Four essential steps for protection against cyber attacks
Most businesses need computer systems to manage the business information. Computers permit a few people to manage a lot of information, which reduces operating cost. Most businesses also must connect their computers to the Internet to purchase materials and to sell goods and services. Some businesses such as e-commerce can only exist with computers and the Internet.
Businesses put locks on the doors and windows to prevent criminals entering the building and stealing money. A business that has computers and the Internet is a target for cyber criminals as the cyber criminals can enter the computer system via the Internet and steal money from the business. Most small and medium businesses fail to put locks on the computer system. The locks for computer systems are part of a group of actions and products called cybersecurity.
Cybersecurity is an essential part of doing business for any business that uses computers and the Internet to keep the thieves out.
Many businesses endure cyber attacks from criminals who try to steal from the business using theft of information or financial extortion. Theft of information occurs when businesses have information that can be sold to a third party, or else the information has value to a government
- Military contractors or similar with information about technology that a competitor or foreign government wants access to.
- Financial or e-commerce institutions holding customer payment information that can be sold on the black market.
Most businesses don’t have information that can be sold to a third party; however all businesses will suffer financially if they are denied access to the data that is used by the management system; customer information, financial information, inventory information, etc. These businesses are targeted by ransomware that the criminals use to encrypt the business data so that it cannot be accessed. When the criminals have prevented the business having access to its own information they demand a ransom to provide a key that will release the data.
There are four essential steps to protect a business against a cyber attack, and to recover the business data without cost in the worst case that a ransomware attack is successful. These steps are listed in the following sections.
Step 1: Staff training to recognize a potential cyber attack
The employees of the business are the first line of defense against cyber attacks. It is essential that employees be trained to understand what a cyber attack is and how to recognize a potential attack. The employees must have access to a cyber security expert who can be notified about a potential attack and can take quick action to investigate if an attack is occurring. To summarize;
- Training on methods of attack, including phishing.
- Providing a hotline to a cybersecurity expert report observations.
- Give awards for recognizing potential attacks.
- Never admonish a staff member who is tricked with a phishing attack, that will discourage staff to report incidents.
- Staff training should be repeated every 3 months as new methods of attack are being invented and new cybersecurity tools become available. Keep staff aware of the changes.
Quick action is important when a potential risk is identified. It is a race to block the criminal before the criminal has time to lock the business data.
Step 2: Network technical upgrades that are essential to protect the network
Network cybersecurity is the locks on the doors and windows. Cybersecurity tools are designed to keep the criminals out of the network. Each computer network has unique challenges to prevent unauthorized access. A cybersecurity expert must analyze the network to determine what protections and locks must be added to the network.
One of the most important features to add to a computer network is multi-factor authentication (MFA) or 2-factor authentication (2FA). This means that after the user enters a password the user gets a code on a mobile phone that is then entered to get network access. Security experts claim that MFA can reduce the probability of a cyber attack by 80% as a popular method of attack is to steal passwords. MFA prevents a stolen password being used.
The following list includes items that are essential for all networks.
- Install an Internet firewall.
- All computers must have anti-virus software with automatic updating.
- Security patches for software and network device firmware must be updated as soon as the patches are released. Software such as Microsoft Windows can be set to automatically update however older versions will not be updated. This means that the business must replace older computers.
- Install an end-point security firewall that imposes access rules for users.
- Zero trust authentication of devices and users to access the network.
- MFA or 2-factor authentication for all users to prevent criminal access after password theft.
- Secure encrypted remote access if used.
- Monitor network access to detect threats.
Some security products include several of these functions. For example the Authonet zero trust endpoint gateway authenticates devices and users onto the network, with users having multi-factor authentication and can monitor who is accessing the network, and identify failed accesses.
Step 3: Migration of applications software and data offsite to the cloud
Software applications and data can be installed on servers in the business or else installed on a remote cloud service. A cloud service is much more secure than the business network as cloud providers like AWS and Azure have very experienced cybersecurity staff and large cybersecurity budgets to ensure that criminals do not get access to their clients data.
Most software vendors such as Oracle, Salesforce and QuickBooks have cloud versions of their software and some only have a cloud version.
The two steps that a business should take are listed below.
- Move business applications to secure cloud services, AWS, Azure, etc.
- Move applications from Oracle etc. to cloud versions.
Many businesses have developed custom software that is designed for their business model. Migration of custom applications to the cloud requires specialist skills and the business should only contract a migration provider who can demonstrate successful projects with references from other customers.
Step 4: Recovery plan with offsite backups
Determined and knowledgeable criminals can pick even the best locks. The same applies to cybersecurity, the best precautions cannot guarantee 100% protection, what they do is reduce the probability of a successful attack, maybe by 98% or 99% and 98% less headache is excellent.
For that 1% or 2% probability of a successful ransomware attack it is necessary to prepare a recovery plan. The essential elements of the recovery plan are as follows.
- Backup all business data by writing to a secure offsite storage using an encrypted write-only file transfer protocol.
- Backup the business data daily or hourly.
- Ensure that this offsite storage cannot be accessed from the network.
- Keep multiple copies of backups, for 1 to 3 months, if the servers are attacked with ransomware the last few backups will have encrypted data.
- Have hard drives configured with software ready to replace in servers.
- Have SSD drives ready to replace user computer drives.
- Have a backup system to save the data for each of the user computers, wherever possible have users access only cloud data, store no data on the computer.
- Prepare, update and frequently test a comprehensive IT systems recovery plan, testing the plan is essential.
The procedure to follow after a ransomware attack has occurred is listed below:
- Disconnect the business computer network from the Internet as the attacker is accessing via the Internet, prevent the attacker doing more damage.
- Try to locate the user computer that has the Trojan virus installed, this might be the computer that is displaying the ransom message.
- Fetch the backup data from the remote location.
- Remove and replace the server hard drives with the application software and reinstall the backup data. Test that the servers are functional. It may be necessary to install an earlier backup.
- Remove and replace all workstation hard drives with an SSD, as it is not known how many workstations have been infected. Reinstall software and data if necessary. If applications are in the cloud then no software and data installation is necessary.
Without the recovery plan a successful attack will result in the business losing all data, or paying the ransom to unlock the data. Note that in 35% of ransomware attacks the criminal does not provide the key to unlock the data after the ransom is paid. Remember that the attackers are not honest people.
Finally, it is essential that a cybersecurity expert be called to make a regular verification every month or at the most every 3 months to ensure that these four steps are implemented and working. The cybersecurity expert should check that all software has been updated with security patches. If a business seeks cybersecurity insurance then it is likely that the insurer will request some or all of the steps listed above.
Readers who are seeking help with their cybersecurity plan can contact our partner Internet Technology Answers Inc. at this email address: email@example.com