Information Security Strategy 101 for business owners



Disaster is only a mouse-click away.

That’s an inescapable reality in the age of Internet-connected digital business. Unprincipled and criminally smart hackers are continually creating viruses that can do everything from cripple or take over computer systems to steal sensitive data, credit card information and extort cash. This spring, more companies than ever have suffered an onslaught of malware attacks and ransomware attacks.   These menacing viruses have shown no industry discrimination in whom they have targeted but are instead focused on the small and medium companies that are often out of the limelight and are usually not targets of hackers.  The attacks occurred amid warnings from government cyber security officials in the U.S. and U.K. that Russia-backed hackers have their sights set on western businesses and individuals, though whether or not the Kremlin has been behind the malware offensive on the small and medium sized firms is unknown.

In the wake of the attacks, which in some instances temporarily paralyzed companies’ networks, Patrick Dunn, President of Cushnoc Resiliency has created a list of best practices that businesses can use as bulwarks against cyber incursions. Here’s what Dunn recommends:

  • Use A Secure Email Gateway: Email is often the Trojan Horse of malware getting into your network, A secure gateway can lower your risk by monitoring and blocking users from opening malware attachments or clicking bad URLs.
  • Utilize Malware-Scanning Software that manages anti-malware policies, routinely scans corporate systems and personal computers, and alerts your IT team when malware is detected. These services can be configured to automatically quarantine or eradicate the malware before it can spread.
  • Build Sturdy Fire Walls: Networks should have firewalls that are configured correctly, continually patched and constantly monitored.  It’s critical to have a properly configured next-generation firewall with unified threat management.
  • Circle
    All Computers Should Have Anti-Virus Protection that’s updated in real time and makes use of heuristics and behavior analysis. Additionally, all systems, including third party software, must be up to date on patches and feature strong spam filters.
  • Circle
    Scan Often: Your entire network should be scanned for vulnerabilities on a weekly or monthly basis to identify any systems that are not current. Daily may also be necessary depending on what the weekly scans are discovering.
  • Circle
    Have A Plan: Develop a quick incident response plan in case of a breach.
  • Circle
    Have Good and Tested Back-Ups in Place: If victimized by an attack, this can prove essential to recovering as much data as possible from impacted databases/applications. Always back up your critical systems on a separate VLAN away from the production system.  If your production systems and logical back-ups (or even DR environment) all exist on the same VLAN, ransomware may be able to spread and encrypt them all, leaving little option for recovery. The reason for backups is to add redundancy, and to allow for business continuity and disaster recovery.
  • Circle
    Quarantine Devices/Systems infected with malware/ransomware from the rest of your network. Unplug, power down, do whatever it takes to isolate the infected machines. This could include severing the network with a satellite office that has been infected to protect other locations. This certainly could result in impacted business operations, but that is far better than a malware attack spreading across your corporate network. After being quarantined, an infected device should be wiped and restored, with the restore point being somewhere before the infection.  Trying to clean the infected machine can be very costly and often is unsuccessful.
  • Circle
    Consider Getting Outside Assistance: Establish a master service agreement with a cyber security firm. It could prove helpful in the event of an attack. These companies can guide you through the process of recovering your data and perform a root cause analysis to determine the core vulnerability so it can be addressed.

Of course, cyber security isn’t just the responsibility of the IT team. Every employee has a part to play. Companies should guide employee behavior with the below strategies to minimize the chance of an attack threat being successful.

  • Be Link & Attachment Savvy: Never open an attachment or link from someone you do not know. Furthermore, check links before clicking on them. By hovering over a link, you can see the actual web address you’re being directed to. Make sure the link is taking you to the website you expected.  Links in scam emails may direct you to web addresses that are long, unfamiliar and use random characters.
  • Utilize the Principle of Least Privilege so that users only have access to files they must have access to, said Denham.
  • Be Savvy with Passwords: Employees should engage in safe password practices like two factor authentications. Instruct employees to never use the same password for critical systems like email and login.
  • Circle
    Analyze Email Address: Tell employees to pay attention to the “To” and “From” fields in their received emails. Were they part of a mass distribution list? Is the “From” email address long and/or not apparently linked to a recognizable/common address? Does it have spelling errors or in other ways seem suspicious? If “yes” to any of these questions, then “these are warning signs of a phishing scam.”
  • Circle
    Encourage Communication: Make sure employees know to report any suspicious emails to a supervisor in charge and the IT department.
  • Circle
    Remind & Consider Training: Send periodic reminders to staff about cyber security best practices they should be following. Also, consider providing employees with cyber safety training. It could be money well spent given the growing sophistication of email and phone scams that can persuade even seasoned corporate employees and customer service personnel to give out passwords, account numbers or other sensitive data that can be used to access systems and/or perpetuate identity theft. (Sensitive or confidential information should never be sent via email or through unfamiliar websites).  Good cyber security training should cover password best practices, ransomware, phishing awareness and training.

 

Patrick Dunn is a 20-year veteran in the fields of Information/Cyber Security and Business Resiliency and helped hundreds of companies throughout North America by developing plans for “What-If” events such as malware and ransomware attacks and other events such as terrorism and natural disasters. Patrick is the President and Co-Founder of Cushnoc Resiliency Advisors, based in Augusta, Maine and has clients throughout North America.

Leave a Comment: