Saying 2020 has been a year full of uncertainty and unrest is arguably an understatement. I think the best news I heard lately is they were able to vacuum up the ‘murder hornets.’ If only all the challenges that have been thrown at us this year could be solved with a big vacuum. Now I am happily picturing the end of 2020 with the Cat in the Hat traveling around the world riding the Dynamic Industrial Renovating Tractormajigger (DIRT).
Throughout this year, cyberattacks have been rising exponentially, and this election period has seen an even greater acceleration. Reports of phishing attacks, Denial-of-Service attacks, and ransomware attacks seem to be everywhere. We wanted to share a checklist of what we recommend you do to protect you and your company.
- Review your Incident Response plan
- Work with employees to make sure they know who to contact in an emergency
- Clear policy around who to escalate events to and when
- Be on the watch for brute force activity
- Make sure you are using Multi-Factor Authentication
- Ensure users are using strong passwords
- Use a password manager to limit the number of passwords or better yet an Identity and Access Management system that checks to see if the passwords users are choosing have been used in other hacked systems
- Educate users around possible phishing campaigns
- With everyone working from home, have good policies around less privileged access
Review your Incident Response plan
Your Incident Response Plan should contain instructions for your IT staff on how to detect, respond and recover from various types of cyberattacks.
Work with employees to make sure they know who to contact in an emergency
Each team or department should have a point of contact for an emergency and there should be backup contacts available.
Clear policy around who to escalate events to and when
The identified contact persons should have a clear understanding of how to escalate depending on the type of incident.
Be on the watch for brute force activity
A brute force attack is when an attacker automatically tries random passwords to get into a system. Even if it is difficult for someone to get in this way because you have enabled Multi-Factor Authentication, it is important to know if an attempt is being made. There are many event monitoring systems out there that can send out notifications when login attempts reach a particular threshold.
Make sure you are using Multi-Factor Authentication (MFA)
Multi-Factor Authentication is one of the best ways to protect against Brute Force and other similar attacks. By requiring that users provide an additional form of authentication on top of their password, Brute Force type attacks will fail.
Ensure users are using strong passwords
Passwords should be a combination of different types of characters: uppercase letters, lowercase letters, numbers and even special characters such as ! or $. This practice makes it harder for others to guess passwords.
Use a password manager to limit the number of passwords or better yet an Identity and Access Management system that checks to see if the passwords users are choosing have been used in other hacked systems
A Dictionary attack is like a Brute Force attack but it uses known passwords, passwords that have been hacked from other systems. Users are notorious for reusing the same passwords for multiple systems and Dictionary attacks take advantage of this known behavior. By limiting the ability of users to reuse passwords, especially passwords they might have used from other systems you will be able to thwart these types of attacks.
Educate users around possible phishing campaigns
Phishing attempts use email to trick users into sharing private information. Having some sort of board to keep users up to date on recent phishing scams can help. But you can also train your users to simply STOP.
- Take a Deep Breath
- Opportunity to Think (whether this seems suspicious or no)
- Put the email into Perspective and report it to your Security Team or IT team for investigation
With everyone working from home, have good policies around less privileged access
Since employees’ workstations are probably no longer secured behind a company’s physical walls or corporate network, they are more vulnerable than ever. A least privileged access approach to any permissions given to a user is the safest way to go. Yes, it might be easier to just give them a higher level of access because figuring out how to give them exactly what they really need can take a bit of more time and effort. But, the average cost of a data breach due to stolen employee accounts is on average $4.77 million per breach and going up.
The checklist we have provided is not only important to have today; it is important to follow everyday. We have to realize that cyberattackers are out there, and they are attacking every interface they can. No one’s organization can afford a successful hack. We must all be vigilant and aware. Hopefully this list is just a reminder of what you have already done. If not, you need to make sure that you are following these practices and protecting your company and your customers’ data today.