Arguably, Labor Day serves as the kick-off to fall, which quickly brings the holidays into view. As you prepare your business for the season, your technology should remain an ongoing focus, as cybercriminals often target holidays to take advantage of vulnerabilities in your network and capitalize.
Just before Labor Day, the FBI and CISA reminded organizations to be extra alert to possible cyberattacks as a result of previous three-day holiday weekend incidents earlier this year. In the warning, they reminded everyone to follow key IT security best practice recommendations, which have been gathered because of some of the country’s debilitating incidents and expensive losses over the last year.
To help organizations get ahead of the risks associated with the holiday season, here are some actions you can take to make your networks and business more secure:
Ensure offline/offsite backups are complete and quickly recoverable.
Most backups are incomplete, not frequent enough, or not protected from becoming corrupted themselves. The only way to know if you can trust your backups is to implement a disaster recovery/business continuity plan. And the activity doesn’t require you to run a fire drill every week. However, you need to know whether you can fully recover each and every IT asset without paying ransom, waiting for cyber insurance policy coverage confirmation, or spending a week rebuilding everything from scratch.
Lock down remote access platforms and tools.
Just because there is a password protecting your RDP Server, VPN appliance, GoToMyPC cloud service – or similar remote access tool or platform – does not mean it is secure. Hackers have tools in place to scan the internet millions of times a day looking for open connections to remote access tools and platforms, so yours shouldn’t be “discoverable.”
Most organizations allow IT staff and vendors to use remote access to manage IT assets more easily, but rarely test the security of that remote connection from a vulnerability assessment perspective. Sometimes, you simply need to change the default port in use by the remote access server. Other times, you need to hide the remote access connection behind a VPN or extra firewall. It’s different for each tool or platform in use. Having an automated vulnerability assessment tool or service in place prevents the risk of inadvertent security lapses.
Keep your software up to date with the newest patches.
Part of this requirement includes making sure remote worker systems are turned on at night to allow for upgrades and that servers are allowed to reboot after-hours. Most automated software updates are not completed for computers turned off at night, or servers are “busy” when patches were attempted. Remote workers are especially prone to have missed software updates for months since their computers are frequently turned off at night or being used for personal home computing when they need a window of time to install updates and reboot afterward.
Servers that are “always busy” in the middle of the night or on weekends, due to running reports or backing up data, are also prone to have missed software patches for months (even years). Other times, servers have the downloaded software updates needed but are unable to reboot in the middle of the night for one reason or another. But this is a critical function for ensuring software patches released are implemented to protect from vulnerabilities.
Address your password vulnerabilities.
In short: Use strong, unique passwords for each different IT asset or cloud service you log into and do not reuse passwords or password patterns such as “LinkedIN#2021” and “Outlook#2021.”
It’s human nature to want convenience – and we’ve all done it in the past to avoid having to create complex, unique passwords for 20 different IT assets we use every day. But since it is now easier than ever for hackers to run automated scripts and “brute force” attempts at guessing your passwords before anyone notices, it’s critical to use a separate password manager service/app that allows you to store more complex passwords/passphrases for each unique IT asset you use.
Additional password protection should also be implemented, such as turning on other password security configuration settings wherever possible. This might include “account lock time out” and “impossible travel.” Account Lock Time Out prevents brute-force password guesses by turning off the ability to login to that specific asset for a period while alerting the user and the IT staff to a potential cyberattack attempt. Impossible Travel prevents people or bots in other countries from even accessing your US-based cloud service, email, file sharing, video chatting, server, or computer.
Protect all passwords with extra security layers.
In the same way that most banks, credit unions, and email services require 2-step verification or account password resets, experts tell you to do the same across all systems and services, beyond just email. This helps when a password is compromised in the future, hackers still may not be able to gain access to the IT asset because there’s an extra step in the security process.
This multi-factor authentication (MFA) is frequently deployed to protect email for senior executives but may be missed for everyone else and every other IT asset in use. We’d argue that every email account or system should enable MFA to significantly reduce the risk to the network. Some examples of risk include:
- The HR or procurement manager has access to high-value transactions, personally identifiable information, or vendor information.
- The finance department frequently manages ACH transfers, direct deposits, and account information.
- The engineering intern or sales team temp may have access to servers, databases, cloud services, or other IT assets to allow them to collaborate with traditional employees on joint projects.
Not securing their account passwords with MFA is just as likely to result in painful and expensive cyber breaches that could have been prevented with established best practices.
What’s outlined here are just a few of the more than 200 standards that ZAG developed to help our clients protect their network from outside threats, boost network connectivity and security, and provide proven ways to reduce risk.