Editor’s note: Richard McLain is CEO of Cary-based INE, a provider of Technical Training for the information technology industry.
CARY – As details emerge on the biggest ransomware attack on record, cyber teams are scrambling to contain the damage, and prevent yet another global attack from impacting their teams and companies.
The attack, which came ahead of the July 4th holiday weekend, impacted victims in at least 17 countries, demanding $5 million ransoms from thousands of victims, and eventually offering as decryptor key for $70 million in cryptocurrency.
This comes after devastating attacks on Colonial Pipeline, JBS meat processor, and a number of other smaller global attacks, and serves as a chilling reminder to business leaders that cyberattacks are becoming more rampant, more brazen, and more difficult to intercept.
That being said, there are several steps companies can and should be taking to minimize the impact of a cyberattack on their firm.
1 – Assume your first layer of protection will be breached.
Secure data in a way that assumes the first layer of security will be hacked. Ensure the second layer is impenetrable. There are several techniques you can employ, and while they are costly and time-consuming, the results are unquestionably worth the investment. The most common technique is by following the HIPPA Security Rule. The HIPAA requirement contains standards that must be applies to safeguard and protect electronic data, and applies to all systems with access to confidential patient data, typical medical centers. Outside the medical field, this advanced level of security is optional, but smart companies will take advantage of the resources that already exist in the cybersecurity ecosystem to provide an additional layer of protection. It is more costly to partner with a hosted service the utilizes a HIPAA compliant data server, but if you value the data being housed inside your servers, and consider what it could cost both in ransom and the loss of reputation, smart leaders will find the benefit-cost ratio to be well worth the investment.
2 – Ensure staff are well-trained in cybersecurity awareness practices.
Phishing emails are a very effective way to penetrate security systems. They prey on individual employees’ lack of knowledge and awareness, and often work extremely well. Once a cybercriminal gains access to the company’s network, the entire company is vulnerable. By training staff to effectively spot and reject suspicious emails, business leaders can reduce the probability that their data will be breached. There are a number of free tools available to adequately train your staff in cybersecurity awareness best practices, including this one from Cary-based cybersecurity training firm INE.
3 – Test your vulnerabilities.
It is absolutely impossible to know how effective your firewall security is without performing self-tests on your systems. There are tools available, including Kali Linux and Parrot, that enable companies to test their own vulnerabilities. Your team should be using these tools constantly, ensuring that the first ones to notice a hole is YOU. Actively metasploiting and pentesting your own company is critical to mapping a security plan that will ensure your data is safe and protected from outside actors.