What Are the Risks of Using Unsupported Hardware?

What Are the Risks of Using Unsupported Hardware?

From a financial standpoint, it makes sense to try and hold out on upgrading your hardware until something breaks, even if the hardware in question is no longer supported by the manufacturer. After all, if it still works, why replace it?

However, using unsupported hardware brings with it a wealth of cybersecurity risks, can hinder productivity, and can hurt your bottom line.

9 Reasons You Need to Say Goodbye to Unsupported Hardware

You’re Incurring Unnecessary Expenses

Once hardware reaches its end-of-life (EOL), you’ll likely have to pay a hefty premium to keep your aging technology up and running. If extended support is available at all, it isn’t likely that many companies will offer it, leaving you less choice and hampering your ability to shop around for the best price.

You May No Longer be in Compliance

Financial organizations and healthcare providers, in particular, are subject to strict codes of compliance. When your organization is tasked with protecting sensitive patient or customer data, extra steps need to be taken to ensure that data is secure. 

Without the ability to install security patches to address known vulnerabilities or support up-to-date (and more-secure) versions of the software your organization relies on, you may no longer be able to comply with relevant regulations, leaving your organization vulnerable from a legal and compliance standpoint.

Outdated Hardware is Unreliable

Aside from the expected wear and tear on old components (which will become increasingly difficult to find or repair), outdated hardware doesn’t support new versions of the software your organization requires to function. As such, you will likely be forced to rely on outdated software, curtailing system performance and cutting you off from new features. 

Outdated hardware is also more likely to crash, increasing system down-time and causing headaches and frustration for employees and customers alike.

Productivity Takes a Hit

Unsupported hardware affects employee productivity in a multitude of ways:

  • Employees have to invest more time and energy in keeping outdated hardware up and running, pulling them away from tasks that grow your business.
  • Outdated hardware isn’t able to support the newer, faster, more reliable versions of the software your organization depends on, which means employee tasks end up taking longer than they should because workers are left waiting for software to load.
  • Employees who are continually frustrated with the tools they need to do their jobs are less likely to be satisfied with their jobs overall, leading to higher turnover. Not only does this lead to increased costs (during the training period, trainees don’t make the company money, they cost money), but it also decreases productivity as new members learn the skills they need to do their jobs. Workers are also more likely to view employers with high turnover rates with suspicion, which may make it harder to attract the skilled workers you need to succeed.

Your Network is Left Vulnerable

Older hardware is unable to support the newest software, which means you won’t be able to take advantage of security patches or other steps software manufacturers take to address vulnerabilities in their products. Cybercriminals are well known for targeting older software with known vulnerabilities since not all users will have the latest security patches installed.

Increased Environmental Impact

Everyone knows old cars are more likely to be gas guzzlers than their sleek modern counterparts, but the same holds true for outdated hardware. Increased energy consumption leads to higher electricity bills, increasing your carbon footprint while further eroding your bottom line.

You May Experience Data Recovery Problems

Should disaster strike, outdated hardware means you may have trouble recovering lost data. Depending on your industry and the nature of your business, the impact of this lost data could range from frustrating to catastrophic. 

You’ll Likely Encounter a Skills Shortage

As we mentioned in the section about unnecessary costs, finding a repair or maintenance company with the skills needed to repair and maintain your outdated equipment may be difficult. Even if you are able to find a business that can help, there aren’t likely to be many of them around, which means you will likely be left with the choice of either paying exorbitant amounts for repairs and maintenance or upgrading your hardware anyway.

Also, because older hardware is only able to support older software, you may find it’s difficult to find workers who are familiar with the programs you use. For example, many financial institutions rely on software written in COBOL; a vintage programming language developed nearly 60 years ago that isn’t regularly taught in universities anymore. Unfortunately, many major financial corporations (and sections of the federal government) rely on systems that use COBOL, and as older programmers retire, they are having a hard time hiring qualified replacements. 

By holding onto unsupported hardware, you may be compromising your organizations’ future as it becomes increasingly difficult to find workers and repair people who have the skills needed to maintain your outdated and aging equipment.

Frustrated Customers Are Likely to Become Former Customers

In the age of instant results, a slow website or frequently inaccessible client portal is incredibly frustrating. Customers expect to be able to access products and services quickly 24/7/365. That means organizations that experience frequent outages, slow software, and other outdated hardware-related issues are likely to see their customers abandon them for competitors who offer a better user experience.

Looking to Break Up with Your Outdated Hardware? Virtual Armour Can Help!

A system migration may seem daunting, and not every organization has the people power or the inclination to maintain and troubleshoot their IT infrastructure or keep it up to date. That’s why Virtual Armour offers managed infrastructure services

Our team of experts will monitor your network 24/7/365 and troubleshoot any issues that arise quickly, minimizing or even eliminating downtime. We’ll also ensure your system is kept up to date with the latest security patches and keep an eye out for suspicious activity. If you’re looking to say goodbye to on-prem hardware solutions altogether, we also offer cloud services.
For more information about our cloud or managed services, or to get started on your data migration, please contact our team today.

Terms & Phrases Used in the Managed IT & Cybersecurity Industries

Terms & Phrases Used in the Managed IT & Cybersecurity Industries

Recent cyberattacks, including the SolarWinds attack and the Microsoft Exchange attack, have renewed focus on how critical a good cybersecurity posture is. Managed IT services and cybersecurity promise to help organizations manage their IT and keep their data safe and compliant, but not everyone is clear on what exactly a managed IT provider does, what cybersecurity is, and what the various technical terms used in the industry mean. 

To help you understand what managed IT and cybersecurity are, and why they are important, we’ve created a handy little guide that explains common terms you may encounter and demonstrates how they pertain to the larger cybersecurity or managed IT picture.

Cybersecurity

What is Cybersecurity?

In the broadest sense, cybersecurity refers to techniques used by either companies or their cybersecurity services provider to protect an organization’s digital assets. Digital assets include both your digital infrastructure (networks, systems, and applications) as well as your data (such as financial records, client lists, and other records). By taking steps to protect these digital assets, organizations can better safeguard themselves against cyberattacks, where threat actors or attackers (also called hackers) attempt to gain unauthorized access to infrastructure or data for nefarious purposes. 

Types of Cybersecurity Solutions

Many of these solutions overlap, creating a “swiss cheese” model approach to cybersecurity: not every program is going to be able to catch everything, but layering multiple programs and strategies together reduces the chances that someone or something malicious is able to slip through all your defenses. 

Anti-Virus (AV)

Antivirus is a type of security software used by IT professionals to scan for, detect, block, and eliminate malware (malicious software). AV programs typically run in the background and rely on known malware signatures and behavior patterns. Though AV is useful, it is just one piece in the cybersecurity puzzle and isn’t enough to protect your digital assets on its own.

Endpoint Detection & Response (EDR)

Endpoint detection and response refers to a set of tools and solutions that are used to detect, investigate, and mitigate suspicious activities on endpoints (devices that can access the network, including computers and smartphones) and on hosts (such as networks). EDR is valuable because it can detect advanced threats that don’t have a known behavioral pattern or malware signature (like AV requires). EDR can also trigger an adaptive response (like your immune system springing into action) depending on the nature of the threat it has detected. 

Managed Detection & Response (MDR)

Managed detection and response is a piece of the SOCaaS (Security Operations Center as a Service) model that offers a comprehensive solution for continuous threat monitoring, threat detection, and incident response and is provided by a third-party vendor. Holistic, turnkey solutions like this can help provide peace of mind, giving IT professionals the information they need to prioritize incidents and improve the overall security posture of the organization.

Network Operations Center (NOC)

A network operations center refers to a central hub that allows network administrators to manage and control their network or networks and their primary server across several geographically distributed sites (such as a head office managing and observing multiple branch locations). Because network administrators need to deal with threats and headaches such as DDoS attacks (discussed later in this article), power outages, network failures, routing black holes, and other issues, it is critical that they are able to oversee the entire network and react to threats quickly and easily. 

A NOC is not a security solution, but it can help larger organizations effectively monitor their networks, endpoints, and other critical infrastructure and devices for signs of trouble and is frequently used in Managed IT.

Security Operations Center (SOC)

A security operations center is crewed by cybersecurity personnel and handles threat detection and incident response processes, all while supporting the various security technologies your security operations rely on. While larger enterprises often build and manage their SOC in-house, small and medium-sized organizations don’t typically have the personnel or bandwidth to do so. As such, SMBs (small and medium-sized businesses) frequently choose to outsource their SOC to trusted partners.

Security Information & Event Management (SIEM)

SIEM is a vital tool used to collect and aggregate security events and alerts across multiple security products. Once this information has been gathered, the SIEM software analyzes and correlates those events to look for patterns that might identify potential threats within the organization. 

SIEM is useful, but only if it is being actively managed. The aggregated data is only useful if it can be interpreted and used effectively to better improve your security posture. As such, many organizations are elevating their SIEM approaches and adopting the SOAR (Security Orchestration, Automation, and Response) model.

Vulnerability Management (VM)

Vulnerability management solutions are programs that are used to identify, track, and prioritize internal and external cybersecurity vulnerabilities. This information is used to optimize cyberattack prevention activities (such as patching known vulnerabilities, upgrading software, and fixing configuration errors). 

Patches refer to small programs released by software development companies to fix vulnerabilities they have discovered in their products. Keeping your software up to date allows your organization to take advantage of any security patches released, allowing you to better safeguard your digital assets. Unpatched software leaves your organization vulnerable since cybercriminals often target recently patched software in the hopes that not all organizations will have the patch installed.

Vulnerability Assessment (VA)

Vulnerability assessments are used to identify, classify, and prioritize vulnerabilities and can be used to assess internal, external, or host-based, third-party systems. 

Common Types of Cyberattacks

Cyberattacks are becoming increasingly common and can be devastating. A single attack can compromise your systems and your data, ruin your reputation, and even lead to legal trouble and compliance issues if it isn’t addressed and remediated swiftly.

If you have experienced, or are currently experiencing, a cybersecurity attack, please contact our team right away and consider reviewing our article “Hacked? Here’s What to Know (& What to Do Next)“.

Brute-Force Attacks

Brute force attacks are crude but frequently effective. During a brute-force attack, a cybercriminal attempts to gain unauthorized access to a system by trying all possible passwords until they guess the correct one. Though this could take centuries by hand, many criminals have software that allows them to try passwords quickly, making this a viable hacking option.

Phishing & Social Engineering

Phishing attacks involve a cybercriminal attempting to trick potential victims into revealing confidential information (such as your banking details, your credit card number, your SIN, or your password) or install malware by clicking a link or opening an infected file. Phishing attempts usually involve text-based communications such as email, text messages, or other messaging apps. Cybercriminals usually pretend to be someone you are already primed to trust, such as your boss or an employee from your bank.

We discuss phishing (and steps you can take to protect yourself) more in-depth in our article “Don’t Let Phishing Scams Catch You Unaware”.

Phishing scams are a type of attack that uses social engineering. Social engineering is when attackers use psychological manipulation to infiltrate an organization or private network by exploiting human weaknesses and tricking unsuspecting users into granting access or handing over sensitive information. This manipulation relies on the human desire to help and trust easily and may also use the fear of getting in trouble or causing an inconvenience. 

For more information about social engineering, how it works, and how to spot potential social engineering attacks, please consider reading our article “In a Remote World, Social Engineering is Even More Dangerous”.

Credential Stuffing

Credential stuffing involves using existing databases of compromised usernames and password combinations (typically collected during a previous breach and frequently purchased on the dark web) to attempt to login to a targeted account. 

The dark web refers to a part of the internet that isn’t indexed by search engines such as Google, so it can’t be accessed by simply typing in a URL (such as www.virtualarmour.com) into your browser. This secrecy has made the dark web a popular place for criminals, allowing them to buy and sell illegal items (such as credit card numbers, illegal weapons, and malware) away from the gaze of law-abiding internet users.

Cryptojacking

Cryptojacking is an attack that involves the unauthorized user of someone else’s computer to mine cryptocurrencies. Though this type of attack isn’t likely to damage data or systems, it is still concerning because it means someone has access to your digital assets without your knowledge or consent. It can also affect the performance of your system and cost you money since the attack siphons off computing power and uses electricity that your company is paying for.

For more information about cryptojacking, please consider reading our article “Cryptojacking: Because Every Currency Needs to Be Protected”. 

Data Breach

A data breach, also called a hack, refers to any event where unauthorized users are able to gain access to your systems or steal sensitive information such as PII (personally identifiable information) from an organization or individual. The goal of a data breach is usually to either use this information to gain unauthorized access to other systems (such as using your Netflix username and password to try and log into your bank account) or to sell this information to other cybercriminals.

Distributed Denial of Service (DDoS)

DDoS attacks attempt to crash a web server or other online service by flooding it with more traffic than the network can handle. This can be done either by a large group of cybercriminals working together or a single cybercriminal with a large botnet (connected computers performing repetitive tasks). By overloading the server, cybercriminals can prevent legitimate users from accessing a company’s products or services.

DNS Hijacking

DNS hijacking (also called DNS redirection or DNS poisoning) redirects queries from the intended Domain Name System (DNS) to a different website, often populated with malware, advertising, or other unwanted content. The DNS acts like a phone book for the internet, so DNS hijacking involves forcing the browser to dial the wrong number (or go to the wrong website). 

Drive-By Attack

A drive-by attack is a form of malware attack. However, unlike phishing or other forms of malware attacks, users don’t need to be tricked into downloading infected files or opening suspicious links. Instead, user devices are infected automatically when the user visits a trusted or legitimate website that has been compromised. 

Exploit 

An exploit is a malicious script (a list of commands executed by a program) or application that exploits known vulnerabilities in endpoints or other hardware, networks, or applications. The goal of exploit attacks is usually to take control of a system or device, increase access privileges, or steal data. Exploit attacks are often used as part of a larger, multi-layered attack. 

Malware

Malware refers to any form of malicious software and is often spread via email attachments or suspicious website links. The goal of malware is to infect endpoints to gain access to sensitive systems or data or collect private information such as passwords or banking details and send this information back to the attacker. 

Ransomware

Ransomware is a type of malware that prevents end-users from accessing an organization’s data or system or an individual’s data or system. Once the files or system is encrypted, and the user is locked out, the attacker promises to restore access in exchange for money, usually in the form of cryptocurrencies.

Supply Chain Attack

Supply chain attacks occur when threat actors are able to access a target’s systems by compromising a third-party resource, which is what happened with the SolarWinds attack. The reason that attack was so devastatingly effective is that the attackers were able to gain access to a SolarWinds program called Orion, which is widely used by companies and US government departments to manage IT resources. When SolarWinds sent out a routine Orion update, they didn’t realize it contained malicious code, which allowed the attackers to access client systems. 

As was the case with the SolarWinds attack, the compromised vendor is typically not the final target but instead is used as a means to an end so the attacker can gain access to their intended victim’s systems. However, the damage is not limited to the intended victim but affects any other organization that inadvertently downloaded the compromised software. 

Common Cybersecurity Compliance Regulations 

Compliance is a large part of cybersecurity for many verticals and industries, including healthcare, finance, energy, and retail. Which regulations you need to comply with depends on a variety of factors, such as your industry or vertical, what sort of PII or sensitive information you handle, who you do business with (such as the US Department of Defense), where your users or clients are located, and whether or not you process credit card payments. To find out which regulations apply to you, please speak to a qualified compliance professional. 

Healthcare 

Healthcare providers and related organizations need to comply with Health Insurance Portability & Accountability Act (HIPAA) regulations. HIPAA is responsible for establishing cybersecurity standards for healthcare providers, insurers, and all third-party service providers that medical organizations do business with. 

More information about these standards can be found here on the US Department of Health and Human Services website.

Organizations with European Users

General Data Protection Regulation (GDPR) is a European Union law that dictates how personal data on individuals residing in the EU and the greater European Economic Area is collected and processed and specifies the rights users have to access and control their data on the internet. Even if your organization is not based in Europe, if you have users in Europe, you must be compliant. 

GDPR specifies several rights users have, but the most common are:

  • Legal basis for processing
  • The right to erasure (also called the right to be forgotten)
  • The right to access
  • The right to rectification
  • The right to data portability

Details about GDPR and how to ensure compliance can be found here on the GDPR website. For more information about GDPR and how it may impact your organization, please consider reading our article “US Companies Could Get Badly Burned by GDPR – Here’s How Not To”.

Organizations that Process Payment Cards or Store Payment Card Data

The retail sector isn’t federally regulated, but any organization that processes payment cards or holds payment card data is required to follow regulations laid out by the Payment Card Industry Security Council’s Data Security Standard (PCI DSS). For more information, please visit the PCI Security Standards Council’s website.

Organizations that Do Business with the US Department of Defense

Any organization that provides a service to the US Department of Defense (DOD) is required to meet the cybersecurity requirements outlined by the Defense Federal Acquisition Regulation Supplement (DFARS) and Procedures, Guidance, and Information (PGI) guidelines. These guidelines specify what cybersecurity standards need to be met and complied with before an organization is allowed to do business with the DOD. The purpose of these regulations is to ensure that sensitive defense information is appropriately safeguarded.

For more information, please visit this page on the DOD’s website.

Energy Service Providers

Organizations that provide electricity, including electric utility companies and operators, are governed by the Federal Energy Regulatory Commission (FERC). FERC has the authority to establish cybersecurity regulations for this sector, though the standards themselves are created by the nonprofit authority called the North American Electric Reliability Corporation (NERC). The standards are referred to as the Critical Infrastructure Protection (CIP) Standards. 

More information about FERC can be found here. More information about NERC can be found here, and information about the CIP Standards is located here.

Organizations with Users in California

The California Consumer Privacy Act (CCPA) of 2018 is similar to GDPR in the sense that it is designed to give consumers more control over the personal data businesses collect about them, including:

  • The right to know what personal information is collected as well as how it is used and shared
  • The right to delete personal information collected about them (with a few exceptions)
  • The right to refuse to allow the sale of their personal information
  • The right to non-discrimination for exercising their rights under CCPA

More details about the CCPA can be found here.

Cybersecurity Training

Even the best cybersecurity policy is useless if your workers and other users don’t understand it or have the necessary training to adhere to it. 

Create a Plan

To begin, make sure you have a robust yet flexible cybersecurity incident response program in place. Cyberattacks typically unfold very quickly, so an ad hoc plan created in the heat of the moment isn’t going to cut it. By making all crucial decisions ahead of time (such as how evidence is gathered and handled, how resources are to be allocated in a crisis, and who needs to be alerted if an incident occurs) and determining who is responsible for what you can help ensure there are no gaps or deficiencies in your response. 

You should also take this time to establish cybersecurity rules, such as password standards, so you can best safeguard your digital assets.

To begin developing or updating your cybersecurity incident response program, please consider reading our article “Building a Cybersecurity Incident Response Program”. 

Invest in Employee Training

Cybersecurity is everyone’s responsibility, from the President of the company down to the summer intern. Cybersecurity training ensures your employees know what to do should they encounter a potential threat and explains why these actions, as well as all preventative steps, are important. It’s easier to get worker buy-in when they understand the “why” behind the “what”. 

Test Your Plan 

Once you have a plan and the necessary cybersecurity programs and tools in place, you need to test your response before an incident occurs. 

What is Pen Testing?

Pen (Penetration) testing is a tool used to stress-test your cybersecurity defenses. This involves hiring an ethical (or “white hat”) hacker to try and break through your security defenses and simulate a cyber attack. The ethical hacker records any and all deficiencies or gaps they were able to exploit and then summarizes and shares their findings with your team. 

By hiring someone to discover these gaps for your company, you can ensure that any shortcomings are addressed before actual criminals are able to use them to gain unauthorized access to your systems or data. Some compliance standards, such as NIST, require penetration testing to ensure compliance.

What are Tabletop Scenarios?

Tabletop scenarios are like fire drills for security. Once your team has undergone cybersecurity training, a tabletop exercise lets them put their newfound skills and knowledge to the test while they test-drive your cybersecurity incident response plan.

Tabletop scenarios present your team with a hypothetical cybersecurity incident that they need to respond to, allowing them to practice what they have learned in a zero-stakes environment. 

Managed IT

What is Managed IT?

In simplest terms, managed IT solutions, also called managed IT services allow organizations to hand off their IT operations to a trusted service provider, who then handles all IT-related work. This single point of service can free up internal IT team members for other projects, or in the case of an “IT Light” organization, allow you to access the professionals you need without having to hire internally. 

Managed IT offers a variety of benefits, including:

  • Access to an entire team of professionals, 24/7/365. 
  • Cost savings, since additional team members won’t need to be hired
  • Peace of mind, since you never need to worry about your IT or security person calling in sick or departing to pursue other opportunities and leaving you vulnerable.
  • Predictable and scalable spending

Common Types of Managed IT Solutions

There are many types of managed IT services. While some organizations only offer a handful of managed services, others take a holistic approach that handles everything. How much, or how little, you want to hand off when it comes to your IT is up to you, but make sure you carefully vet any MSSP you are considering to ensure they offer the services you need and have a reputation you can trust.

Common types of managed IT services include:

Data Backup & Disaster Recovery

Opting for a managed IT solution can help with business continuity (BC) as well as backup and disaster recovery (BDR). BC refers to the necessary planning and preparation needed to ensure your critical business operations can continue to function should a pandemic, natural disaster, power outage, cyberattack, or other crisis affect your business. A key component of BC is BDR, which refers to a combination of data backup and disaster recovery solutions that are designed to get your systems restored and fully operational again as quickly as possible should disaster strike. Having dependable backups is critical for effective disaster recovery.

Two other good terms to be familiar with are RTO (Recovery Time Objective) and RPO (Recovery Point Objective). RTO refers to how quickly data needs to be recovered to ensure business continuity after unplanned downtime or a disaster strikes. The faster your RTO, the faster your organization can get back to work. Though exactly how long your RTO needs to be will depend on a variety of factors, you should aim to have an RTO of 4 hours or less.

RPO refers to what data needs to be recovered for normal business operations to resume after disaster strikes. This metric is usually based on file age (for example, all data backed up before this morning needs to be recovered). In conjunction with RTO, RPO can help your organization determine how often you should be backing up your data. For example, if your RPO is 2 hours, then you should be backing up your data at least once every 2 hours.

Strategic Business Review (SBR)

An SPR is a structured process with two goals: unearth new business opportunities and identify how your organization’s performance can be improved using technology or other means. This living document serves as a roadmap to guide future technological investments so you can ensure your managed IT services and IT infrastructure continues to meet your needs as your company grows and evolves.

Network Monitoring & Remediation

Remote monitoring management (RMM) is critical for network monitoring and remediation and refers to a platform that managed services providers like VirtualArmour use to remotely and proactively monitor your endpoints, network, applications, and systems for suspicious activity. This data is used to identify potential cybersecurity incidents or other potential problems so that they can be addressed as quickly as possible.

Most network monitoring and remediation is done out of the NOC (Network Operations Center).

What does -aaS Mean?

The term “-aaS” is a suffix that means “as a Service” and refers to any services (IT or cybersecurity) that are delivered remotely to your organization via the cloud. Examples include HaaS (hardware as a service), SaaS (software as a service), and IaaS (infrastructure as a service). 

Not everyone is an IT or cybersecurity expert, and that is okay. The experts at Virtual Armour are here to help. We offer a wide selection of cybersecurity and managed IT services that can be tailored to meet your needs, as well as 24/7/365 network monitoring upon request.

For more information, or to get started with your cybersecurity or managed IT services, please contact our team today.

Supplemental Reading List

If you would like to learn more about managed IT and cybersecurity, please consider reading the articles listed below.

Managed Services Security Providers (MSSPs)

What is a Managed Services Security Provider (MSSP)?

Leveraging Your MSSP in an “IT Light” Environment

Cybersecurity Basics

The SMBs Guide to Getting Started with Cybersecurity

Cybersecurity Spring Cleaning: It’s Time to Review Your Security Practices

Building a Cybersecurity Incident Response Program

Beyond SIEM: Why Your Security Posture Needs to SOAR

Identity Management is Just Cybersecurity Best Practices With a Fancy (& Expensive) Name

Creating an Agile Workplace: How to Prepare for the Unexpected

Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

The Ultimate Guide to Managed Threat Intelligence (2020 Edition)

What is Information Security (& How Does it Impact Your Business?)

5 Old-School Hack Techniques That Still Work (& How to Protect Your Data)

Keeping Your Network Secure in a “Bring Your Own Device” World

Basic Website Precautions: Keep Intruders Out With These Fundamental Security Best Practices

Compliance

Security vs Compliance: What Are Their Differences?

US Companies Could Get Badly Burned by GDPR – Here’s How Not To 

The Challenge to Remain PCI & NIST Compliant During the Shift to Remote Work

Common Types of Cyberattacks

Don’t Let Phishing Scams Catch You Unaware

Cryptojacking: Because Every Currency Needs to Be Protected 

In a Remote World, Social Engineering is Even More Dangerous

How Fear Motivates People to Click on SPAM

Ransomware is Only Getting Worse: Is Your Organization Prepared to Confront it?

Everything You Need to Know About Ransomware (2019 Edition)

DNS Spoofing: What It Is & How to Protect Yourself

About Cybercriminals & Cybercrime

Hacked? Here’s What to Know (& What to Do Next)

The Modern Hacker: Who They Are, Where They Lie, & What They’re After

Hackers Are Increasingly Targeting People Through Their Phones 

Airports are a Hacker’s Best Friend (& Other Ways Users Expose Themselves to Risk)

2021 Cybersecurity Trends

Our Predictions for the 2021 Cybersecurity Environment

Cybersecurity by Vertical & Industry

Cybersecurity Basics Every College & University Needs to Have in Place

The Ultimate Guide to Cybersecurity in the Healthcare Industry

How the Financial Industry Can Strengthen Their Cybersecurity

Cybersecurity for the Manufacturing Industry, What You Need to Know Now

The SMBs Guide to Getting Started With Cybersecurity

The SMBs Guide to Getting Started With Cybersecurity

The recent SolarWinds hack is just one of many incidents that demonstrate the importance of good cybersecurity. Too many SMBs still believe they are too small to be targeted by cybercriminals, but in recent years the number of attacks on small and medium-sized organizations has continued to rise. The Ponemon Institute’s 2019 report found that two-thirds of the world’s SMBs had experienced a cyberattack as of 2019, yet at the time, 45% of those same surveyed businesses reported that their cybersecurity posture was “ineffective”.

Safeguarding your organization and its digital assets may seem like a daunting task, but in the digital age, a robust cybersecurity stance is essential. In this article, we will discuss common threats to look for, as well as concrete steps your organization can take to protect itself from cybercriminals, and ways the Virtual Armour team is here to help.

Common Cyber Threats to Watch Out For

Cybercriminals, also called hackers, use many tactics to target businesses of all sizes. However, because of the pervasive idea that SMBs are less likely to be targeted, smaller organizations are less likely to be prepared.

Social Engineering (Including Online Scams & Phishing Scams)

Social engineering, a common tactic used in phishing scams, including spam, involves manipulating unsuspecting victims into granting access to restricted systems or data or revealing private information such as usernames and passwords. 

Social engineering can take several forms. Phishing scams involve sending potential victims an email impersonating a trusted individual or organization (such as your boss or your bank) and using that previous relationship built on trust and authority to trick you into doing what the cybercriminal wants you to do. At its core, social engineering uses basic human psychology (such as our predisposition for helping others or trusting organizations we do business with) against us to manipulate our actions. 

Ransomware

Ransomware is a type of malicious software (or malware) used to prevent legitimate users from accessing their data and systems. Once the legitimate user is locked out, the cybercriminal demands a ransom and promises to restore access if the ransom is paid. 

Ransomware can easily cripple an organization of any size as daily activities grind to a halt. Even if the ransom is paid, recovery can be a challenging process. Depending on the systems or data affected, you may require the assistance of a cybersecurity expert.

While some organizations choose to take the financial hit and pay the ransom, there is no guarantee the cybercriminal responsible will hold up their end of the bargain once the money has been handed over.

The costs associated with ransomware also typically extend beyond the ransom itself. You may also:

  • Need to replace damaged data or hardware and recover any data that has been lost. 
  • Experience a loss of income due to business disruptions
  • Incur additional IT costs in the form of overtime wages, increased security costs, and the wages of any additional personnel required during the recovery phase. 
  • Need to pay for a cybersecurity investigation and forensics services (if you experienced a data breach as part of the attack)
  • Likely need to invest in further employee training to help safeguard against future incidents.

Depending on the nature and scale of the attack, your organization may also suffer reputational damage, which you may or may not be able to recover from.

DDoS Attacks

DDoS (Distributed Denial of Service) attacks can be performed by either large, coordinated groups of cybercriminals or a handful of cybercriminals controlling a large number of bot computers (computers controlled by programs that allow them to perform automated tasks on command). 

During a DDoS attack, all of the cybercriminals or their bots hammer your server with requests, overloading it and causing it to crash. This can potentially paralyze your business as business activity grinds to a halt. When the server is down, legitimate users such as employees or customers are unable to access the targeted server or any websites or applications hosted on it. 

Cybersecurity Basics

Now that you know what sort of threats are out there, what steps can you take to safeguard your organization against them?

Create a Cybersecurity Incident Response Program

The first thing you need to do is create a cybersecurity incident response program. For more information on how to do this, please read our article Building a Cybersecurity Incident Response Program

Creating a response program begins with making critical decisions (such as who is responsible for what and how resources should be allocated during a crisis) before an attack occurs. Attacks tend to unfold quickly, so an ad hoc response developed in the moment won’t be sufficient. By preparing ahead of time, you can ensure there are no gaps in your policies and procedures that could hinder your response efforts.

Next, you need to preemptively look for potential threats. You can’t respond to a threat if you don’t know it is there. This proactive approach gives you a heads up on any potential threats so you can adjust your tactics and strategy to best safeguard your digital assets.

Should an incident occur, your top priority should be to contain it before it can do any significant damage. Once the threat has been contained, then you can shift your focus to eradicating the threat so it can’t be weaponized against you again and ensure all unauthorized users are locked out of your system.

Once the threat has been dealt with, you will need to move into the recovery and remediation phase. This involves notifying any impacted external entities (such as customers and relevant governing organizations) and telling them what happened and what damages your organization has suffered. This is also the phase where you gather evidence for later review. This phase focuses on the root cause analysis, which identifies the primordial problem and lets you determine what steps you can take to effectively remedy the situation. 

Finally, when the investigation is complete, you and your team should review the efficacy of your response. Identifying any gaps or weaknesses now gives you a chance to address them before your organization is threatened again.

Review & Audit Regularly

As part of your regular operations, you should be auditing and reviewing your cybersecurity posture regularly. To help you do this, the Virtual Armour team created a handy checklist: Cybersecurity Spring Cleaning: It’s Time to Review Your Cybersecurity Best Practices.

Make sure you are regularly:

  • Reviewing your password guidelines
  • Auditing your current cybersecurity programs
  • Reviewing your endpoint protection protocols
  • Ensure all your software is up to date
  • Review your cybersecurity protocols and schedule refresher training for all employees

You may also want to consider conducting pen (penetration) tests. Pen tests involve hiring an ethical hacker to stress test your cybersecurity defenses and look for gaps that cybercriminals may be able to exploit. Once the test is complete, the ethical hacker sits down with your team to share their findings and offer expert advice on steps you can take to better fortify your network.

Invest in Employee Training

Cybersecurity is everyone’s responsibility. Even the best plan is only useful if everyone on your team knows how to implement it effectively, and even the most diligent employee can’t follow your cybersecurity best practices if they don’t know what they are.

Employees should undergo cybersecurity training as part of your onboarding process, and all employees from the CEO down should receive regular refresher training. All employees need to:

  • Understand why cybersecurity is important
  • Know what protocols are in place and why
  • Know how to identify suspicious activities
  • Know who to report suspicious activities to
  • Know what steps they need to be taking to help safeguard your organization

As part of your refresher training, you may want to consider conducting tabletop exercises. Tabletop exercises work like cybersecurity fire drills: allowing your team to respond to a hypothetical cybersecurity incident in a zero-stakes environment. Tabletop scenarios allow employees to put the information they learned in cybersecurity training to the test and try out your current protocols, so they are well-practiced should an actual incident occur.

When the exercise is finished, you can sit down with your team and review the efficacy of their response as well as the efficacy of your existing protocols. This gives you a chance to identify any deficiencies and create solutions before your organization is actually threatened and helps keep response protocols fresh in your employees’ minds. This is also an excellent way to familiarize employees with any changes or updates to your cybersecurity incident response plan.

For more information, please consider reading our article Cyber Hygiene 101: Basic Steps to Keep Your Company Secure.

What to Do if Your Organization is Hacked

If your organization has been hacked, please contact our security team straight away and consider reading our article Hacked? Here’s What to Know (& What to Do Next).

Need a Hand? Virtual Armour is Here to Help!

All of this may seem daunting. Not everyone is a cybersecurity expert, and that is okay. That’s why the experts at Virtual Armour are here to help. We can work with your organization to identify current deficiencies in your cybersecurity plan, help you create your cybersecurity incident response program, and help you respond and recover from an incident should one occur. 

We also offer a variety of managed services, including 24/7/365 network and endpoint monitoring and a guaranteed rapid response time. We have extensive experience working with a variety of industries, including finance, healthcare, retail, and energy, and we have extensive experience working with service providers.

For more information about what steps you can take to begin fortifying your cybersecurity posture or begin the fortification process, please contact our team today.

Further Reading

For more information about threats to look out for, steps you can take, and other cybersecurity news, please consider reading our blog.

Some articles and resources you may be interested in include:

Cybersecurity Basics & Best Practices

Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

Cybersecurity Spring Cleaning: It’s Time to Review Your Security Practices

Common Threats & How to Safeguard Against Them

The Modern Hacker: Who They Are, Where They Live, & What They’re After

How Fear Motivates People to Click on Spam

Don’t Let Phishing Scams Catch You Unaware

5 Old-School Hack Techniques That Still Work (& How to Protect Your Data)

Everything You Need to Know About Ransomware (2019 Edition)

Cybersecurity & Infrastructure Security Agency Ransomware Guidance and Resources

Reports & Statistics

Ponemon Institute Library

Our Predictions for the 2021 Cybersecurity Environment

Our Predictions for the 2021 Cybersecurity Environment

2020 was a rough year for all of us, particularly from a cybercrime perspective. As businesses and schools rapidly pivoted to remote work and remote learning, many cybercriminals changed their tactics and adjusted their focus to take advantage of the situation as well as user uncertainty and fear.

As working and learning from home remain the norm for many individuals and businesses around the world, cybercriminals are poised to continue aggressively targeting users specifically using a blend of online and offline tactics

Fortunately, there are many steps your organization can take to better safeguard your digital assets against cyberattacks. As cybercriminals adjust their tactics, businesses of all sizes need to remain agile and stay up-to-date on the latest cybersecurity threats.

2021 Top Cybersecurity News

The Ongoing Fallout from the SolarWinds Attack

The SolarWinds attack, which infiltrated both the US Treasury and the Department of Homeland Security as well as a number of private organizations, rocked the cybersecurity world. Uncovered last December, this wide-reaching, devastating attack is believed to be the work of the Russian Intelligence Agency’s Foreign Intelligence Service and may have been launched as early as March 2020.

This supply-chain attack used malware to infect the networks of most, if not all, of SolarWinds’ customers via a software update. However, because the Russian attackers have had access to a wide number of networks for as long as several months, security experts are still working to determine exactly how widespread the attack was and what sensitive data and systems have been compromised. 

Even once experts know the full extent of the attack, the remediation process will be long and grueling. Entire enclaves of computers, servers, and network hardware across both federal and corporate networks will need to be isolated and replaced even as security teams continue to hunt for evidence of malware, determine what information has been compromised, and create and implement strategies to mitigate loss and damage. 

Number of Cyberattacks Expected to Rise

In addition to dramatically changing how we go about our daily lives, COVID-19 has also provided a convenient cover for cybercriminals as they shift their attack vectors away from large, well-guarded corporate networks to small, potentially vulnerable home networks. One study suggested that, in 2021, a ransomware attack on a business is likely to occur every 11 seconds, up from every 40 seconds in 2016. 

INTERPOL’s assessment of the impact of COVID-19 on cybercrime has shown similar trends, with targets shifting away from major corporations, governments, and critical infrastructure in favor of small businesses and individuals. 

2021 Cyber Attack Trends

User-Targeted Attacks Expected to Rise

As workers swap their cubicles for their kitchens, cybercriminals have changed tactics accordingly. The work from home model has brought with it a rise in successful attacks, at least in part because users are more likely to use personal devices (which are often less secure) for work-related activities.

As users log in from home, they create personal islands of security: a model where each user is effectively following different (often lax) security protocols. When workers are onsite, all of their traffic is routed through your business’s network, which is likely closely monitored by a professional security team. However, without a dedicated security team watching every employee’s home network and personal device, your organization is exposed to increased risk.

Cybercriminals are taking advantage of this increased attack area to create personalized attack chains. While traditional tactics often involved a “spray and pray” approach (where cybercriminals used generalized social engineering attacks, such as the classic Nigerian prince scam, to target a large number of users in the hopes that a few would bite), recent trends have seen a rise in hyper-personalized attacks that target specific uses with privileged access to sensitive infrastructure, data, and systems. 

While this approach is more time-consuming (since attackers need to identify and profile specific individuals to create the targeted attack), this approach is more likely to yield shorter attack-cycles, making it increasingly difficult for organizations to identify and stop attacks in progress.

Another user-focused trend to watch out for is cybercriminals increasingly targeting individuals via their phones.

A Blend of Online & Offline Tactics

The work from home era has forced cybercriminals to adapt their tactics, but unfortunately, many have done so successfully. One tried-and-true cybersecurity attack, the phone scam, has seen a resurgence.  

COVID-19 Scams Continue

According to the FCC, many cybercriminals are taking advantage of the fear and uncertainty around COVID-19 to trick unsuspecting victims into revealing sensitive personal information using social engineering. These include phone calls, emails, or text messages offering “COVID-19 kits”, “Coronavirus packages”, or Medicare benefits related to the virus. Scammers use these promises of assistance to try and convince potential victims to hand over sensitive information such as bank account details, social security numbers, or medicare numbers. 

A similar but related scam involves scammers offering “relief payments” from government agencies. These calls, text messages, and emails typically follow a general format: The caller says you have been approved to receive money, either via a relief payment or a cash grant or even via a low-interest small business loan and then asking for personal information (to “verify your identity”), banking information (so they can charge you a small “processing fee”) or both. Some scammers also ask for payment via cryptocurrencies (such as bitcoin) or gift cards. 

If you are located in the United States and are targeted by scammers, please report your encounter to the FCC.

Fake Tech Support Scams on the Rise

Another twist on the phone scam is the fake tech support scam. This follows a similar format to the scams discussed above but involves cybercriminals asking users to grant access to their computers so they can “conveniently” fix a tech support problem you weren’t even aware you have. 

Criminals then use this access to install malware, add backdoors for future access, or log keystrokes (to capture usernames, passwords, banking details, and other sensitive data). 

SMBs Likely to Invest More in Cybersecurity

As cyber threats continue to rise in 2021, small and medium-sized businesses are, particularly at risk. This is because, unlike large, enterprise-level organizations, many smaller organizations still believe that they are less likely to be targeted.

According to research conducted by Analysys Mason and reviewed in Forbes 2021 cybersecurity predictions, SMBs cybersecurity spending (including services, hardware, and software) is projected to grow by 10% between 2019 and 2024, creating an $80 billion market.

Safeguarding Your Organization in 2021

The best thing you can do to safeguard your organization’s digital assets is be proactive. Make sure you are up to date on all the latest cybersecurity threats and have a well-rounded and up-to-date cybersecurity incident response program in place

You should also assess your current cybersecurity posture regularly to ensure it is continuing to meet your needs, and you may want to consider conducting pen (penetration) tests to stress-test your current defenses. You should also make sure that all new employees receive cybersecurity training as part of their onboarding process and that all workers undergo refresher training regularly. You may also want to consider conducting tabletop exercises to give your team a chance to test their cybersecurity response skills in a no-risk environment. 

Virtual Armour is Here to Help

Safeguarding your organization from cybersecurity threats can be a lot to handle, particularly if you aren’t already a cybersecurity expert. That’s why Virtual Armour is here to help. Our team of experts can review your current practices with you, help you identify weaknesses, and create a plan to strengthen your defenses. We are also able to monitor your infrastructure, firewall, and endpoints 24/7/365 for potential threats and help you mitigate or even avoid damage should an incident occur. 

We have extensive experience working with service providers as well as organizations in a variety of industries and verticals, including healthcare, finance, retail, and energy

For more information about our service offerings or to find out what you can do to safeguard your digital assets best in 2021, please contact us today.

The Digital Partridges in the Cybercrime Pear Tree

The Digital Partridges in the Cybercrime Pear Tree

The holidays may be a time for spending time with loved ones and exchanging gifts, but the gifts cybercriminals bring aren’t jolly at all. 2020 Has been a rough year, and many organizations have felt the strain, particularly when it comes to cybersecurity and adapting to the changing tactics cybercriminals are employing. 

This year, give your organization the gift of a good cybersecurity posture by taking steps to safeguard your digital assets.

The Cybercrime Pear Tree: How the Sudden Shift to Remote Work Has Changed the Workplace Landscape

The sudden pivot to remote work earlier this year left many organizations scrambling to continue daily operations and minimize disruption, which means cybersecurity may have fallen down your list of priorities. 2020 saw an increase in the number of cyberattacks and brought with it new attack surfaces. Paired with a distracted workforce and unanticipated staffing shortages in a multi-stress environment, 2020 created very favorable conditions for cybercriminals that are likely to continue into 2021.

Cyberattacks on the Rise

Since the onset of the COVID-19 pandemic, the FBI has seen a 400% increase in the number of reported cyberattacks, and ransomware attacks (one of the most common forms of attack) are increasingly targeting small and medium-sized businesses.

While key industries such as healthcare, manufacturing, financial services, and public sector organizations such as the WHO remain targets, financial institutions such as banks are now fending off nearly three times as many cyberattacks as they have been in previous years. Many of these attacks originate as phishing emails that either trick workers into handing over sensitive data or contain malware.

Cybercriminals are also increasingly targeting people through their mobile devices.

Shifting Attack Surfaces

The continued shift to remote work has meant that many organizations are relying on new and unfamiliar infrastructure and processes to continue daily operations. This lack of familiarity and the artificially accelerated shift to remote work means your team may not know about existing vulnerabilities in the software they are using to do their jobs. Cybercriminals are continually exploiting existing vulnerabilities in remote work technologies, so you need to ensure all software used has undergone a security audit. 

However, even if your organization has thoroughly vetted all new technologies and processes, you can’t be certain that your business partners, vendors, and other third parties have been as studious, which means you need to be extra vigilant and may need to take additional steps to minimize risk to your organization.

The Human Factor

The pandemic has taken an emotional toll as well, leaving workers distracted and stressed. Personal and financial stressors leave workers more vulnerable to social engineering attacks, and remote workers may not be as vigilant about their cybersecurity posture at home as your internal security team is at the office. 

As more workers call in sick or need to take time off or reduce the number of hours they are available to care for dependents or relatives, many organizations are facing unanticipated staffing shortages. At the same time, while many workers used to find working from home increased their productivity, the forced isolation, limited privacy, loneliness, and new demands brought by the pandemic have decreased productivity dramatically

In the United States, recent data suggests productivity among professional and office workers is down 11%, and manual service and industrial workers are, on average, 17% less productive. In-house security teams have been particularly hard hit as they are forced to operate in an environment where they now face multiple crises on various fronts at any one time, each of which demands significant attention from both management and security teams. Securing a remote workforce is also more difficult than securing an on-site workforce, further adding to security workloads.

The Digital Partridges: Threats to Guard Against

Phishing Attacks Leveraging Video Conferencing Software

Many cybercriminals have begun to leverage video conferencing software such as Zoom and Skype to launch phishing campaigns. Criminals create phishing emails made to look like legitimate pending notification emails coming from Skype, Zoom, or a similar platform. When users click on the link in the email, they are asked for their username and password, which are then harvested by unauthorized users for criminal purposes. 

Other groups are sending phishing messages reportedly from Zoom telling recipients they have missed a meeting or their account has been suspended, designed to get users to click on a malicious link to either view the meeting details and reschedule or reactivate their account. Other similar attacks try to trick users into downloading fake video conferencing software installation programs that contain malware.

Social Engineering in the Remote Work Age

We have already discussed in detail how remote work environments make social engineering even more dangerous. Social engineering involves manipulating individuals to infiltrate an organization at the human level by tricking users into revealing sensitive information or granting access to the network. 

Since social engineering attacks often rely heavily on email or other communication types such as phone calls or text messages, remote work environments are particularly vulnerable to this type of attack as users trade in-person meetings for phone calls, video conferencing calls, and text-based forms of communication. 

Social engineering plays on two main factors: our innate desire to help others and emotions such as fear, urgency, or other forms of psychological distress. Cybercriminals trick or scare users into opening malicious files, click on malicious links, or reveal sensitive information. A sense of urgency prompts users to act quickly before they have had a chance to properly weigh the request and consider it rationally. By the time users or their superiors realize something fishy is going on, it may already be too late.

Protecting Your Presents: Steps Your Organization Can take to Safeguard Your Digital Assets

Adjust Your Cybersecurity Strategy

Most cybersecurity strategies were developed with on-site workers in mind, so it is vital to review your cybersecurity strategy in light of remote work and adjust accordingly. You should already be reviewing your security practices at least once per year, but if your next scheduled review isn’t for a while, it might be a good idea to add an additional review to your list of New Year’s Resolutions.

You should also make sure you have a robust yet flexible cybersecurity incident response program in place. If you don’t already, you may want to consider drafting one as soon as possible. You should also review your incident response program and ensure that it takes remote workers into account and is still able to meet your organization’s security needs.

Secure Your Endpoints

An endpoint refers to any device such as a computer or mobile phone that can be used to access your network. While all the endpoints in your physical office may already be secure, you need to ensure that any home devices being used to access your network meet your security standards. Organizations that rely on BYOD (Bring Your Own Device) policies are particularly vulnerable to cybersecurity attacks since organizations don’t have direct and complete control over how those devices are being used, what other programs are installed on them, and other factors that may compromise your network’s security and leave your digital assets vulnerable.

Regular Cybersecurity Training: The Gift that Keeps On Giving

This holiday season, consider giving your workers the gift of cybersecurity training. All employees, from the lowest ranking intern up to the CEO, should receive cybersecurity training as part of their onboarding process and undergo regular refresher training. 

The sudden pivot to remote work has likely affected how workers complete their daily tasks, so you should consider adjusting your current cybersecurity training program to account for these changes. You should also make sure that, as part of this training, you explain to workers why certain steps, procedures, and policies are important and how they contribute to the overall security of your company; When workers understand the “why” behind the “what,” they are more likely to see the value in additional steps and make sure to take them. 

Run More Exercises

Exercises such as pen (penetration) tests and tabletop exercises are incredibly valuable.

Pen tests involve hiring an ethical hacker to stress-test your network and look for vulnerabilities. Your team can then use the insight gained by the hacker to improve your overall security. Running a pen test on your network, with a focus on any new software your remote workers are using, can help ensure that your organization isn’t left vulnerable.

Tabletop exercises act like cybersecurity fire drills: workers are given a hypothetical scenario (such as a hack or data breach) and tasked with responding to it effectively. Tabletop exercises allow workers to apply the knowledge they gain in cybersecurity training in a no-risk environment. Once the scenario is complete, you and your team can sit down and review your response’s efficacy and identify any gaps or problems that need to be addressed.

Know When to Call in the Experts

Not everyone is a cybersecurity expert, and that is okay. After all, even Santa relies on his elves for their skills and expertise. That’s why the experts at VirtualArmour are here to help. From drafting a cybersecurity strategy to monitoring your network 24/7/365 for suspicious activity, our team is here for you. 

Should you experience a breach or hack, our team can help you fend off the attack, identify the root cause of the issue, and identify steps you can take to mitigate or even avoid damage and create concrete plans to help you prevent similar attacks going forward.To learn more about the cybersecurity threats 2021 is likely to bring, and what steps you can take to safeguard against them, please contact our team today.

Identity Management is Really Just Cybersecurity Best Practices With a Fancy (& Expensive) Name

Identity Management is Really Just Cybersecurity Best Practices With a Fancy (& Expensive) Name

Identity management, as a concept, has been around for a while, although many of us are just hearing about it now. It sounds impressive, but what does it really mean, and are there steps your organization should be taking to ensure you have good identity management practices in place?

What is Identity Management?

Identity management (also called identity and access management or IAM) is just a fancy name with a high price tag that essentially covers all of the cybersecurity best practices you likely already have in place. The goal of any IAM strategy is to define and manage the roles and access privileges of all users on your network, and specify the circumstances under which users should be granted or denied privileges.

IAM Takes Cybersecurity Beyond the Workplace

While most organizations have robust cybersecurity practices already in place, the most significant shift IAM brings to the table is bringing cybersecurity out of the workplace and into the personal sphere.

As hacking and other forms of cybercrime become increasingly common, many individuals have begun to pay cybersecurity companies to protect their personal identity by monitoring their personal data for suspicious activities. Though this approach to cybersecurity builds on basic best practices already in place, this is the first time these practices have been applied to individuals in a non-workplace setting as the concept that individuals need to take cybersecurity steps to protect their personal digital assets continues to gain traction.

Identity & Access Cybersecurity Best Practices: A Brief Refresher

We have discussed cybersecurity best practices in the past. However, you should review your current cybersecurity posture frequently so you can ensure your current protocols continue to safeguard your digital assets and meet your needs.

Knowledge is Power

A lack of data can cripple even the best cybersecurity solution. Make sure your network is being monitored 24/7/365 for suspicious activity, and all activity on the network should be logged. 

From an identity and access standpoint, suspicious activity may include users logging on at strange hours or from strange locations (a sign that their credentials may have been stolen by cybercriminals) or signs of credential stuffing, where cybercriminals try multiple username and password combinations in rapid succession in the hopes that one pairing will grant access.

Not Everyone Needs to Access Everything

Some areas of your network are bound to contain more sensitive systems and data than others. As such, these areas, such as financial records, should be afforded extra protection. While your network likely already has a firewall around its perimeter, you should consider installing internal firewalls around critical or sensitive systems as a second line of defense if your perimeter is breached.

The Importance of Strong Password Guidelines

Choosing a strong, hard to guess password is a simple step all users can take to improve your cybersecurity posture. To help ensure all users are choosing good passwords, you should be enforcing password best practices. NIST (the National Institute of Standards and Technology) offers comprehensive guidelines on choosing secure passwords in section 5.1.1.1 (Memorized Secret Authenticators) of their Digital Identity Guidelines document.

The Benefits of Password Managers

The best passwords are long and truly random, unlikely to be guessed by anyone in a reasonable amount of time. However, long random passwords are also a pain to memorize, encouraging users to write them down or otherwise store them insecurely, defeating their purpose.

To help ensure users are choosing strong passwords, you may want to consider using a password manager. A password manager works like a book of passwords where only the user has the master key. Passwords within the manager can be randomly generated, and many password managers will flag reused passwords so that users know the password they are using isn’t unique and needs to be updated.

The Power of MFA

Physical devices such as computers and smartphones can be stolen or lost, and passwords can be compromised, which is why many organizations and individuals are turning to MFA. MFA (multi-factor authentication, also called two-factor authentication) pairs a strong password with a second form of identification, such as a hardware element or text message confirmation. 

When a user enters their username and password, the system sends them a push notification, often to their smartphone. The push is generated by the MFA app, and the user must acknowledge the push (either by clicking on a link in the message or entering a randomly generated temporary code on the login page) before they are granted access to the network.

Make Sure You Have Offboarding Procedures in Place

While many organizations invest a lot in their onboarding processes to ensure new hires are set up for success, not all organizations invest in offboarding processes. Making sure you have policies and procedures in place for revoking credentials from former employees is vital for good cybersecurity. 

Former employees and cybercriminals alike may act unscrupulously and use their old credentials to gain access to the system. If cybercriminals are successful, their unauthorized access may go unnoticed for a while since the former employee is no longer monitoring their old account. 

Offboarding is also a good policy to have regarding your personal data. Make sure you are completely aware of any other parties that have access to any personal accounts, including bank accounts or even your Netflix account, and know how to have their access removed should the need arise.

Consider a Zero Trust Approach

Zero Trust Security is exactly what it sounds like: Don’t trust any user until they are verified. Like current best practices, traditional cybersecurity approaches included strong perimeter security, such as firewalls. However, one of this model’s main failings was that if an unauthorized user was able to breach the perimeter, there was little to no internal security to prevent them from accessing sensitive areas of the network. 

Zero Trust Security rests on the belief that trust should never be automatically granted either outside or inside a network’s perimeter. All users must verify their identity every time they try and move around the network. This way, even if the perimeter is breached, unauthorized users can be more easily contained to the network’s less sensitive areas. 

Further Reading

Cybersecurity is everyone’s business, from the intern in the mailroom all the way up to the CEO, and this idea has spread beyond the workplace and into the home. To help ensure your cybersecurity posture as a business is as strong as possible, you should be:

  • reviewing your policies regularly
  • including cybersecurity in your onboarding process for new employees 
  • offering frequent refresher training for all employees

On a personal and workplace front, you should make sure that you, your family members, and your co-workers all understand the importance of good cybersecurity and why each policy and procedure is in place.

If you could use a refresher, we have included a list of articles for your review below. If you have any questions about cybersecurity or could use some expert advice, please contact our experienced team

Educating Yourself & Your Team

Cybersecurity Awareness is Increasingly Important, Especially With 2020 Around the Corner

The Modern Hacker: Who They Are, Where They Live, & What They’re After

VirtualArmour Academy

Essential Best Practices

Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

Cybersecurity Spring Cleaning: It’s Time to Review Your Security Practices

Creating a Response Plan

Building a Cybersecurity Incident Response Program

Best Practices for Organizations with BYOD Policies

Keeping Your Network Secure in a “Bring Your Own Device” World

Securing Your Website

Basic Website Precautions: Keep Intruders Out With These Fundamental Security Best Practices

Common Cybersecurity Attacks to Prepare For

In a Remote World, Social Engineering is Even More Dangerous

5 Old-School Hack Techniques That Still Work (& How to Protect Your Data)

Everything You Need to Know About Ransomware (2019 Edition)

Don’t Let Phishing Scams Catch You Unaware

Cryptojacking: Because Every Currency Needs to Be Protected

Hackers Are Increasingly Targeting People Through Their Phones

Airports are a Hackers Best Friend (& Other Ways Users Expose Themselves to Risk) 

How Fear Motivates People to Click on Spam

What to Do if You’ve Been Hacked

Hacked? Here’s What to Know (& What to Do Next)

Industry-Specific Resources

Healthcare

The Ultimate Guide to Cybersecurity in the Healthcare Industry 

Case Study: Your Healthcare MSSP

Finance

How the Financial Industry Can Strengthen Their Cybersecurity

Case Study: Your Financial Services MSSP

Retail

Case Study: Your Retail MSSP

Energy

Case Study: The MSSP for the Energy Industry

Service Providers

Case Study: The MSSP for Service Providers

Higher Education

Cybersecurity Basics Every College & University Needs to Have in Place

Manufacturing

Cybersecurity for the Manufacturing Industry, What You Need to Know Now