This month’s From The Experts comes from the VP of Network Infrastructure, Operations and Delivery at Owens & Minor, Loren Morgan. Loren is a veteran and has spearheaded the effort to expand veteran support networks within Owens & Minor.
Here are ten habits/tactics that will keep bolster your cybersecurity program and greatly reduce risks:
Require multi-factor authentication for remote access to your network and for critical internet-facing application.
Set antivirus/antimalware programs to conduct regular scans of IT network assets using up-to-date signatures.
Enable strong spam filters to prevent phishing emails from reaching end users and Filter emails containing executable files from reaching end users
Implement a user training program and simulated attacks for spear-phishing to discourage users from visiting malicious websites or opening malicious attachments and reinforce the appropriate user responses to spear phishing emails.
Filter network traffic to prohibit ingress and egress communications with known malicious IP addresses. Prevent users from accessing malicious websites by implementing URL block lists and/or allow lists.
Implement a robust application whitelisting program to effectively manage/limit executables within your environment.
Implement a strong Privileged User Management program and strong Role Based Access Management program to limit user access to as-needed basis and to greatly limit number of accounts with administrator level privileges.
Implement a very effective Security Event Monitoring program
Update software, including operating systems, applications, and firmware on IT network assets, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to determine which OT network assets and zones should participate in the patch management program.
Implement regular data backup procedures on for all critical data/critical assets. Backup procedures should be conducted on a frequent, regular basis as should testing of re-imaging of machines.
Vice President, Global IT Operations, Infrastructure and Delivery & Salesforce IT Support
Owens & Minor
Over the life of his career, Loren has continually served in the US Army, while growing in his role as a leader and C-Suite IT executive. Loren’s path to his current role is described as a maze. Coming out of the military, Loren took the first job he was offered. It was in IT management, and the expectation at the time was that he would be a people manager, not a technology manager. In time, he found he had a great working knowledge of the technology realm and moved through four different organizations and their IT groups. With each transition, Loren found his position advanced. He credits his upward career trajectory with his strong desire to meet the customers needs and his ability to listen to what the business units really needed to help them grow.