Be Prepared Against Cyberattacks in 2020

October 29th, 2020   |     |  culture and news, security & compliance

Saying 2020 has been a year full of uncertainty and unrest is arguably an understatement. I think the best news I heard lately is they were able to vacuum up the ‘murder hornets.’ If only all the challenges that have been thrown at us this year could be solved with a big vacuum. Now I am happily picturing the end of 2020 with the Cat in the Hat traveling around the world riding the Dynamic Industrial Renovating Tractormajigger (DIRT).

Throughout this year, cyberattacks have been rising exponentially, and this election period has seen an even greater acceleration. Reports of phishing attacks, Denial-of-Service attacks, and ransomware attacks seem to be everywhere. We wanted to share a checklist of what we recommend you do to protect you and your company.

Review your Incident Response plan

Your Incident Response Plan should contain instructions for your IT staff on how to detect, respond and recover from various types of cyberattacks.

Work with employees to make sure they know who to contact in an emergency

Each team or department should have a point of contact for an emergency and there should be backup contacts available.

Clear policy around who to escalate events to and when

The identified contact persons should have a clear understanding of how to escalate depending on the type of incident.

Be on the watch for brute force activity

A brute force attack is when an attacker automatically tries random passwords to get into a system. Even if it is difficult for someone to get in this way because you have enabled Multi-Factor Authentication, it is important to know if an attempt is being made. There are many event monitoring systems out there that can send out notifications when login attempts reach a particular threshold.

Make sure you are using Multi-Factor Authentication (MFA)

Multi-Factor Authentication is one of the best ways to protect against Brute Force and other similar attacks. By requiring that users provide an additional form of authentication on top of their password, Brute Force type attacks will fail.

Ensure users are using strong passwords

Passwords should be a combination of different types of characters: uppercase letters, lowercase letters, numbers and even special characters such as ! or $. This practice makes it harder for others to guess passwords.

Use a password manager to limit the number of passwords or better yet an Identity and Access Management system that checks to see if the passwords users are choosing have been used in other hacked systems

A Dictionary attack is like a Brute Force attack but it uses known passwords, passwords that have been hacked from other systems. Users are notorious for reusing the same passwords for multiple systems and Dictionary attacks take advantage of this known behavior. By limiting the ability of users to reuse passwords, especially passwords they might have used from other systems you will be able to thwart these types of attacks.

Educate users around possible phishing campaigns

Phishing attempts use email to trick users into sharing private information. Having some sort of board to keep users up to date on recent phishing scams can help. But you can also train your users to simply STOP.

  1. Stop
  2. Take a Deep Breath
  3. Opportunity to Think (whether this seems suspicious or no)
  4. Put the email into Perspective and report it to your Security Team or IT team for investigation

With everyone working from home, have good policies around less privileged access

Since employees’ workstations are probably no longer secured behind a company’s physical walls or corporate network, they are more vulnerable than ever. A least privileged access approach to any permissions given to a user is the safest way to go. Yes, it might be easier to just give them a higher level of access because figuring out how to give them exactly what they really need can take a bit of more time and effort. But, the average cost of a data breach due to stolen employee accounts is on average $4.77 million per breach and going up.

Be Prepared

The checklist we have provided is not only important to have today; it is important to follow everyday. We have to realize that cyberattackers are out there, and they are attacking every interface they can. No one’s organization can afford a successful hack. We must all be vigilant and aware. Hopefully this list is just a reminder of what you have already done. If not, you need to make sure that you are following these practices and protecting your company and your customers’ data today.

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Secure all your apps, users, and devices