Here are a few headlines from some security blogs I monitor during the last few days:
Atlanta, hit by ransomware attack, also fell victim to leaked NSA exploits
Cyberattack disrupted Baltimore emergency responders
Hudson’s Bay Probes Data Security at Stores Including Saks
Under Armour says 150 million MyFitnessPal accounts hit by data breach
Cities and hospitals shut down by ransomware; millions of customer records stolen and sold on the Dark Web and information-stealing malware running rampant on the internet. The headlines speak volumes.
Here’s the simple truth: if your company has not been hacked or victimized yet―consider yourself lucky and use the time you’ve got left to prepare for an attack when it comes―and it will.
Organizations, no matter their size need to put policies, procedures and systems in place to minimize the effects of an attack. Here’s a few things to start with:
- Ensure that your organization can quickly recover from a disaster, natural or man-made, by installing a Business Continuity system. If the cities and hospitals that were recently attacked by ransomware had true Business Continuity Systems in place, they would have been able to continue functioning business-as-usual even after their data was encrypted by cyber-criminals.
- Create and enforce policies on how your workforce should interact with the network as well as internet usage. Update policies and procedures for the 21st century!
- Standardize equipment and software across the organization and secure all IT assets―especially laptops, tablets and phones (i.e. strong passwords, encryption, remote wipe, etc.).
- Limit access to systems and files to only those that need them to do their jobs and use multi-factor authentication where feasible.
- Employees should never operate their workstations using admin-level accounts. This should be a matter of policy and enforced.
- Make sure that your organization has properly configured and updated Operating systems on servers and workstations, hardware and software firewalls, anti-virus software, etc.
- Networks should be monitored and maintained by an IT Managed Services Provider (MSP) to make sure that small issues don’t become massive problems later increasing risk.
- Educate your workforce on how to identify phishing emails and to never click on links or open attachments in unverified emails.
- Instruct employees to never give confidential information via phone or email to someone they cannot verify.
- Protect your company financially by making sure you have the correct insurance in place that covers cyber-related incidents.
Even after taking all of the above steps, safety is not guaranteed. The methods used by cyber-criminals are ever-evolving and our methods of protecting ourselves must evolve with them.
By protecting your company’s systems you’re in effect, protecting yourselves, your employees and your clients. Take action now.
XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 300+ Petabytes of data with over 800 employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause.