IT Tips & Tricks
Published 30 March 2022
New Alert: 16 Smart Steps for Increased Cybersecurity
As international sanctions subject Russia to crushing economic pressure, the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint cybersecurity advisory, complete with specific technical details and resources to defend against Russian cyber criminals — whether state-sponsored or private sector — from gaining network access.
Multifactor authentication is your first line of defense against malware. Don’t skip it.
CISA and the FBI urge maximum protection against malicious activity and suggest the following minimum basics are in place:
- Enforce multifactor authentication (MFA) for all users, without exception, and ensure it is properly configured to protect against “fail open” and re-enrollment scenarios.
- Implement time-out and lock-out features.
- Disable inactive accounts uniformly in active directory, MFA, and so forth.
Per CISA, “Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization — large and small — must be prepared to respond to disruptive cyber incidents.”
Here are 13 additional specific recommendations from CISA to keep the bullies out:
- Ensure that all remote access to the organization’s network — and privileged or administrative access — requires multi-factor authentication.
- Ensure that your software is up-to-date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization utilizes Cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA's guidance.
- Sign up for CISA's free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats. (If the government is offering a free service, you can bet they’re serious about it.)
You keep on knocking, but you can’t come in. What protocols do you have in place for rapidly detecting a potential intrusion?
- Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
Per CISA, Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks.
- Confirm that the organization's entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
- If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.
(Tellingly, in our own offices, the incidence of incoming phishing emails dramatically increased in early March. A full company security briefing prevented any untoward incidents. But the bad guys are clearly out there, knocking on doors.)
Do you have an emergency response plan in place — just in case the crooks get in?
Phishing emails are on the increase. Ensure every employee knows how to spot them and what to do.
- Designate a crisis-response team with specifically named points of contact for a suspected cybersecurity incident and roles/responsibilities within the organization, including technology, communications, legal and business continuity.
- Assure availability of key personnel; identify means to provide surge support for responding to an incident.
- Conduct a tabletop exercise to ensure that all participants understand their roles during an incident. “Tabletop exercises” are discussion-based sessions where team members meet to discuss their roles during an emergency and their responses to a particular emergency situation. A facilitator guides participants through a discussion of one or more scenarios. Practice makes perfect. Drill it until it’s second nature.
The best “bird” you can fly at the crooks is a demonstration of your own resiliency and the ability to continue to prosper and grow. Maximize your resiliency by:
- Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack. Having backups is smart. Testing backups is smarter. Ensure that backups are isolated from network connections. In other words, store them offline. (We’ve written about this before in this article.)
- Test manual controls if using industrial control systems or operational technology. Ensure that critical functions remain operable if the organization’s network is unavailable or compromised.
Having backups is smart. Testing backups is smarter.
There you have it: three basics, plus 13 additional points that CISA and the FBI urge you to consider, as do we. We hope you’re all safely tucked in for the night and that you never need to deploy your emergency response team, action your disaster recovery plan or put in a claim to your cybersecurity insurance. Our only request is that you do not ignore the current threat level.
The Cloud: Avoiding the Seemingly Unavoidable
Organizations are flocking to the Cloud for many reasons, one of which is enhanced security. Whether you’ve just decided to migrate to the Cloud, are in the process right now, or have already completed your migration, there’s a particular issue we’d like you to consider. A common problem with data migrations is data that goes missing. You probably know that the most common cause is the file links that get broken during the migration itself. It’s the nature of links.
Establish a cybersecurity team that knows their exact roles and how to respond to an emergency situation.
While Gartner maintains that upward of 80 percent of data migrations fail, we believe that being able to check one of the most common migration problems off the list altogether is akin to regaining several hours of your life. And what’s that worth?
LinkFixer Advanced™ can be deployed before or after your migration to prevent or restore any missing data you may have due to broken file links. Simply call 727-442-1822 to speak to a knowledgeable Service Consultant about a demo or a free trial. Alternatively, visit www.LinkTek.com for more information.
In the words of the revered Robert Baden-Powell, “Be prepared.” It’s a whole lot easier than the unthinkable alternative.
Feel free to share this article on your social media: