top 5 cyber security controls

Top 5 Cyber Security Controls for 2018

Author: Miles Feinberg, VP of Service Development, Synoptek


Top Cybersecurity Threats of 2017

How can you secure what you don’t know? There’s a concept of the attack surface – and if you don’t understand what that is, you can’t begin to defend it. It’s important to note that most of the top entry methods targeted end users, end user devices, and vulnerabilities in IT misconfiguration.

Cybersecurity Threat landscape

Source:  SANS Institute, 2017

Survey respondents report Phishing (72%), spyware (50%), ransomware (49%) and Trojans (47%) as the most seen threats in their organizations.

With security more important than ever, the majority of breaches can be due to lack of security talent on your IT team, effective technology, and also to existing processes failing.

At Synoptek, our security team works with customers to mitigate threats and these are the top controls we recommend:

Vectors Threats Use to Enter Organizations


Often times companies rely on the jack-of-all-trades IT guy. Due to lack of resources, knowledge or bandwidth power, he can’t keep up with the constant updates – he’s missing patching and setting up proper admin controls has slipped under his radar. So, the oversights leave him with a web server facing the outside, which becomes a target. These vulnerabilities, even on a limited scale, can blossom into something catastrophic.

What companies can do:

  • Identify the specific knowledge, skills, and abilities needed to support defense of the organization
  • Develop and execute an integrated plan to assess gaps
  • Provide planning, training and awareness programs for relevant roles



Actively inventory, track and correct all hardware devices on your network. We always ask our clients if they have a current audit of all devices and software and if they actively manage all hardware devices on their network so only authorized devices are given access and unauthorized and unmanaged devices are identified and not accessible.

Many organizations don’t keep an asset management system. Without this critical information, systems may not be getting patched and this leaves the organization open to vulnerabilities. You can’t begin to defend the entirety of your attack surface if you don’t understand its entirety.  Once you do have your attack surface inventoried and mapped, you can work to shrink it as well as segment or limit access to the riskiest parts.

Our team is constantly working on what devices our clients are using and why, especially on devices that are public facing. We lock down what application can run on servers and endpoint devices, monitor for changes, and ensure proper controls. Here are other ways to tighten system access and reduce risk.

What companies can do:

  • Least Privilege : Limit whom you grant admin rights and ensure they also have and use less-privileged accounts
  • Lock Down : Run no new applications on a system unless it’s approved through change control
  • New Device Process: Watch for new devices on the network. Have a policy for employee BYOD and enforce it.

Synoptek utilizes management software that locks down servers – so we can’t even patch an environment until we unlock it and say we’re going to do the patching and this is an approved activity. These precautions mitigate rogue software and devices and the broader category of “what are you doing?” This extends beyond the servers that are public facing.



Consider the massive Equifax data breach. They ran Apache software on their servers and in April 2017, Apache discovered weak identification protocol and notified Equifax to patch It and they didn’t. Customer credit reports were stolen and Equifax’s vulnerability to attack snowballed over the next several years. The result? Hackers gained social security, driver’s licenses and credit card numbers of 143 million consumers — half of the U.S. population.

Synoptek runs vulnerability management and oversees promptly rectifying weaknesses in our customer’s security, bot on-premise and. We recently ran a detailed security assessment for a client and identified access rights from the outside. . In our review with the client, they admitted to not making security a priority and the errors of convenience. Their system was riddled with control, identity and access privilege issues.. We provided a page-by-page detailed report and then discussed a remediation plan.

 What companies can do:

  • Always maintain an updated network diagram
  • Change control forms should be completed (with appropriate approvals) before logging in to the device
  • Require two-factor authentication for every device login
  • Alert all administrators of all attempted logins and rule changes
  • Compare the current configuration of your network devices to a known good configuration

 To ensure your network device configurations are secure, several authoritative hardening guides exist and are freely available:



Companies need to monitor who has admin privileges and to what and keep an accurate list of accounts..

What companies can do:

  • Keep an updated access list.
    • Improves Security: We run reports for our clients and can determine if passwords haven’t changed in a long time. We can also point out access privileges and say here are the people in those roles and if we see something obvious like if everyone has read/write access to your financials. We can’t see if admin privileges are being abused, but we can provide data and let them analyze that.
  • Communicate where and when to use admin privileges. An employee could be out of the office, logged into his own laptop with user credentials on an unsecure Wi-Fi and expose a vulnerability
  • Require the use of long passwords. The prior guidance that force the use of letters and numbers and special symbols has been revised to advise using passwords that read like phrases.



When companies discover a known vulnerability, we’re finding they’re not current on patching – they’re afraid and put it off due to complexity because it’s not always as simple as running through the vulnerabilities and applying operational patches. With slightly higher-level patching, applications and sequel servers can break code.

What companies can do:

  • Run monthly vulnerability assessments and remediation.
  • Use vulnerability management tools. There are many available on the market (free and commercial) to evaluate system configuration on a continuous basis. These tools ensure that new-found vulnerabilities are taken care of soon after they’ve been discovered and minimize the window of opportunity for attackers.
  • Ensure your vulnerabilities are patched. These tools detect and patch them or use additional host or network controls to prevent exploitation until a patch or update is released. If vulnerabilities are discovered, assessment tools can detect attempts or successful exploitation of the vulnerability.
  • Test your patch first. Use an environment that mimics the production system before being pushed enterprise wide. If the patch fails the tests, other mitigating controls should be tested and put in place to prevent exploitation.


About Synoptek

Synoptek offers a variety of educational resources to help you make informed IT and business decisions. Check out our recent blogsvideosnewswebinars and seminars. Want to speak to an expert? Contact us here. 

About the Author

Synoptek is an established firm that provides information systems consulting and IT management services. Synoptek and its predecessors have been providing these services for 23 years.