5 Overlooked Cybersecurity Best Practices to Watch For
When it comes to securing a network, even small oversights can create significant vulnerabilities. From misconfigured policies to neglected asset inventories, here are five commonly overlooked cybersecurity practices that could leave your organization exposed to cyberattacks. Use this checklist to identify and address red flags in your environment.
1. Ensuring Devices Are Under the Correct Policies
One critical cybersecurity lapse is failing to ensure that devices operate under the appropriate security policies. Our CylanceMDR™ Team often sees organizations move devices to default policies during testing and then forget to reassign them to secure configurations once testing is complete. Default policies are typically open and lack sufficient protection, making them susceptible to threats.
“We work with our customers to make sure that their devices are aligned to their correct policies. When we don't see them in a correct policy, we inform them to help close this gap,” says Adrian Chambers, Sr. Manager of the CylanceMDR Team.
It’s essential to review and configure policies for each device regularly. Work closely with your team to ensure that no devices inadvertently remain inadequately protected. Make it a habit to audit device policies and notify team members when changes are required.
2. Maintaining a Clean Alert Queue with Proper Tuning
Flooding your alert system without proper tuning can increase alert fatigue and boost the odds you will miss critical threats. This typically occurs when new software or tools are introduced without producing the necessary adjustments to cybersecurity rules or filters within your environment.
Always review your alerting tools after introducing new software. Work with your team to classify alerts, exclude false positives, and create rules to ensure genuine threat signals stand out. Think of it as housekeeping: a clean and organized alert queue helps analysts focus on detecting and resolving real threats, rather than wasting time digging through irrelevant notifications.
3. Performing Regular Asset Inventory
You can’t protect what you don’t know exists. Failing to maintain a comprehensive inventory of systems, devices, accounts, and appliances on your network is another critical issue. Missing or undocumented assets are often easy targets for attackers. The BlackBerry Incident Response Team knows this all too well. “We often help with incidents where the client doesn't have a full inventory of all their computers, devices and appliances on the network,” says BlackBerry Principal Incident Response Consultant Travis Hoxmeier. “This typically results in systems left unpatched or in some cases, we find systems without the appropriate and required security software installed on them.”
Create a full inventory of all hardware, software, servers, workstations, devices, and accounts operating on your network. Review and update this inventory regularly, ensuring all items are properly managed and monitored. A robust inventory allows you to locate and patch vulnerabilities efficiently and ensures no systems are overlooked in your cybersecurity strategy.
4. Minimizing Remote Access Tools
Another often overlooked aspect of cybersecurity is the management of remote access tools. How many do you have in your environment right now? Many organizations inadvertently accumulate multiple remote access tools across their network, making their attack surface wider and increasing the risk of unauthorized access and ransomware attacks.
Chambers, on the CylanceMDR Team, says they typically discover this scenario when onboarding a new organization. “Sometimes we'll go into a new customer environment, and they have five different remote access tools. The question is, do they really need more than one? After discussion, they most often determine the answer is no. When it comes to preventing attacks, if you don't need to have another remote access tool, don't have it.”
By minimizing the number of remote access tools in your environment, you reduce complexity, simplify management, and minimize potential vulnerabilities.
5. Look for Missing MFA
Although MFA (multi-factor authentication) has long been seen as one of the cybersecurity basics organizations must implement, our incident response team has noticed that some organizations reaching out for help during a cyberattack do not have MFA in use for their remote access tools, and this often includes VPNs.
Without MFA, “Threat actors can gain access either by brute force or through the credentials that are available on the dark web, and then log into the organization's VPN solution or other remote access solution just using a username and password,” says the IR Team’s Hoxmeier. “From there, the threat actor has access to the organization's internal network, and they can then take further actions on their objectives.”
Now is a good time to double-check that MFA is enabled on all of your remote access tools.
Watch the BlackBerry LIVE Discussion
These cybersecurity mistakes and best practices surfaced during a recent BlackBerry LIVE broadcast, Cyberattack Trends, Recent Findings from the BlackBerry Incident Response and CylanceMDR Teams.
Watch it on demand, here:
About CylanceMDR
The CylanceMDR Team provides 24x7x365 monitoring, detection, and rapid threat response to increase your security posture, regardless of in-house staffing levels. You may already have the right cybersecurity solutions in place. But without visibility across your security stack — and the personnel to manage it — your organization may not be able to quickly respond to the growing number of sophisticated, hidden threats.
Learn more about managed detection and response.
About the BlackBerry IR Team
The BlackBerry Incident Response Team specializes in crisis response when cyber incidents strike. They can help you mitigate the impact of any breach, ensure your recovery follows best practices and secure your IT environment for the future.
Learn more about BlackBerry Incident Response Services.
By uniting advanced technology like Cylance® AI with human expertise, both the CylanceMDR and BlackBerry IR teams offer unmatched cybersecurity support.
Final Thoughts
The strength of your cybersecurity strategy lies in the details. Reviewing what are often overlooked cybersecurity best practices can significantly reduce your risk of exposure to cyberattacks. Audit your current processes for device policies, alert tuning, and asset inventory. Also, minimize your remote access tools and make sure all of them have MFA enabled.
Cybersecurity isn’t a destination, it’s a journey. By addressing these common issues, you’ll position your organization for a safer and more resilient future.
