Here’s one thing the cybersecurity world can agree on: there is no single product available today that will solve all of your cybersecurity problems. In today’s world, it takes many technologies and processes to provide comprehensive risk and security management. Instead, SMBs should continually be checking their systems for vulnerabilities, learning about new threats, thinking like attackers, and adjusting their defenses as needed.
Must-Have Solutions for Cyber Protection: Layered Security
Cybersecurity technology starts with antivirus software. Antivirus, as its name implies, is designed to detect, block, and remove viruses and malware. Modern antivirus software can protect against ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, adware, and spyware. Some products are designed to detect other threats, such as malicious URLs, phishing attacks, social engineering techniques, identity theft, and distributed denial-of-service (DDoS) attacks.
A network firewall is also essential. Firewalls are designed to monitor incoming and outgoing network traffic based on a set of configurable rules – separating your secure internal network from the internet, which is not considered secure. Firewalls are typically deployed as an appliance on your network and in many cases offer additional functionality, such as a virtual private network (VPN) for remote workers.
Patch management is an important consideration as well. Cyber Criminals design their attacks around vulnerabilities in popular software products such as Microsoft Office or Adobe Flash Player. As vulnerabilities are exploited, software vendors issue updates to address them. As such, using outdated versions of software products can expose your business to security risks. There are a variety of solutions available that can automate patch management.
Recent studies have reported that weak passwords are at the heart of the rise in cyber theft, causing 76% of data breaches. To mitigate this risk, businesses should adopt password management solutions for all employees. Many people have a document that contains all of their password information in one easily accessible file – this is unsafe and unnecessary. There are many password management apps available today, like LastPass. These tools allow users to keep track of all their passwords. Encryption is also an important consideration. Encrypting hard drives ensures that data will be completely inaccessible, for example if a laptop is stolen.
These measures protect against a wide array of cyber attacks. However, because threats like ransomware are always evolving, security solutions are just on part of an effective defense strategy. You also need solutions in place that enable you to return to operations quickly if you do suffer a cyber attack. Data protection technologies are an essential second layer of defense against cyber crime.
The #1 Solution for Cybersecurity Protection: Backup and Recovery
Taking frequent backups of all data considered critical to your business is critical. The exact frequency of backups will vary based on your business’ specific needs. Traditionally, most businesses took a daily backup, and for some businesses this may still be suitable. However, today’s backup products are designed to make incremental copies of data throughout the day to minimize data loss. When it comes to protecting against cyber attacks, solutions that back up regularly allow you to restore data to a point in time before the breach occurred without losing all of the data created since the previous night’s backup.
Some data protection products can tale image-based backups that are stored in a virtual machine format – essentially a snapshot of the data, applications, and operating system. This allows users to run applications from the backup copy. This functionality is typically referred to as instant recovery or recovery-in-place.
Databranch offers a variety of solutions to help prevent attacks from happening, as well as backing up your data. To learn more about how Databranch can help you stay secure, give us a call at 716-373-4467 x 15 or email email@example.com
–Blog Provided Courtesy of Datto
Phishing scams are the leading tactic leveraged by today’s ransomware hackers, typically delivered in the form of an email, chat, web ad, or website designed to impersonate a real system and organization. Often crafted to deliver a sense of urgency and importance, the message within these emails often appears to be from the government or a major corporation and can include logos and branding.
Baiting is similar to phishing and involves offering something enticing to an end user in exchange for private data. The “bait” comes in many forms, both digital, such as a music or movie download, and physical, such as a branded flash drive labeled “Executive Salary Summary Q3 2016” that is left out on a desk for an end user to find. Once the bait is taken, malicious software is delivered directly into the victim’s computer.
3. Quid Pro Quo
Quid Pro Quo is similar to baiting and involves a request for the exchange of private data, but for a service. For example, an employee may receive a phone call from the hacker posed as a technology expert offering free IT assistance in exchange for login credentials.
Pretexting is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker or a figure of authority within the company in order to gain access to private data. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data in order to comply with a corporate audit (that isn’t real).
Tailgating is when an unauthorized person physically follows an employee into a restricted corporate area or system. The most common example of this is when a hacker calls out to an employee to hold a door open for them as they’ve forgotten their RFID card. Another example of tailgating is when a hacker asks an employee to “borrow” a private laptop for a few minutes, during which the criminal is able to quickly steal data or install malicious software.
Employee awareness of social engineering is essential for ensuring corporate cybersecurity. If end users know the main characteristics of these attacks, it’s much more likely they can avoid falling for them. As many of us are visual learners, make sure to provide them with actual examples of these scams.
–Blog Provided Courtesy of Datto
What is Cyber Resilience?
The most common definition of cyber resilience is the ability of an enterprise to limit the impact of security incidents. It’s a broad approach that encompasses cybersecurity and business continuity management, which aims to defend against cyber attacks and ensure that the business is able to survive.
Cyber resilience includes two primary components. Step 1 includes prevention measures, such as the ability to continuously discover and monitor all points in your attack surface and analyze this information to predict likely breach scenarios. Step 2 is to develop a plan to take appropriate action if and when an attack occurs.
Unfortunately, most businesses fail to develop a plan.
Step 1: Assess the Risks
Before you implement an incident response plan, you’ll first need to assess the risks to which your company is exposed. Risks may include:
- Strategic – the failure to implement business decisions that align with the organization’s strategic goals;
- Reputational – negative public opinion;
- Operational – loss resulting from failed internal processes, people, system, etc.;
- Transactional – problems with service or product delivery; and
- Compliance – violations of laws, rules, or regulations.
To conduct a risk assessment, you’ll need to:
- Characterize Your Business – Some questions to ask are: What kind of data do you use? Who uses it? What is the data flow? Where does the information go?
- Identify Threats – Common threat types include unauthorized access, misuse of information, data leakage or unintentional exposure of information, loss of data, or disruption of service or productivity.
- Determine Inherent Risk and Impact – What would be the impact on your organization if the threat were exercised? Would the impact be high, medium, or low?
- Analyze the Control Environment – You typically need to look at several categories of information to adequately assess your business’s vulnerabilities. Are your controls satisfactory or do they need improvement? A few examples of controls you might want to look at include:
- Organizational Risk Management Controls
- User Provisioning Controls
- Administration Controls
- User Authentication Controls
- Infrastructure Data Protection Controls
- Data Center Physical and Environmental Security Controls
- Continuity of Operations Controls
- Determine Your Organizational Risk – To do this, you’ll need to consider how high the threats are and how vulnerable the controls are. From there, you can decide if the risk is severe, elevated, or low.
Regular risk assessments are a fundamental part of your business and they should be reviewed regularly. Once you’ve completed your first risk assessment, you can implement an incident response plan.
Step 2: Develop the Incident Response Plan
An incident response plan will identify the actions that should be taken when a data incident occurs. The aim of it is to identify the attack, contain the damage, and eradicate the root cause. When your organization responds to an incident quickly, it can reduce losses, restore processes and services, and mitigate exploited vulnerabilities.
The SANS Institute’s Incident Handlers Handbook defines a six-step incident response plan:
- Preparation: This step involves creating an incident response team and outlining their roles and responsibilities. You’ll need to develop policies to implement in the event of a cyber attack, as well as a communication plan.
- Identification: Decide what criteria calls the team into action, such as a phishing attack. Start to assess the incident and gather evidence.
- Containment: Once your team isolates a security incident, the aim is to mitigate the damage. This includes an instant response, such as taking down production servers, a system backup, and long term containment, such as installing security patches on affected systems.
- Eradication: Contain the threat and restore systems to their initial state. This step also includes seeing if the attacker reacted to your actions and anticipating a different type of attack.
- Recovery: Ensure that affected systems are not in danger and can be restored to working condition. Monitor the network system to ensure that another incident doesn’t occur.
- Lessons Learned: Review the steps you took and see if there are areas for improvement. This report can be used as a benchmark for comparison or as training information for new incident response team members.
Following these steps can prepare your organization for a security incident and ensure that you’re taking appropriate measures.
–Blog Provided Courtesy of Datto