By Dominic Chorafakis, P.Eng, CISSP, January 19, 2019
Not so long ago, computer viruses were mostly created by pranksters and computer geeks trying to see what they could get away with. There was still some risk for data loss and downtime, but for the most part viruses were just an annoyance and installing a decent anti-virus was enough to keep your systems safe.
Today things are much different. Online banking and bitcoin have made it possible and safe for hackers to turn what used to be a misguided hobby into an organized criminal enterprise, with cybercrime proceeds surpassing $ 1 Billion last year.
The lone computer geek has been replaced with sophisticated teams of highly skilled professional hackers creating military grade malware that is able to bypass anti-virus and selling access to it on the “dark web”, a kind of Internet parallel universe that is only accessible through special software which allows its users to remain anonymous and untraceable.
This new reality means that a business-as-usual approach to cybersecurity is no longer enough. Unfortunately, many small and medium business owners believe that cyber criminals won’t target them because they are too small or have nothing that hackers would want and don’t take the necessary steps until it’s too late.
Fortunately, there are some simple and cost-effective steps that businesses can take to reduce risks and avoid potentially significant repair costs and losses due to unplanned downtime.
Apply software updates and patches
Users should check for and apply software updates provided by vendors and this activity should be prioritized:
- Firewalls and Routers exposed to the internet
- Externally accessible servers
- Internal servers and personal computers
- Other infrastructure such as security cameras or other internet-enabled devices
Reduce network footprint
Businesses often create firewall rules to allow employees, vendors or other third parties to access IT systems remotely. Firewall misconfigurations, or intentional creation of rules that are too broad in scope and allow access from anywhere on the internet is a common cause of security breaches.
Firewall rules should be reviewed and the number of systems that are exposed to the internet should be kept to a strict minimum. When network ports are forwarded to allow external access to IT systems, the rules should be restrictive and limit access only from a specific set or range of external IP addresses.
When possible, vulnerability scans should be performed to confirm that firewall rules are correctly restricting access to IT systems.
Perform secure backups
Up-to-date backups are critical in order to quickly recover from an attack with minimal impact to business systems. Backup policies should take into consideration that infected systems with access to mounted backup drives may also encrypt backup files. This risk should be mitigated by having a backup strategy that keeps historical versions of backed up files and includes snapshots that are not accessible to systems that may become infected.
Deploy professional anti-virus
While zero-day attacks are an unfortunate reality, the fact is that the vast majority of breaches are caused by known vulnerabilities that professional anti-virus solutions know about and are able to block. Commercial anti-virus software should be installed and licensed on all systems and configured to automatically update virus definitions from the vendor. Additional security features provided by many commercial solutions like secure browsing extensions, identity theft protection and enhanced computer firewall features should be enabled on all computers.
Cyber Security Awareness
Studies show that the chance of a breach is reduced by up to 40% in businesses that engage in cyber security awareness training.
The method most commonly used by hackers to bypass security measures is phishing, where users are tricked into clicking on a link or opening an attachment in an email that looks like it came from a legitimate source like a customer, vendor, bank or other well-known company or website.
Computer users should take time to educate themselves on spam and phishing techniques as well as tips on how to detect them and ways to avoid falling victim. There are many free resources online such as staysafeonline.org that provide information and tips for businesses and individuals.
Managed Security Services
Cyber-security is constantly evolving as the cat-and-mouse game between cyber criminals and security vendors rages. Installing a firewall and anti-virus and then simply forgetting about cyber-security can be a huge and costly mistake. Businesses should consider managed cyber-security services to make sure IT systems and staff are protected against the most current threats and vulnerabilities.