We all know the importance of organizational security. With data breaches affecting SMBs and large businesses alike, preparation is key. However, it can be difficult to know the right steps for implementing the strongest measures.
As the new year approaches, this is the perfect time to assess your current practices and identify areas of improvement.
Multi-factor authentication, defined incident response procedures, and employee security training are all ways you can enhance your security posture and build greater awareness within your business.
Read on for helpful tips in these areas and more so your organization can stay at the top of its security game.
What Steps Should Every Organization Take Right Now Regarding Security?
One key measure is to protect any external authentication point with multi-factor authentication (MFA). MFA is one of the single largest dealbreakers as far as making attacks more difficult for a bad actor.
Despite controls that may be put in place, there are going to be weak passwords utilized by somebody within your organization.
If something is not protected with MFA, you create an unnecessary attack surface and a potential point of entry for attackers, which is why it’s essential to have complete coverage of all accounts.
If you’re unsure where to begin, focus first and foremost on remote access solutions, such as your company’s VPN and productivity suite.
From the software perspective, another key measure is patching the different types of software that you use and keeping them up-to-date. Bad actors can infiltrate your business through an unpatched software package.
Ensure that your business has a well-defined strategy to handle patching processes, ideally through automation, to protect yourself from these types of cyber incidents.
Are Small Companies Potential Targets of Cyber Attacks?
Every company is a potential target, irrespective of whether they have any kind of controlled or protected information.
If an entity exists as a business and generates revenue, it is a potential target for an attack.
Business email compromise (BEC) is a common attack where a bad actor gains access to an employee’s account and uses that to insert legitimate-looking emails into a thread. These messages are often targeted at creating a sense of urgency or relying on a sense of perceived authority (typically name-dropping).
These requests are typically not consistent for the person making them.
Taking the time to stop and think, question the request, and possibly validate with the person by other means before performing the action will always benefit the organization.
IT teams will appreciate that time was taken to question an unusual request rather than needing to handle a compromise or breach situation.
What is Vendor Email Compromise?
Another important note is that even if a cyber attack does not target you, it can target the vendors you work with.
Vendor email accounts can be compromised in the same way accounts at your business can. Bad actors may use social engineering tactics to communicate with your employees and pretend to be from a partner organization.
In both of these scenarios, it’s important to place more controls around requests like this. If a person asks to change payment, account, or other vital information via email, it’s best to call them directly and validate the request over the phone; they may not be aware that their email has been compromised.
This type of confirmation verifies that the request is authorized and safeguards your organization from potential attacks.
What Are the Primary Types of Attacks?
There are two broad types of attacks: targeted attacks and opportunistic attacks.
With targeted attacks, an attacker has a specific intent or purpose for targeting an organization or individual.
With opportunistic attacks, attackers cast a wide net and send out broad attack vectors looking for something to compromise, with no real target.
Once an account, workstation, or organization is compromised, bad actors can sell that initial access to other bad actors looking to achieve a specific goal.
Buyers may purchase access to an organization that is a prime target to them, using the compromised credentials stolen in an opportunistic attack.
It’s also important to note that opportunistic attackers tend to choose the path of least resistance.
For instance, if someone checks the door handles on your car in the middle of the night, they would typically be seen as an opportunistic attacker. By seeing which door is unlocked, the person is looking for somebody who didn’t put the proper control in place.
If the individual tests 50 car door handles and 49 of them are locked, they won’t spend time trying to access the 49 locked cars. Instead, they’re going to focus their attention on the unlocked car.
This concept also applies when you talk about controls from a technical perspective. The idea of defense in depth means that you’re creating as many layers as necessary to deter a person from carrying out an opportunistic attack.
How Can Businesses Protect Themselves From Ransomware Attacks?
To secure your business against ransomware, ensure you have resilient, up-to-date backups that work well so you can restore your data and information in the event of an attack.
Ideally, these backups should be stored in separate locations.
The better your backup plan is, the more resilient you will be and the better you can defend against a common ransomware attack.
Another best practice is to stay vigilant and pay attention to early indicators. Suspicious account alerts or activity could indicate an attacker has accessed your environment. If something doesn’t feel right, it probably isn’t, so it’s essential to take action and follow up with the appropriate teams.
Security Information Event Monitoring (SIEM) tools are also helpful because they can hold and harvest the telemetry of what happened.
With more log data, your incident containment and response team can have a better understanding and degree of certainty as to how the attack moved throughout the environment. It also helps better define the radius of impact.
The most important step is to plan ahead of time:
- Ensure complete asset coverage so you know exactly what you have in your environment to begin with. Understanding the configuration of your IT systems ensures that your EDR or security solutions are deployed to every device.
- Create a robust backup plan and strategy and confirm that your data is actually being backed up in a full, image-based capacity.
- Limit your attack surface as an organization. The more systems, accounts, and networks you have, the more opportunities attackers have to access your business. When realistic, maintain a smaller technical footprint by removing unnecessary systems, users, and other accounts.
- Verify that you have security tooling in place and eliminate humans from processes where possible. With automation, you can eliminate the risk of employees forgetting to secure a new device or implement a security update.
What is the First Step to Take After a Ransomware Attack?
First, affected organizations should contact the people responsible for handling their IT environment. These individuals can ensure that systems are isolated appropriately and the full impacts are understood.
As necessary, that information will be passed on to either legal counsel or the cyber security insurance provider.
Another critical step is to act as quickly as possible; in this day and age, attackers operate fast. Unfortunately, when ransomware has hit a machine, that is the end stage of an attack.
Most people think it’s best to shut down their computers in the event of a ransomware attack, and although you’ll want to isolate the device and remove it from the network, you’ll ideally want to leave your machine on.
In rare cases, the encryption key will still be resonant in the memory of that device, and it might be usable to avoid having to restore from backup. In addition, preserving the state of the machine at the moment of the attack can help with respect to understanding the attack path.
Can I Save Passwords in a Web Browser?
Password managers increase the strength and distinction of your passwords, but they aren’t perfect.
A password manager generates unique, random passwords for all of your accounts and stores them in one place—your password vault. To protect the vault, you set one strong password and enable MFA for the password manager (you should ensure MFA is applied to each individual account, as well).
A password manager is designed to protect against issues like credential reuse, where the same password is used for many different accounts.
This practice allows an attacker to carry out a credential stuffing attack. If a bad actor compromises your password on Site A, they can visit Site C and try the same password there. If you reuse that password, they’ll be able to access that data successfully.
As a result, password managers eliminate the concern of credential reuse by creating distinct login information for each account.
However, it’s also essential to understand the risks associated with password managers. If an endpoint is compromised, like a workstation or master password, you’ll have a significant incident and need to act quickly to reset all those credentials.
A compromised password manager allows attackers to move very quickly into your other accounts.
As a result, you don’t have time to wait if you believe your machine may have been compromised with malware.
If you use a password manager, know what you are defending against and understand the risks.
How Can You Ensure Employees Follow Best Practices for Cyber Security?
Employees are the #1 cause of data breaches, so it’s essential to follow a multi-layered security approach and provide them with education and resources.
- Create a strong, structured, formalized information security program. Clearly communicate the frameworks and guidelines that your employees should follow.
- Enable technical controls that help enforce aspects of your information security policies. For instance, some password managers can include lists of banned passwords to protect against weak credential creation.
- Conduct awareness training to educate users about types of attacks and proactive steps they can take. Make sure they understand the right people to contact and the practices to follow in the event of an attack.
Above all, help your employees become security-conscious and understand the roles they can play in preventing attacks.
Conclusion
As 2023 comes to a close, spend time revisiting and revising your cyber security policies.
By taking advantage of helpful security tools and following best practices, you can reduce the risk of cyber incidents and protect valuable data and assets.
Prepare for the new year and ensure you take proactive steps to safeguard your business.