    to only those who have the knowledge and business need to modify the configuration of the underlying system. This will help prevent installation of unauthorised software and other abuses of administrator privileges. Combine this with frequent audits of how administrative privileged functions are used and if any anomalous behaviour exists for maximum effect.



12015 Human Capital Trends Report for South Africa

2The Center for Internet Security’s Critical Security Controls for Effective Cyber Defense (Version 5)