Cyber criminals and other malicious actors are relentless in their attacks against our computers and networks, seeking to encrypt our systems, steal financial, sensitive operational and personal data, or try to take over critical infrastructure control systems. They may be on the prowl, looking for systems on the internet which can be taken over, or they may act like a spider, waiting for that fly to land on their web.
When an unsuspecting employee clicks on a link from an unknown source, it puts the whole system is at risk. The good news is that although cybersecurity can be very complex, there are a few relatively simple steps that anyone can take to reduce the risk of or the impact from a cyberattack.
Implement multifactor authentication (MFA): Turn on MFA everywhere possible, but specifically on any remote access and cloud systems. MFA is when you use two different methods to login, such as a password and an app on your phone. Many websites (your bank for instance) likely already require MFA. Using MFA is one of the most important things you can do.
Practice password discipline: Change all default passwords, don’t use easy-to-guess passwords, don’t reuse passwords, and don’t share passwords. Often, we have so many passwords with difficult complexity requirements, that we reuse the same good password on many different websites and other systems. This can lead to a significant security risk.
Here are some tips for creating a stronger password:
- Use a long password: at least 15 characters, Passphrases are better than passwords
- Never re-use a password
- Randomly generated passwords are great. Computers or password managers are better than humans at being random—make the technology work for you.
Manage remote access: Do you know if you have any remote access into your network? The COVID-19 pandemic forced many people to work from home, and businesses and organizations moved to quickly address the need for more remote access. Several people turned to free and easy-to-set up tools that allow access to a computer from anywhere in the world. There is nothing inherently wrong with the tools, but if not configured and maintained properly present a significant risk to your organization. Understanding how users can access your network is paramount.
Protect your backups: Identify your key systems and ensure they are backed up appropriately to include offline or inaccessible (from the attacker’s perspective) copies. During a ransomware incident, an attacker’s first goal is to find your local backups and erase them. Don’t forget to also test your backups. One of the worst feelings in the world is when you realize your backups are corrupted.
Stay up to date on software updates: This includes your firewalls, routers, and any other device on your network. Every piece of software requires an update from time to time, turn on automatic updates when available and establish a process to ensure everything remains current. If you have out-of-date systems, consider ways to isolate them or how to move to a supported system.
Provide cybersecurity awareness training: Train your users, particularly on phishing. More than a third of all compromises is a result of phishing emails. There are plenty of no- or low-cost training resources available. Taking the time to train may have a huge impact.
Be wary of bank account changes: Criminals often send fake (and sometimes real) emails requesting that a change be made to a bank account for a vendor or employee, or a leader requests that money must be sent right now, or otherwise convince an organization to send funds to the wrong place. Having processes in place to require positive contact, i.e., call the requestor, before a change is made can help you avoid a lot of sleepless nights.
Prepare to respond: Develop an incident response plan to prepare for a cyberattack. If you wait until an incident happens to figure out what to do, it’s much too late. Once you have the plan, exercise it. Just like we did fire drills as kids, it’s important to understand what needs to happen during times of stress.
Manage third-party risk: Your vendors, suppliers, contractors and even utility providers may impact your cybersecurity. Ensure they aren’t opening holes in your defense.
These practices are some of the most important you can implement, but it’s certainly not everything that can be done. If you’ve not thought about a cybersecurity program previously, you can learn more by visiting CISA’s Cyber Essentials. If you’re more comfortable in the cyber realm and would like to mature your program, check out the NIST Cybersecurity Framework.
The methods cyber criminals use to penetrate our systems will continue to become more sophisticated, but by following the practices above to defend your computers and networks against all cyberattacks, you will greatly reduce your risk of becoming the next victim. Only through a concerted effort can cybercriminals be defeated. We’re all in this together—cybersecurity is national security.
