As evidence mounts about the depth and breadth of the Russian hack onto the U.S. cybersecurity apparatus, and most businesses having to pivot to a WFH business model, now would be an excellent time for business executives to test and review the security of their business organization’s network.
They are as follows:
Increase email security. Many believe that email is a secure mode of communication. It is not. When communicating via email, users should always write with the belief that their communications will be hacked and become public. There are services available that allow for emails to be encrypted from both sender to receiver.
Use multi-factor authentication. This tool should be employed for business communications, apps and websites. One will have to present two pieces of identifying information to gain access. It is also effective in thwarting hackers from accessing company networks. Hackers will generally move along to a less secure company network that has not implemented multi-factor authentication.
Maintain company backups. Ransomware is now a bona fide business model for hackers. Companies are specifically targeted for revenue that can be generated. Company backups may be a business’s only avenue of surviving an attack. Businesses can test backups by trying to recover from them prior to an attack.
Enable secure remote access. Businesses can ensure a seamless experience with a secure remote access by utilizing a vendor that secures the company network from outside intrusion while affording its employees the ability to work from home on any device.
Update the company software. It’s wise to pick a day of the week to do software patches on the company network. This helps to ensure that company software and any plugins are updated regularly without fail.
Use a password manager. There is a tendency to use the same passwords across multiple platforms. To avoid this complication, it is highly suggested to use a password manager to generate and save passwords amongst different sites.
Scan for malicious software. Companies should scan software daily within their organization. These tasks can easily be automated for overnight sessions to not interfere with business operations.
Implement a security training program. Educating the company workforce about techniques used to gain access to company networks can pay dividends in thwarting potential attacks. Hackers prey on busy employees to gain access to company networks.
Purchase cyber security insurance. Recent cyber events involving our cyber security apparatus and multiple governmental agencies are demonstrative of this new pandemic environment. This is the norm and not some one-off event that should shuffled off into the annals of history. Business executives should take heed and take proactive steps now to prepare for any incursions into their company networks. The cliché that it is not a matter of “if” but “when” is entirely appropriate where it comes to cyber security attacks.
Antonette Vanasek is a Goldman Sachs analyst/expert on cybercrime and among the nation’s leading cybercrime prevention and insurance experts who regularly collaborates with the FBI and Department of Justice on massive cybercriminal take downs and investigations.