What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Aug 17, 2022
Increase in Observations of Socgholish Malware
THE THREAT Starting in early August 2022 and continuing through the month, eSentire identified a significant increase in Socgholish (aka. FakeUpdates) malware incidents. Socgholish is a loader type…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Sep 20, 2022
eSentire Recognized as Top Global MDR Provider by MSSP Alert, CrowdStrike and G2
Waterloo, ON - September 21, 2022 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), celebrated multiple industry recognitions as the leading global MDR provider, over the last week: Named #9, and the top pure play MDR provider on MSSP Alert’s Top 250 MSSPs global rankingRecognized as the CrowdStrike 2022 Global MSSP Partner of the Year Earned G2’s industry-renowned status…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Jan 11, 2018

Your New Year's cybersecurity resolutions

3 minutes read
Speak With A Security Expert Now

You know how the saying goes: “New year, new you.” Whether or not you apply that to your personal life, you should definitely consider applying it to your business’ cybersecurity strategy. If last year was any indication, the world of cyber-attacks and cyber threats is only going to heat up – and you and your business needs to be ready.

So, in light of the New Year, we’ve rounded up six “resolutions” for you to consider as part of your 2018 cybersecurity strategy.

Secure IoT devices

IoT devices can be exploited to leak sensitive information or used to launch unprecedented and highly disruptive attacks. In smaller workplace environments, these types of devices often get added to the network without much thought. The simplicity of putting everything on one network makes things easier, and we get that. Unfortunately, there is risk involved with this practice.

It’s important you understand the requirement of each of these devices and can implement a security posture for how they are used. Similarly, ensure that all security infrastructure is running properly. This includes firewalls, antivirus and any other security features—all of which should receive regular updates.

Make security awareness training a priority

By default, users are a weak point in your cybersecurity strategy. Unfortunately, there is no way to completely eliminate this risk, but there are steps you can take to reduce it. A good place to start is with teaching your employees to be wary of suspicious emails.

Include Security Awareness Training as part of your quarterly routine. It’s important to remember that employee education will reduce the risk of a cyber breach; however, it won’t stop criminals from trying. Providing ongoing education and training to employees is the best way to protect your business in the fight against cybercrime.

Enforce better password management

Passwords need to be complex and hard to guess, but not so much so that you can never remember them. One thing we’d recommend is “passphrases.” To make these, simply come up with a phrase you can remember and then make a password from the first letter of each word in the phrase.

It’s important the employees are required to change passwords regularly and know not share passwords across accounts or network devices. Of course, when possible, they should be using two-factor authentication.

Create a plan for emergency situations

In the possibility of a natural disaster, what’s your business continuity plan? Is it well known among your employees?

Emergency situations are naturally very chaotic. This can mean an increase in the likelihood of sensitive data being accidentally leaked. Amid confusion, employees are unlikely to place high priority on information security, yet these are precisely the moments cybercriminals may choose to test your cybersecurity defenses in creative and relevant ways. Now is the time to re-evaluate your BCP and ensure backups are regularly preformed.

Do regular vulnerability scans and penetration tests

An important part of good cybersecurity hygiene includes knowing your strengths and weaknesses. As part of this, vulnerability scanning should be done on an ongoing basis – say monthly or quarterly, and penetration testing done as a yearly checkup.

A vulnerability assessment allows you to prepare for a penetration test, and a penetration test allows you to prove you’re acting on any vulnerabilities, so it’s critical that a vulnerability assessment is performed (and identified vulnerabilities remediated) before any penetration testing is initiated.

Monitor your behaviour on social networks

There is a lot of misunderstanding around what people should and should not do/post on social networks. Before putting something online, you should ask yourself: Does this need to be public? Is it worth the risk? Not only is what you share online available to friends and family, but it’s also available to cybercriminals.

These cybercriminals—or hackers—present both physical and virtual threats. The bad guys can use your social networks to gather user behaviour habits, like where you live and when you’re home. They can also access personally-identifiable information like birthdays, which can be used to facilitate fraud and identity-theft. That said, commit to being smart about what you put online in 2018.

Join 100,000+ Security Leaders

Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.

By clicking the button below I confirm that I have read and agree to the eSentire privacy policy.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.