By Bill Smeltzer, CSO
Preparation for a cybercrime to infringe on your digital environment is a key component in the safety of your network and is top of mind for your hired IT professional, especially during these fully digital out of network work-from-home times, right?
Often the answer is wrong.
Although applying safety precautions to your network should be as fundamental as stop, drop and roll during a fire drill; believe it or not, most organizations do not take precaution when it comes to securing their network. They often fall into the category of becoming a victim before making cybersecurity a priority.
Over the past few weeks there has been a concerning uptick in ransomware attacks against municipalities and state agencies, which only goes to show that there are no boundaries for malicious cyberhackers.
Here are specific routes of attack we have seen:
- Unprotected VPN access
(Not using multi-factor authentication)
- Leaving RDP open to the internet
- Out of date firmware on firewalls
- Misconfigured firewall rules
- MS Exchange exploit
- VMware VCenter vulnerabilities
- Weak user passwords
(Interesting Fact: Most 8-character passwords can be cracked using a free tool downloaded from the internet in less than 1 second!)
How to protect yourself from cyberattacks:
- Store a recent backup offline and schedule ongoing/regular backups and store those offline as well
(So if there is an attack the backup is not impacted)
- Update firmware for VPN’s and firewalls
- Patch vulnerabilities on servers, laptops and desktops
- Global password reset with characters that are 14 or more characters long
(Note: Length is more important than capitols, numbers and symbols)
- Review user permissions and limit users with elevated privileges
(Users with elevated privileges need standard accounts to access the internet)
- Implement Microsoft LAPS to remove shared local admin passwords from endpoints
- Implement MFA (Multi-Factor Authentication) for all users
- Consider PAM to manage service accounts and further reduce malicious accessibility
These quick tips to secure your business and employees are the first steps in a line of defense to fully secure your business’s digital environment from cyberattacks. It’s better to be prepared than to lose your most valuable information. Get started securing today!
If you are interested in an assessment to determine your cyber security risk level or need assistance deploying these recommendations, please contact us at firstname.lastname@example.org for support!