What is application whitelisting

What is Application Whitelisting & Why is it important? | Tiedata

It can be the difference between companywide cyber infection and business as usual. But many businesses don’t enact it. All too often this is down to a combination of a lack of knowledge and fear that it’s more complicated than it is. So, in the following blog, we’ll be outlining what you should know about application whitelisting before you start using it within your business.

So, what is application whitelisting?

It’s a cybersecurity method that predetermines what actions are allowed to be taken on a device. It consists of an IT Head listing a series of applications that a device can run. It’s quite a blunt instrument; allow this, don’t allow that. And can limit functionality. So, it’s important to do it carefully to cause as little frustration to the end user as possible.

Why it’s important

First and foremost, it’s a straightforward way to ensure better cybersecurity. Any malware or ransomware will be stopped in its tracks if it’s not on the whitelist. Very useful if you work in an industry that requires strict cybersecurity adherence. It can also optimise an IT system’s efficiency. By keeping the number of applications under an end user’s command to a minimum, less memory is used and less time is wasted managing licenses.

What is application whitelisting

Dos and don’ts

If application whitelisting sounds like a plan, here are a few basic guidelines you’ll want to consider.

  • Do develop a whitelisting policy. This is a detailed outline of what goes on the whitelist and why. Getting your whitelist right is imperative and this is the foundation of it.
  • Don’t switch on your whitelisting all at once.
  • Do it in phases to avoid any big disruptions to operations. Do group users with similar needs within the same whitelist. It’ll save time and make for fewer whitelists to be created.
  • Don’t forget to maintain your whitelist. As software changes and updates, you may need to add and remove applications accordingly.
  • Do deploy any whitelists you might be uncertain of in audit only mode. This is where everything besides the blacklisted applications are allowed to run.

As a general rule, application whitelisting is best deployed on computers in particularly risky environments – namely laptops that might be used to work from home and on central hosts that connect to the rest of the IT system. You also need to bear in mind that your application whitelisting policy should form part of your wider cybersecurity policy. You’ll still need a good firewall, endpoint security, cyber awareness training, etc. And if you’re serious about remote working – as many businesses are these days – then all of the above and more are cybersecurity non negotiables.

See how well your cybersecurity – and other factors – are prepared for our new world of remote work with our remote working assessment tool. Click below to use it.

Multi Factor Authentication

Protecting All Accesses with Multi-Factor Authentication

With an 11% further increase in Cyber Crime over the last 12 months (between 2018 and 2019) it is critical that all the applications you access are secure, and not just with a password.

If a user’s password is compromised, unauthorised users can access your systems. This is where MFA is critical as it empowers you to authenticate access requests using your smartphone.

MFA is a secure and easy to use authentication method that provides an increased level of protection. Your security is only as strong as the weakest link. Without MFA weak or inadvertently shared passwords increase the risk of a security breach.

Reports of cyber attacks are increasing, and hackers are becoming more intuitive in obtaining user passwords. As a solution, we offer MFA to our clients.

If you are using one of the following, please engage with Tiedata so we can establish the best way to assist you:

1. Cloud based systems, including but not limited to CRM systems, office suites and account packages e.g. Salesforce, Office 365 and Quickbooks.

2. Remote access – we recommend that all remote access is initiated via a Virtual Private Network (VPN). MFA takes your security to the next level.

Contact us to find out more about how our MFA solutions can benefit you.