It used to be that IT services providers would sell you an expensive firewall, install the “best” antivirus, do some kind of patch management, and call you secure.
Covid changed all that.
A hasty transition to remote work opened up a wave of vulnerabilities that allowed hackers to seize the moment, and seize they did!
“Ransomware still uses social engineering as its main infection vector.”
– KnowBe4’s Sjouwerman
The fact is that antivirus software have become very good. Even the free antivirus baked into Windows is well regarded by industry analysts:
https://www.makeuseof.com/microsoft-defender-avtest-report/
If hackers can’t beat the antivirus that comes free with your computer, how are companies still getting hacked?
We’ve had more than one client ask us how hackers were able to steal money from their bank account, only to find that someone in accounting wired the money. It usually involves an urgent email that appears to be from the CEO, telling them to immediately wire $20k for an important deadline. Yes, people fall for these scams.
Fortunately, there are training programs from well-regarded outfits, like KnowBe4, that can help. We schedule monthly tests to see if anyone clicks on a test scam email, and KnowBe4 automatically assigns appropriate training as needed.
It only takes one mistake for a hacker to gain a foothold in your network
Let’s assume you have a good cyber security training program, and everyone is vigilant about spotting scams. That’s a great start. But it only takes one mistake for a hacker to gain a foothold in your network. So, what else can be done?
We believe there are 7 essential ingredients for good cybersecurity:
- Cybersecurity training (KnowBe4)
- MFA
- Restricting admin privilege
- Patching
- Suspicious behavior detection
- Backups
- Cybersecurity insurance
MFA: The most BASIC and ESSENTIAL protection
Sorry for the obnoxious emphasis, but I can’t tell you how many people still push back on MFA (multi-factor authentication). We’re talking about a free app on your phone that requires you to verify your login. Microsoft states that you can prevent 99.9% of attacks based on stolen passwords with MFA.
Most of the pushback comes from the fact that MFA requires a use of a personal device. I have a question for you. If you’re not willing to install a free app that blocks 99.9% of attacks when you get your password stolen, are you an asset to your company or a liability?
Restricting Administrative Privileges
Another essential cybersecurity requirement is restricting administrative privileges. Simply put, we block users from installing any programs until they check with us. Sometimes a client might feel that it’s too cumbersome to call us each time they need to install a new program. However, if a hacker gains access to a computer through a malicious email attachment or a link, the damage done is limited if the user account doesn’t have admin privileges.
One of the first thing that a hacker does inside your network is to sniff around for unpatched computers. Once they gather up a list of vulnerable computers in your network, hackers literally go shopping for exploit kits tailor made to rob you shirtless.
Patching
Most software has automatic update built-in, but updates are all too easily put off by clicking “postpone”, “not now”, “maybe later”, “don’t call me, I’ll call you”.
Let your computer update. Reboot.
Reboot a day keeps the hacker away (and solves half your help desk issues, too!)
Suspicious behavior detection
Remember how the hacker starts their day by scanning your network for vulnerabilities? The introduction of EDR systems like Huntress (https://www.huntress.com) adds a whole new level of protection by detecting suspicious behavior which may indicate hacker activity.
Since vulnerability scan isn’t in a normal office worker’s job description, EDR automatically quarantines computers when such suspicious behavior is detected. In essence, the hacker gets busted for snooping around.
Backups
Your best protection against ransomware at the end of the day is a good backup. After all, there is no need to pay a ransom if the stolen data can be restored. Talk to your IT professional for proper backup strategy.
Last line of defense
An important protection we ask our clients to obtain is cybersecurity insurance. Cybersecurity insurance pays the cost associated with recovery from a ransomware attack. With it, we have the option to bring in the big guns if you find yourself in truly deep waters.
We partner with FRSecure (https://frsecure.com) who specialize in incident response in the event of a breach. As a retained customer, you will receive a 2-hour response to bring you back to safety, along with an after-action report on how you were breached. Because service like this isn’t cheap ($400/hr), we work with your cybersecurity insurance so they pick up the bill, not you.
Conclusion
Much of what constitutes good cybersecurity requires user training and restricted privileges. This often requires a cultural shift and change isn’t easy. Sometimes we need you as the business owner to step in with a firm hand. It is also important to remind users that we’re not here to get them in trouble or make their jobs more difficult, although it can feel that way sometimes. If we don’t protect your data, you won’t have a job to show up to.
