5 Ways to Protect Your Business from Cyber Attacks
Protecting Your Business from Cyber Attacks: Getting Started
We all know that cyber attacks are becoming more and more pervasive, sophisticated, and damaging. A recent report in EC Council’s CISO Mag found that:
- Attackers using Excel formulas (which is a default feature that can’t be blocked) to obfuscate malicious code tripled in the second half of 2020.
- Outlook was most often spoofed in phishing emails, with Facebook and Office 365 coming in second and third.
- Nearly three-quarters of domains used by attackers to host phishing pages were web hosting services.
- Email accounted for more than half of all malware infection attempts in 2020, making it the most common method of spreading malware.
- Malware that automatically collects data and information from victims continues to be a threat.
And it isn’t just large companies (and utilities and government agencies) that are at risk; organizations of every size are under attack. In fact, because smaller companies have limited budgets and resources, they can be even more vulnerable. It’s clear that this is a problem that isn’t going away. As security becomes more sophisticated, so do attackers. What do you do to protect your business from cyber attacks?
You have physical security in place, you back up your data, and everything requires a password (and two-factor identification). While you might think you have it all in hand, the chances are good that there are gaps you’re not aware of, even if you’re relying on solid technology. Studies show that there are areas that are either not addressed completely or missed altogether by most organizations.
While the issue of cybercrime is a complex one, this blog post provides some foundational best practices to get you started on the right track, helping you find those gaps, prioritize them, and address them as quickly as possible, before they create big problems.
1. User Education
The first layer of defense against cybercrime is the end user. Typically, security breaches are not malicious or even intentional; users simply are not educated thoroughly and make mistakes. Your users are on the front line when it comes to phishing and hacking attempts. If you’re wondering why this is the first issue discussed in this post, consider how ransomware attacks commonly work:
Typically, cyber attacks don’t happen all at once; they take place over time. Its starts with the cybercriminal compromising a single workstation, usually through phishing emails (which are becoming more sophisticated every day). Once they have a compromised workstation, they can install their tools on that workstation to gain visibility into the network, where they look for other vulnerable workstations. Lack of education creates a gateway for an attack.
This is why it is so important to educate your users, which is not complicated but is vitally important and must be mandated. Users do not have to be an expert on security issues to be safe; they simply need to have clear procedures to follow, awareness, and a healthy dose of suspicion. Consider having training often—like once a month—until everyone is consistently reporting suspicious activity. Assure your users that it’s okay to be “wrong” about reporting; it is much better to have a false alarm than to miss something that causes trouble.
2. A Solid Backup Strategy
But let’s go back to the cyber attack. After workstations have been compromised, the attack then spreads to servers, network shares—anything visible on the network they can connect to and encrypt to extract a ransom. That can also include a network file share, which is where backups are stored. Once they have analyzed the environment they’ve compromised, it’s time to execute their ransomware by encrypting file shares that work shares, backup devices, local machines, servers. Once they own these, they own your company, and it doesn’t stop there; they can also hold your backups for ransom. You can see now why it’s so important to have a solid backup strategy.
Any IT person will tell you that you can never have too many backups, but you also must look at where your backups are being stored and how well they’re protected. Is it visible to an attack or easily compromised by an attacker? Many companies think that they’re backing up securely with an on-site backup. It is recommended to do your backups in the cloud to avoid this problem and keep your data safe, regardless of what happens within your four walls.
3. Passwords, Passwords, Passwords
Now, on to passwords. Let’s say the attacker has compromised a workstation. They can now see what domain you’re on and can now start trying to attack other accounts that exist on the network. So, for example, if they’re attacking a Windows network and Windows domain, they know that a default administrator account gets installed with every Windows domain, so they will start trying to compromise that account.
If there is a weak password on the account, you can be sure they’re going to compromise it. And if they do compromise accounts with admin rights on a domain, they basically have the keys to the kingdom, and you have almost no hope of recovery. The lesson: Don’t underestimate the power of a good password.
4. Multi-factor Authentication
Multifactor authentication (MFA) is becoming the standard because it provides an extra layer of validation beyond a password. MFA requires the user to prove their identity to an authenticator app on your cell phone, through an alternate mail, a phone call, or other method. The code you’re asked to type in is generated immediately and is unique every time, so it’s difficult to guess (unlike many passwords).
So, if an attacker gets a password, requiring another form of identification can prevent them from going any further. Because it has become relatively easy for attackers to compromise an account, MFA is a very powerful yet relatively easy process to put in place.
5. 24/7 Proactive Monitoring
A smart option is 24/7 proactive monitoring. These software solutions, which range in price, alert the designated contact of suspicious activity on their systems. But does that person understand the concern and know what to do about it? Are they asleep? On vacation? Do they get so many “false” alerts that they ignore one that’s “real”?
That is why 24/7 monitoring involves more than just software; that software needs to be monitored by a managed services company that not only watches for alerts, but also knows what action to take and takes it. This is not expensive when compared to a systems breach – and insurance for those companies with limited IT staff.
Speaking of insurance policies, there are companies now that write policies for cybersecurity attacks. Just like with health or home insurance, your company’s security “health” will determine your policy “premiums”.
The next area to address is timing. Once you’ve been compromised, even your backups can hurt you. “Researchers observed over 15 different ransomware families using a double-extortion approach to target organizations,” EC Council CISO continues. “Besides, nearly 40% of ransomware families discovered last year utilized this Ransomware 2.0 method…by the end of 2020, this approach was being used by 15 different ransomware families.”
Because attackers set up the trap slowly, their tools are installed on your servers, so they have likely become part of your backups. So, when you do a restore, especially if you do a full server restore, you’ve just restored their tools as well—and the door is still open for them. In short, if you paid the ransom quickly, before shutting down the attack completely, the attackers can go back, re-encrypt everything, and extort more from you.
Put a Plan You Can Trust in Place—with a Partner You Can Trust
The bottom line: Use any and all methods, tools, and services it takes to protect your business. Unless you’re a very large company, you probably don’t have the staff, budget, or resources to cover all the bases, and that’s where a trusted partner can help with analysis, advice, tools, and managed services. Talk to the experts at ArcherPoint about your cybersecurity strategy.
Watch our webinar Demystifying Cybersecurity with ArcherPoint, where we pack a lot into 30 minutes, including endpoint management, password health, backups, end user education, and more.