What is the best template to use for a cybersecurity risk assessment, for Malware Defense?
In this video, I explain 7 steps to protect your company from potential malware threats.
Want my recommendations on the best companies to quote for a cybersecurity risk assessment? Click the button below ask me today.
About Me
Mike Smith has been helping companies select the best telecom, WAN, security, and cloud services since 1999. He founded AeroCom in 2003, and has been the recipient of numerous business telecommunications industry awards, including being recognized as one of the top 40 business people in tech-heavy Orange County, CA. Follow Mike on YouTube, LinkedIn, Reddit and SpiceWorks.
Transcript
Your company needs to do a cybersecurity risk assessment. But you’re wondering, is there a template out there that we can follow? Well, absolutely. There’s definitely a template in the cybersecurity world. We call those frameworks. Okay. So today I wanted to cover the template for a cybersecurity risk assessment for malware defenses, and I’m going to be using the CIA’s framework for that because it’s a simple framework. It’s easy to follow, and it’ll kind of tell you these are the kind of the best practices to do If you’re looking to do a cybersecurity risk assessment for your company when it comes to malware.
Ask me for my recommendations
But before I get too far ahead of myself really quick, if you like, my recommendations on the best cybersecurity companies to quote for your company for a risk assessment or maybe for MDR or virtual CE so or anything like that, reach out and contact me. Send me an email, give me a call(714.593.0011). I’d love to help you with that. More information on that at the end of the video.
Check out our custom built search engine
Also go to our website Aeocominc.com. You can actually search cybersecurity vendors in. You could search things like EMDR, things like that according to the different features that they offer. You can write reviews on different cybersecurity vendors that you’ve experienced, that you can read reviews from other I.T. professionals on cybersecurity vendors. It’s a really cool website. You’ve never seen anything like it. We spent a lot of money to design it, so I’d love to have you go check it out. Let me know what you think. Put some comments down in the comment section. I’d love to hear from you. And as always, don’t forget to like, subscribe to ring the bell
Template for Malware Defense
So your company is looking for a template to run a cyber security risk assessment. And today I want to talk a little bit about a template for malware defenses. This is like the number one thing when an outside professional company comes in to do a cybersecurity risk assessment for businesses, this is the number one gap that they find that businesses need to improve. A lot of companies when it comes to malware, think that their normal antivirus software is enough. They think that defenders is enough, or they think that Norton’s enough. You know, whatever they might be using, they think that’s good enough. But in today’s day and age, it’s not enough. You need to get some type of an endpoint management system, endpoint security set up, it’s just the defender for endpoint. All that stuff is better, but just running defender, running. Norton, It’s just not enough these days. what are some of the best practices? So what I’m going to do is I’m going to break down some of the best practices that you should be doing in terms of looking at a template and following are we doing these things?
IG1 Category
And I’m going to break them into two categories, of the basics. And then one step further, Okay, if So if you think about this in terms of risk, you want to think, okay, for companies fairly small, but hey, we definitely can’t afford to be down for any period of time because we experienced a malware attack. We can’t have our servers all go down. We can’t have to send everybody home and have our systems shut down. That would be catastrophic for our company. So most small businesses kind of fall under that category.
IG2 Category
The next category would be, Hey, it’s a big deal. We have some very secure things. We have, you know, for our customers. Maybe you’re doing credit card transactions, you’re holding credit card information for customers. Maybe you need to be HIPA compliant. That’s kind of category number two. So I’m going to cover kind of the best practices in terms of a template for both of those in terms of cyber cybersecurity.
IG1 Steps 1-3
the first category, so the basics is, number one, you definitely should be using some type of an anti malware software for your company. like I talked about earlier, some type of endpoint security software.
The second thing you want to do is configure automatic anti malware signature updates. So making sure that the software is constantly updating for new anti-malware signatures that are out there.
And the last thing that you want to be doing for the basic level is you want to disable auto run. So make sure that that auto run is not capable for any type of removable device like a USB drive stuck into a computer. Make sure that that’s not possible on any device on your network.
Okay. So those are the basics for small companies or companies that just can’t afford any downtime because of a security issue or breach or problem.
IG2 Steps 4-7
But the next category are things that you want to do if your company has secured data and has to meet certain compliance standards, like you need to be HIPA compliant or you know, you have company credit card information for your customers, or maybe if you’re a very large company and if you have a security breach, it’s a public safety issue. These are all kind of the secondary level that you need to cover.
Okay. Number four, I’m going to continue the numbering from the one before you want to configure automatic scanning for malware or for any removable device. So not only disable auto run but automatic scanning of any removable device that’s plugged into the network.
Number five, you want to enable anti exploitation features.
Number six, you want to centrally manage the anti malware software so that your entire company is operating off one set of rules, one set of standards
in the last one. Number seven is you want to use something that is is looking for malware on a behavioral basis, not just signatures. So a behavioral based anti-malware software is where it can detect malware based on the behaviors, not just the signature. Because if one tiny thing is changed in the malware signature or update ID, it’s not going to detect that malware if it’s just looking for signatures. But if it’s behavioral based, kind of if it looks like a duck talked like a duck, it’s a duck. Right? So if it looks like malware acts like malware, it’s probably malware and it automatically shut that down. So that’s the last thing you want to add in there.
Conclusion
Okay. So I hope that helped a little bit. Again, if you’d like my recommendations for the best cybersecurity vendors to quote for your business, whether it be virtual social services or just some consulting services or risk advisory services like risk assessments, things like that, or pen testing, any of that stuff, reach out, send me an email, give me a call (714.593.0011) I love to help you with. I can ask you a few questions about what you’re looking for and I can give you a recommendation to the best cybersecurity vendors that your company should be quoting. I represent all the major vendors out there, and so I know kind of what their different niches are, and I’ll save you a lot of time and help you make a lot better decision than if you’re just trying to go out on your own and do this. Try to figure out which vendors to quote. And the nice thing is, is those vendors pay me my broker fee. So your company doesn’t have to pay me a dime for my services. So there’s absolutely no excuse not to at least reach out and get my opinion on what vendors I think you should be quoting. All right.
Check out our Website
In addition to that, if you’re not quite ready to talk to me yet, go to our site Aerocominc.com, and search the cybersecurity product that you’re looking for. And you can actually narrow the vendors down by features that they offer with that product. And you can look at the vendors, look at their ratings, look at the reviews, you can leave reviews, which I’d love. If you love some reviews on some vendors you’ve been familiar with, that’d be great. So go check out our website. You’ve never seen anything like it. It’s super cool. We spent a lot of time and money on developing it. We’re kind of trying to make it like the yelp for I.T professionals and. Yeah, let me know what you think. Put some comments down below. Let me know how we can improve it. I’d love to get your opinion on it. All right. Don’t forget to, like, subscribe and ring the bell. And again, thanks for watching and I’ll catch you on the next one.
Related Content
Network Infrastructure Management | Cybersecurity Risk Assessment Template
What is the best template to use for a cybersecurity risk assessment, for Network Infrastructure […]
Cybersecurity Risk Assessment Template: Data Recovery
What is the best template to use for a cybersecurity risk assessment, for Data Recovery?
In this video, […]
Cybersecurity Risk Assessment Template: Email and Browser Protection
What is the best template to use for a Cybersecurity risk assessment, for email and browser […]
Cybersecurity Risk Assessment Template: Audit Logs
What is the best template to use for a cybersecurity risk assessment, for Audit Logs?
In this video, I […]
Cybersecurity Risk Assessment Common Findings: Continuous Vulnerability Management
What are the most common findings of a cybersecurity risk assessment, within the CIS Framework, Control 7: […]
Cybersecurity Risk Assessment Common Findings: Access Control Management
What are the most common findings of a Cybersecurity Risk Assessment, in terms of CIS Control 6: Access […]