Editor’s Note: This article originally ran in CS’ sister publication Security Sales & Integration.
Cybersecurity is an ever-mounting threat to the electronic security industry as Internet of Things (IoT) devices and structures have become a prevalent element of most systems. Many dealers are confused, as the threat and managing of networks has come with new requirements, focus and competencies.
I recently attended a cybersecurity conference that was bountiful with valuable information, delivering a good balance of speakers including value-added technology consultants, developers of cyber protection, Cloud service providers and the FBI.
I recently expanded my consulting practice and now serve as an agent for virtually every major provider and carrier in the telecom, Cloud, networking, security and cable space — so it’s essential that I stay more connected than ever before with the proper solutions.
And clients from every end of this industry must stay alert, informed and engaged when it comes to protecting themselves and their businesses.
Better Have a Plan for Backup
A fundamental approach and the only 100% guaranteed way out of any cybersecurity event is through data protection and availability. Or in plain language: Backup, backup, backup! Yes, a comprehensive automated structure that provides onsite and offsite backups is critical. It’s not good enough to simply go through the exercise of setting up this safeguard and assume everything just works.
This must be comprehensive, it must be tested frequently and it really must be with a reputable technology partner you can trust. Whether you manage this or you outsource the management, it is important to make sure you always have mirrored backups offsite and they are protected.
It’s not just about viruses anymore; ransomware is a serious threat and most don’t see it coming. Hackers have declared war on your data. It’s been reported that total ransom paid by SMBs to ransomware hackers is approximately $709 million; this despite ransom requests averaging only between $500 and $2,000, to give an indication of how prolific the problem has become.
During the conference, however, cybersecurity companies and the FBI both urged that if you are affected by an attack that you do not pay the ransom. When ransom is paid, you become a more focused target as one that is vulnerable and willing to pay, rather than protect yourself.
Business continuity and disaster recovery are among most important elements to most businesses and governmental agencies. The first order of protection against unknown risks is frequent and tested backups of your entire infrastructure.
To ensure business continuity you need the structure and ability to easily deploy a disaster recovery plan that considers your complete network in a very short time with a remotely configured and managed firewall. If disaster strikes, you want the ability to recover your data, servers, desktops, and the entire infrastructure in seconds.
This would initially be through accessing your virtualized mirrored environment while your local environment is getting restored.
Trusted Areas Are Targets for Exploitation
IoT structures and devices are making it easier for cybercriminals. Portals exist that exploit these vulnerabilities. It’s a breeding ground for those who can seek out their next easy prey through networks, computers and data.
A tremendous amount of damage takes place from a variety of vulnerabilities or lack of keeping to best practices, particularly when it comes to some everyday activities that can more readily open the door to opportunistic hackers.
The professionals call it “exploitation of trust,” and here are examples of such areas:
- Email: Inbound messages, targeted by “Spear Phishing”
- Websites: Cross-site scripting, remote code execution
- Applications: Unpatched program vulnerabilities in PDF, Word, Excel files, etc.
- Business relationships: Peers, mergers, business partnerships, etc.
- Networks: “Internal” users assumed to be safe doing the cyber damage
- Credentials: Presumably valid credentials taken over for access
Like any threat in life, preparation to guard against it is most important. Some best practices include: avoiding links from other sites or in emails; don’t reuse passwords among websites; create complex passwords that mix upper/lower case letters, numbers and characters; always check hyperlinks for authenticity; and always check sender’s name and email address — if it looks suspicious, it probably is!
Every individual and business must maintain some type of cybersecurity plan and structure. Most owners and executives may not know their systems as well as they should.
Protection means always being aware, knowing your network (hardware and software); isolating sensitive systems and data; performing proper access control and auditing; backing up and practicing recovery; and implementing incident response plans and testing. Taking these precautions will allow you to sleep better.
The post When It Comes to Cybersecurity, Precautions Don’t Require King’s Ransom appeared first on Campus Safety Magazine.