Steven Lafortune
Spring has sprung in our part of the world — well, at least as far as the calendar goes. Outside, it’s still pretty cold and cloudy. But not for long! Soon, the skies will clear, the sun will shine, flowers will bloom, and temperatures will soar. Good times.
Between now and then, many of us need to go through (or get dragged through) the annual ritual known as spring cleaning. And in the spirit of tidying up and getting organized, last month we asked: What’s on your cybersecurity spring cleaning list?
As we had hoped, there were many interesting responses. Let’s take a look at them below, starting with a focus on the three most popular cybersecurity tasks.
#1: Implement multi-factor authentication (MFA)
Implementing MFA was the most popular cybersecurity spring cleaning task. Most community members plan to establish MFA internally, while a few mentioned that they want to implement it for clients.
MFA is a necessary safeguard that should be implemented in all organizations, and enforced for all users. Research has found that enabling MFA can prevent 99% of automated hacking attacks.
While any kind of MFA is far better than no MFA at all, most experts recommend using authenticator apps, biometrics, or hardware devices instead of text message codes and security questions, as the latter are more vulnerable (yet still better than only using a password).
Devolutions can help with this pivotal cybersecurity spring cleaning effort:
Remote Desktop Manager enforces MFA at the data source level (Azure SQL, SQL Server or SQLite), and is facilitated via authenticator apps (TOTP), Yubikey, or Duo (learn more).
Devolutions Server enforces MFA at the user level. Multiple types are supported. A default type can be configured for the entire organization, or set by the user. When MFA is configured, users log in with their username/password, as well as an MFA method (learn more).
Devolutions Hub Business supports several MFA options. Microsoft Entra ID and Okta offer a wide range of MFA methods. In addition, users can add MFA to their Devolutions Account and receive push requests through the Devolutions Workspace app (learn more).
#2: Review the backup process and test data
The second most popular cybersecurity spring cleaning task was about the thing that has rescued countless organizations from a fate too terrible to imagine: backups!
Specifically, many community members wisely want to analyze their backup process, in order to ensure that it’s efficient and effective. And just as prudently, they want to increase how often they test backup data (and the associated restoration process) for reliability and integrity. After all, backups that are corrupt, infected, incomplete, or outdated aren’t useful — they’re nightmares.
At Devolutions, we are extremely focused (OK, obsessed — but in a good way) about backups; both when it comes to our data, and helping our users achieve this critical objective. For example:
Remote Desktop Manager has a built-in file backup for saving SQLite or XML data sources in a local file with a master key (learn more).
Devolutions Server offers a Backup Manager tool for saving the SQL database and web application folder (learn more). It is also straightforward to restore Devolutions Server in the event of a disaster (learn more).
Devolutions Hub Business makes it easy to backup the content of vaults at any time by exporting them in JSON or CSV using a PowerShell script (learn more).
#3: Audit all accounts and align them with the principle of least privilege (POLP)
Rounding out the top three most popular cybersecurity spring cleaning tasks this year is another critical priority: auditing all user accounts — including old, unused, and forgotten ones — and verifying that each aligns with POLP. This is a policy in which users are given only the amount of access they need to carry out their jobs, and nothing more.
The importance of identifying and eliminating “privilege creep” cannot be overemphasized. Stolen credentials are the cause of 37% of breaches. What’s more, many organizations have two-to-three times more privileged accounts than actual employees, and 85% of privileged accounts are not accessed for months (and sometimes years) at a time.
Devolutions helps drive POLP in multiple ways:
Remote Desktop Manager supports role-based access control (RBAC), which groups users into pre-defined roles, each with associated permissions (learn more).
Devolutions Server features a powerful PAM module to completely monitor and manage access to privileged accounts, with features such as: RBAC, privileged account discovery, automatic/scheduled password rotation, password change propagation, checkout request approval, just-in-time privilege elevation, administrative reports, and auditing (learn more).
Devolutions Hub Business features the same powerful PAM module as previously described. It also has a built-in System Permissions tool to grant or deny administrative rights to specific users or user groups. In addition, each role in Devolutions Hub has its own set of permissions (learn more).
Other tasks
Here are the rest of the important cybersecurity spring cleaning tasks that community members plan to take care of in the weeks and months ahead:
- Move to a unified endpoint management system providing PAM/AV/EDR/and more
- Conduct browsing in a container
- Review old files and emails, and clean them out
- Push updates and patches
- Remove unused software
- Implement a vulnerability scanner
- Get rid of unnecessary meetings on the calendar to get more things done
- Improve email security with ATP and anti-phishing rules
- Clean up inactive licenses
- Regularly review the Microsoft Secure Score and implement recommendations
- Conduct a cybersecurity assessment
Spring cleaning is a state of mind
Let us wrap things up with some words of wisdom from community member Ron: “Let’s be honest, if you do the spring cleanup every year, you’re already way too late and running behind the facts. One should treat the spring cleanup as a daily routine.”
The winners are…
To start with, every community member who completes even one task on their cybersecurity spring cleaning list is a winner. Anything that reduces the size of the attack surface and makes the organization more secure is a step in the right direction. And remember, Devolutions is here to help — just ask!
Now, let’s reveal the two randomly selected poll participants who have each won a $25 Amazon gift card. Congratulations Brent Quick and p4sticcio! Please email asguerin@devolutions.net to claim your prize.
Stay tuned
A new poll is just around the corner. Stay tuned, and get ready to have some fun!
