IT professionals, what's a valuable security best practice you've implemented that significantly improved a client's infrastructure?

Question

Ever wondered how top IT professionals fortify their clients' digital fortresses? In this article, a Privacy Expert at Cyber Insider shares why consulting before acting is crucial, while a Chief Technology Officer emphasizes the importance of network segmentation for enhanced security. With insights from nine experts, you'll discover actionable strategies to elevate your cybersecurity measures. Read on to unlock all the valuable security best practices that can transform your infrastructure.

Bill Mann · Answer

The most important practice that any organization can use is what many call, "If you see something, say something." In practice, it is the act of consulting other people before you take action. This is difficult to do when you've received a communication from a trusted source that requires immediate action; but if you don't take action, something terrible will happen. This is what every phishing communication looks like. If every person stopped and shared the communication with their IT or security team, no networks would ever be breached. The human element is always the way into a network; it's nearly always how data is stolen. The only way to combat it is to continually educate everyone on social-engineering tactics.

Michael Gargiulo · Answer

One valuable security best-practice we implemented that made a huge difference for a client was the introduction of zero-trust architecture. Instead of assuming that anything inside the network is safe, this model verifies every user and device, regardless of location, before granting access. By segmenting their network and applying strict authentication protocols, we greatly reduced the attack surface and limited the potential damage from breaches.
This shift to zero trust significantly improved their overall security, especially in protecting sensitive data. It also allowed for better visibility and control across the network. For anyone looking to adopt a similar practice, start with multi-factor authentication and continuous monitoring to build a foundation for zero trust. It's an essential step in today's cybersecurity landscape, where threats can come from anywhere.

Shehar Yar · Answer

One valuable security best practice I implemented that significantly improved a client's infrastructure involved transitioning their systems to a zero-trust security model. The client, a mid-sized financial services firm, was experiencing challenges with data breaches and unauthorized access due to outdated security protocols. Recognizing the need for a more robust security framework, I guided them through the implementation of zero-trust principles, which operate on the premise that no user or device should be trusted by default, whether inside or outside the network.
The first step was conducting a comprehensive audit of their existing infrastructure to identify vulnerabilities. We then implemented strict identity verification protocols, including multi-factor authentication (MFA) for all users, regardless of their location. Additionally, we segmented the network to limit access to sensitive data based on user roles, ensuring that employees only had access to the information necessary for their job functions. This not only minimized the attack surface but also contained potential breaches.
As a result of these measures, the client experienced a significant reduction in security incidents, with a reported 70% decrease in unauthorized access attempts within the first six months. This proactive approach not only bolstered their data security but also enhanced their overall compliance posture, reassuring clients and stakeholders about their commitment to protecting sensitive information. This experience underscored the importance of adopting a zero-trust model in today's threat landscape, as it can fundamentally strengthen an organization's security framework.

Elmo Taddeo · Answer

One valuable security best practice we implemented for a client involved setting up multi-factor authentication (MFA) across their entire system. They were a mid-sized company that had a strong-password policy but no extra layer of protection. Implementing MFA drastically reduced the chances of unauthorized access, especially with phishing attacks on the rise. Employees were initially resistant, as it added a step to their login process, but we provided training to help them understand why it was essential. 
We also set up continuous-monitoring tools to alert us if suspicious activity occurred, like unauthorized login attempts. One instance stands out where an alert caught someone trying to access a system from a location halfway across the world. This allowed us to act quickly and prevent a potential breach before any data was compromised. The client was surprised at how quickly this tool detected a threat and appreciated the extra protection. 
Finally, to keep everything running smoothly, we made sure their security patches and updates were applied automatically. Before this, the company had been lax with updates, leaving vulnerabilities open longer than necessary. With the system in place, they no longer had to worry about manually updating software, and their overall security posture improved significantly. These changes created a more secure infrastructure with minimal disruption to their daily operations.

Ali Allage · Answer

One of the most impactful security practices I implemented was integrating a Security Information and Event Management (SIEM) system with User and Entity Behavior Analytics (UEBA) for a mid-sized healthcare provider. They had around 1,000 employees and struggled with visibility into network activities, particularly concerning insider threats and compromised accounts.
After conducting a thorough audit, we deployed a cloud-based SIEM solution, ingesting logs from critical systems such as firewalls, servers, workstations, and applications. Real-time alerting was set up for known threats, and UEBA was integrated to establish behavior baselines, using machine learning to detect anomalies.
We customized correlation rules for the healthcare environment and fine-tuned alert thresholds to reduce false positives. A 24/7 Security Operations Center (SOC) was established, and staff received comprehensive training on the new system.
Key results included:
*Enhanced threat detection: Within the first month, we prevented a data exfiltration attempt and identified compromised credentials before they could be exploited.*Improved incident response: The mean time to detect (MTTD) security incidents dropped from days to hours, and the mean time to respond (MTTR) decreased by 60%.*Compliance benefits: The system streamlined compliance reporting for HIPAA and other regulations, demonstrating due diligence in protecting patient data.*Operational improvements: The client gained full visibility into network activities and resolved several misconfigurations and vulnerabilities.
Challenges, like initial alert fatigue, were addressed by fine-tuning detection rules and implementing a tiered alert system. Data privacy concerns were mitigated through strict access controls and data masking for sensitive information.
The main takeaways were the importance of setting clear objectives, fine-tuning detection rules to reduce false positives, and fostering collaboration between IT, security, and compliance teams. Regular tabletop exercises also proved essential for testing and improving incident response.
This implementation significantly enhanced the client's security posture, turning the SIEM/UEBA system into a cornerstone of their cybersecurity strategy. By leveraging context-aware security monitoring, we were able to quickly detect and respond to threats, ensuring the protection of sensitive patient data in a highly regulated environment.

Rubens Basso · Answer

I've discovered that network segmentation is vital for elevating our clients' infrastructure. Partitioning the network into distinct segments, we can limit access to sensitive areas, ensuring only authorized users reach critical data. This strategy not only enhances security by minimizing the impact of potential breaches but also boosts overall efficiency. With segmented networks, any security incident is confined to a specific area, reducing the risk of widespread disruption. This targeted control helps preserve system integrity and supports smoother operations, ultimately fortifying our clients' infrastructure.

Josh Matthews · Answer

At LogicLeap, a key security best practice we implemented that significantly improved a client's infrastructure involved adopting a multi-layered defense strategy. This approach was especially effective for a mid-sized company in Oxfordshire facing increased security challenges as they scaled their digital presence.
The client needed to protect sensitive data and maintain business continuity, so we started by deploying a robust firewall system. This firewall acted as the first line of defense, filtering out unwanted traffic and monitoring for anomalies. By setting advanced rules, it blocked unauthorized access while providing real-time traffic insights.
We then added an intrusion detection and prevention system (IDPS) to continuously monitor network activity. This system was crucial in identifying suspicious patterns and automatically responding to potential threats, helping mitigate risks before they could escalate.
Enhancing endpoint security was another critical step. We rolled out antivirus and anti-malware software across all devices, ensuring automatic updates and regular scans to protect against the latest threats.
Employee education on cybersecurity best practices was a vital component of our strategy. We conducted training sessions to raise awareness about phishing, password management, and safe browsing habits. Empowering staff with this knowledge greatly reduced the risk of human error leading to breaches.
Regular security audits and vulnerability assessments were also part of our approach. These assessments helped us identify and address potential weaknesses, maintaining a high level of security readiness and allowing for timely updates to protocols.
The result was a marked reduction in security incidents and enhanced confidence in the client's network resilience. This comprehensive strategy not only protected their data but also supported their growth, demonstrating the importance of proactive security measures. By tailoring our approach to their specific needs, we created a secure environment that aligned with their operational goals and ensured continued business success.

Brandon Taggart · Answer

As an expert in enterprise medical imaging, I've found implementing a comprehensive DICOM security strategy to be invaluable for significantly improving infrastructure security.
For one client, their legacy PACS system had essentially no security controls, allowing any system with network access to query and retrieve sensitive patient images. By upgrading them to a modern PACS with strict role-based access controls, encryption of data both at rest and in transit, and two-factor authentication for all users, we were able to lock down access and provide an audit trail of all user activity.
For another client, frequent zero-day vulnerabilities in their aging PACS and viewer software put them at constant risk of data breaches. By transitioning them to a cloud-based PACS with a dedicated security team continuously monitoring for and patching any new threats, we were able to drastically reduce their risk profile and meet regulatory compliance standards.
Medical images contain some of the most sensitive patient data, so maintaining their security must be a top priority. Implementing basic controls like access management, encryption, logging, and continuous monitoring may require an upfront investment but will pay dividends through risk reduction and avoiding the costs of recovering from a breach. My advice is to work with vendors that make security a primary focus, not an afterthought.

Dale Jenkins · Answer

Developing a network architecture that supports the needs of all stakeholders of a residential aged-care facility is nontrivial. In many facilities, multiple disparate, single-function networks are deployed without consideration of expansion, reliability, ubiquity of connectivity, or, most importantly, security.
Using a secure-by-design approach where connection to a switch provides nothing more than a link light (i.e., electrical connectivity but no ethernet connection), a cohesive network architecture is built providing service and security profile-based traffic segregation throughout the facility.
The key elements of the secure-by-design approach required to achieve an acceptable outcome are:1. By default, there is no access to anything (i.e., disable the default VLAN and do not use it for anything).2. Assume a connection from an unknown device is unwanted.3. Each service must be contained to its own segment and assigned a security posture (say no trust, low trust, mid trust, fully trusted).4. Where a service requires access to an external location, provide an explicit allow rule and implicitly block all other connections, and ensure the outbound traffic does not rely on/impact higher trust levels.5. Connectivity between service segments is denied by default and where required can only be initiated from a higher trust level to a lower trust level.
Through careful consideration of the design requirements, trust, and service expectations, it is possible to deploy an integrated, site-wide network capable of securely delivering the necessary connectivity for all systems and site users.

What Are Effective Security Best Practices for Improving Client Infrastructure?

What Are Effective Security Best Practices for Improving Client Infrastructure?

Consult Before Taking Action

Implement Zero-Trust Architecture

Transition to Zero-Trust Security Model

Set Up Multi-Factor Authentication

Integrate SIEM with UEBA

Segment Network for Enhanced Security

Adopt Multi-Layered Defense Strategy

Implement Comprehensive DICOM Security Strategy

Design Secure Network Architecture