Cybersecurity has been a hot topic in Quebec over the past few months. Unsurprisingly, there are still some magical thinkers out there who claim they are immune to cyberattacks for some strange reason. However, most organizations invest time and money in securing their assets, even if the current set of services doesn’t make their life easier. And as I often say, in this field, there are hundreds of specialties and thousands of tools.
That makes it hard to find a good solution in a sea of technologies where acronyms and promises of magically erasing damage through high-tech, AI-powered solutions are more common than short-lived Canadian spinoffs of American TV shows.
To help cut through the chaos, I’ve collected five core actions you should prioritize to keep your company safe.
1. Implement multi-factor authentication.
It’s quite easy to guess your user ID. In many cases, it’s your email address. From there, an attacker just has to guess your password to access your data.
Without going into too much detail, there are many different ways to get your password. Phishing is one of the most popular, but there are also password databases pulled from successful cyberattacks on Facebook, LinkedIn, and Spotify. With tools like these, there’s a very good chance someone can find the right password.
Without multi-factor authentication (also called MFA), once an attacker has your password, they’re authenticated and can act on your behalf without your knowledge. MFA protects you by making you perform a concrete action during the authentication process or having you provide further proof that you are, in fact, the one trying to access your account.
If you aren’t trying to log in and the authentication process is prompting you for a second factor, you’ll know that someone has figured out your password and it’s high time to change it.
2. Save and encrypt your data.
Even with the best cybersecurity protection, an attacker might still get in. If their goal is financial, they’ll probably pull and encrypt your data. From there, they’ll propose a transaction. Pay a hefty ransom and you’ll get your data back, with a bonus reassurance from the criminal that they’ll destroy the data they have in their possession.
To deal with these situations, you need to have working backups, ones that can’t be accessed through your network. In addition, sensitive data should always be encrypted. That way, even once a criminal steals it, they won’t be able to do anything with it until the technology can break the encryption.
It’s also important to make sure that your computers’ disks are encrypted. It’s very easy to do and provides peace of mind if computers are lost or stolen.
3. Activate workstation and server protection software.
It’s important to use more than just a simple, locally installed antivirus designed to block malicious files. More advanced solutions can also detect abnormal behaviour and respond quickly.
In some cases, these solutions will automatically act to isolate and even destroy the malware. You should look for solutions that can easily be deployed from centralized consoles and that work on all of your workstations and servers. Microsoft Defender ATP is a good example of this type of solution.
4. Partner with a cybersecurity company.
Teaming up with a partner can help you weather the storm if a cybersecurity incident occurs. There are six main steps when it comes to responding to a security breach. I’ve outlined the key parts of each step below.
A – Prepare
In my opinion, preparation is a never-ending job. Threats are always changing, and so is your business. A partner needs to make sure that the technologies and procedures for monitoring and detection are up to date… and stay that way.
They should refine response procedures and involve members of your organization several times a year. They should also establish a major incident response protocol with you, which should involve third parties like insurers, legal counsel, media and public relations specialists, and law enforcement.
Finally, it’s important to know ahead of time whether your partner will be able to clearly and effectively share all of the information you need during an incident.
B – Identify
This step involves identifying the threat. What is it? Where is it? Is there any activity? Which areas have been affected? What is the potential impact? Should the alert level be raised?
Many providers only offer the identification step. Their services are limited to just identifying abnormalities. You’ll receive a message identifying the threat along with suggestions on steps to take. The problem behind this type of service is that you quickly get used to receiving an endless stream of alerts. As a result, you’ll start to see these alerts as normal and stop taking action. This phenomenon is so common it has a name: alert fatigue.
C – Isolate
Once you understand the situation, you need to quickly start on damage control. Isolation consists of cutting the malware off from the outside world. Your partner should be able to actively help you isolate, so they need to be familiar with your infrastructure. The sooner you take this step, the less damage you’ll have to deal with
D – Eradicate
D – Eradicate Eradication consists of removing every last trace of the malware, but that’s often easier said than done. Your partner needs to understand the attack, and if possible where it is coming from, to ensure that all compromised areas have been cleaned and that the entry point used by the hackers has been closed.
E – Recover
After an incident, life—and business—need to get back to normal. Your partner needs to support you as you restore everything that’s been compromised. They can give guidance when it comes to collecting evidence and communicating with the stakeholders who have been affected.
F – Learn
In my opinion, all minor incidents are opportunities to improve your defenses and your ability to respond more effectively to a major breach. Your partner should review each incident with you and identify areas for improvement.
I think it’s also crucial to involve users when they are the cause of a cybersecurity incident. If an employee understands that their moment of complacency could have halted the entire company’s operations, they’ll be much more vigilant afterward.
5. Identify vulnerabilities and apply patches.
Every day, bug hunters, well-intentioned or not, discover flaws in the technologies your companies use. These vulnerabilities can be exploited by criminals to access, steal, and even encrypt your data.
The famous Log4j vulnerability or the one affecting Microsoft email servers were among the most publicized because they affected so many people. For this reason, you need to monitor your IT assets and make sure that any vulnerabilities that put your company at risk are corrected quickly.