Vulnerability and Remediation Management can easily become overwhelming when you see such an abundance of vulnerabilities and the steps that are needed for remediation. If you’re not using vulnerability and remediation management software, this process might become a little more labor intensive – but it’s definitely doable!
So when your boss asks, are we protected against Petrwrap or WannaCry (2 major ransomware viruses that spread across many countries in May and June)? You can say that you’ve taken these 5 steps to reduce the risk of harmful malware.
- Perform Regular Software Updates
As annoying as software updates can be (like the frequent Java updates), they are the easiest remediation tools. How it works, is that software developers release “patches” for existing software, that are meant to resolve specific vulnerabilities. This isn’t foolproof, however, as there are some vulnerabilities whose patches have not yet been created.
- Update Your Systems
You know the old saying – don’t fix what isn’t broken? Well, that doesn’t totally apply to network security. Even though a device might still function perfectly for you, that might not mean that it’s secure. Companies stop creating patches and updates for legacy software, making it a vulnerability for your organization.
- Use Strong Firewalls and Anti-virus Programs
Click here to read the differences between firewalls and anti-viruses. Basically, both tools are essential for blocking specific programs and files from entering the network.
- It’s Mandated in Certain Compliance Standards
Whether you’re following NERC CIP, NIST CSF, HIPAA, etc., they often require some form of vulnerability management. Compliance standards are a good starting point for implementing cybersecurity protocols in an organization, but aren’t enough to claim a secure network. For example, if the standard requires regular scans for ongoing vulnerabilities, organizations can meet this requirement by scanning regularly, but scanning is not remediation. Organizations must go one step further after scanning, and must follow the remediation strategies recommended for each program.
- Use Encryption Tools While Transferring Files
Email is not secure. If unencrypted, emails could potentially be read by hackers. It’s often difficult to identify Phishing Scams – when a hacker disguises themselves, to try to steal information – especially since phishing scams are starting to appear as legitimate businesses (i.e. the Apple Store sending receipts from iTunes and Financial Institutions sending you information about your account, even though you don’t bank with them). Uzado offers “Secure File Transfer” systems specifically for this reason.