Cyber incidents continue to rise in 2021 with small and medium businesses dealing with ransomware, business email compromise and account takeovers. While large companies and ransomware dominates the nightly news and newspaper headlines the same activities are plaguing small businesses as well. The below five items will help mitigate some of the threats that are happening as well as put a framework in place to help organize resources for when an attack occurs.
1. Get the Foundational Items Down
Identifying and protecting systems and data are important parts to minimizing threats and the impact of an attack but many times companies are failing on fundamental items of security. Having these items in place and working will go a long way in reducing the risk companies are facing.
- Install and maintain anti-virus software on all systems. Often a breach occurs on a system that was not known to not be running anti-virus.
- Patch, patch, and patch again. Windows Operating Systems on servers and workstations, third party applications and hardware including Internet of Things (IOT) devices all have vulnerabilities that bad actors exploit when they find them. Patching removes those vulnerabilities but do not worry, there will be a new list of patching to do next week.
- Do not use personal email accounts for work and work email accounts for personal use. Bad actors scrape credentials from low level breaches and then try them to see if they can take over accounts that are helpful in executing a cyberattack.
- Do not use passwords on multiple accounts for the same reason as the above item. When a password and email is compromised the bad actors use them together to try an account takeover.
2. Perform a cybersecurity assessment
A Security Risk Assessment (SRA) performed by a third party will help identify the current security posture of a company and develop a remediation plan for the vulnerabilities that are found, see patch, patch, and patch some more above. An SRA will also help identify what policies and processes are not in place to minimize risk of current threats.
3. Train, Train, Train and then Train Some More
Insiders, employees, are often at fault for cyber incidents whether they be intentional or unintentional. By training on good cyber hygiene, employees can help protect against and detect when a cyber incident is occurring. In addition to training, utilize phishing simulations which are when “risky emails” are intentionally sent to employees. This will help employees recognize attempts to trick them into either clicking on a link or attachment to download malware which is often the first step in a cyberattack. These two combined are highly effective at minimizing the insider risk that all companies are facing.
4. Adopt a Cybersecurity Framework
Not all industries like medical and financial services have mandates from the government to adopt a cybersecurity framework like Health Insurance Portability and Accountability (HIPAA) or National Institute of Standards and Technology (NIST). In addition to the government, industry groups like Payment Card Industry (PCI) are recommending and enforcing cybersecurity frameworks. If a company is not subject to a compliance regulation, they can adopt a framework such as Center for Internet Security (CIS). Adopting a framework will help organize the roles, processes, tools, to identify, protect, detect, respond, and recover when a cyberattack occurs.
5. Make an Incident Response Plan
Cyberattacks are massively disruptive to businesses and the slow, long manual recovery from one is not always possible. An Incident Response Plan (IRP) will help raise the probability of surviving an attack. An IRP contains the components to respond when an incident occurs including the following:
- A list of roles and responsibilities for the incident response team members.
- A business continuity plan.
- A summary of the tools, technologies, and physical resources needed for the response and recovery.
- A list of critical network and data recovery processes.
- Communications, both internal and external including who, what, when and to whom communications should be with.
The rise of cyberattacks including ransomware is massively disruptive to both small and medium businesses due to the amount of recovery time to bring systems back online as well as the damage to a company’s reputation. Make sure your IT department of managed IT services vendor has taken the above actions to increase the level of confidence in your ability to survive the next cyberattack.
Scott Cooper is the President of Tower 23 IT, an IT outsource solution for small to medium businesses specializing in protecting client health and financial data to meet privacy, compliance and security requirements in the healthcare, legal, financial, real estate, and insurance industries. Scott can be reached at scottc@Tower23IT.com or 858.877.6219.