The Colonial Pipeline ransomware attack was an attack against our critical infrastructure and a striking example of the threat of cybercrime. Beyond the financial and operational loss to the company, this attack impacted millions of people dependent on the regular delivery of gas. A large cybercrime organization likely targeted the Colonial pipeline using an unpatched software vulnerability or a social engineering attack. After a six-day shutdown, Colonial Pipeline paid cybercriminals $4.4 million in bitcoin and will be spending tens of millions of dollars over the next several months to fully recover their systems.
While an attack on your organization might not make national headlines, it could have just as big an impact on your business and your money. How can your organization protect itself from cyber criminals so that your business isn’t impacted in a similar way? Technical safeguards and employee training can go a long way to protecting your business. It’s time to prioritize cybersecurity! Here are a few tips to make sure your organization is doing what it can to make it difficult for criminals to attack your IT infrastructure.
1. Regular patching of critical systems
Your servers, workstations, firewalls, and wireless systems should be updated and rebooted regularly. Microsoft releases updates every month that fix critical server and workstation vulnerabilities and it’s recommended that these updates are installed within 30 days of release.
2. Install an effective monitored antivirus solution
Due to increased cybersecurity threats and the advent of highly destructive crypto-viruses and ransomware, it’s very important to have good antivirus protection on every device on your network. Alerts for infections should be monitored and sent to your IT team so that any possible threats can be evaluated and removed as quickly as possible.
3. Effective backup strategy that is tested regularly and not accessible from the network
Having secure and recent backups of all business-critical information is a vital defense against ransomware. We recommend a Backup and Disaster Recovery solution (BDR) that is isolated from the rest of your network. A good BDR can’t be encrypted by an attacker, is backed up to an offsite location in case of a physical disaster, and is able to quickly virtualize your servers so that your data is accessible and you can continue doing business in case of an attack. If backups are not set up properly, an attacker can encrypt or destroy your backup data so that recovery from a ransomware attack is not possible.
4. Longer passwords or passphrases
Easy to guess passwords that are not changed regularly are a quick and easy way for attackers to gain access to your network. Passphrases with 12 or more characters are recommended, in addition to yearly password changes, especially for any accounts that have administrative access to the network or access to confidential files or money. Default or simple passwords should never be used and users should not share their passwords with others.
5. Multifactor Authentication (MFA or 2FA)
With Multifactor Authentication, even if an attacker knows your username and password, they are unable to access your systems without the real user allowing access when prompted on their mobile device. We recommend setting up Multifactor Authentication wherever it’s possible (email, VPN/remote access, banking sites and any other sites that hold confidential or business critical information or money).
6. Secure remote access
Remote access should be done via a secure remote gateway or a secure application, preferably with Multifactor Authentication enabled. If your systems are available remotely from the internet using a remote connection without a VPN or other secure login method, your organization is at a very high risk for attack – this is currently the number one method of organizations being compromised.
7. Cybersecurity user training
Technical safeguards are critical, but as soon as a user clicks a phishing link or provides their username and password in the wrong place or follows unauthorized instructions, those safeguards are bypassed. Staff members should be regularly trained to recognize threats and respond appropriately, and be regularly tested to confirm the training is effective and to keep cybersecurity awareness top-of-mind.
8. Have your business continuity and disaster recovery plans ready
Does your business have a plan in place if a ransomware attack or other unplanned outage does occur? A business continuity plan is a document that outlines how a business will operate during an IT service disruption. A disaster recovery plan is a formal document that contains detailed instructions on how to respond to unplanned incidents (such as a natural disaster, power outage, cyberattack, or other disruptive events).
OneWhoServes, Inc. is a Team of certified cybersecurity specialists whom are all senior level Systems Engineers. We can assist with training and implementation of these systems and technical safeguards, if they are not already in place for your organization. If you have any questions or concerns, or would like to ensure all of these programs and systems are in place for your organization, please call 828-251-1111 or email firstname.lastname@example.org and we will be happy to help!
Gordon Walton, President
Business Technology Services