Don’t let your weakest link bring your business down, writes Paul Barber, an infrastructure manager from managed service provider IT Specialists.
We’ve all heard the saying “A chain is only as strong as its weakest link”. When it comes to your organisation’s cyber resilience, the figurative chain is built with a blend of IT infrastructure and employee practices. A balance between the two is critical. You might have a seemingly impenetrable network perimeter, but if a hapless employee downloads a malicious file onto their computer from a phishing email, you have a weak link.
On the other hand, perhaps your employees are cyber savvy and diligently follow IT security best practices. However, if security tools are outdated or underpowered ‒ such as the unpatched Windows systems that allowed the easy spread of the ongoing global WannaCry ransomware attack ‒ then, again, you have a weak link. As an IT infrastructure manager for IT Specialists (ITS), a managed services provider (MSP) specialising in small- to medium-sized businesses, I’ve seen both types of weak links all too often. Businesses everywhere are having a challenging time forging a strong chain of security as they battle rapidly increasing and evolving cyber threats. The key to responding to today’s threats and challenges is to quickly achieve a unified cybersecurity strategy that addresses the following three questions.
Are your employees educated on security best practices?
As security professionals, we’re all too familiar with the misconception that cybersecurity rests soley on our shoulders, along with the help of IT. I applaud the BCI [Business Continuity Institute] for challenging that belief with the theme of its 2017 Business Continuity Awareness Week (BCAW): “Cybersecurity is everyone’s responsibility”. In fact, human error is a common cause of security breaches. According to the Verizon 2017 Data Breach Investigations Report (DBIR), 14 per cent of breaches in 2016 were caused by errors. To ensure the security of the organisation, below are some of the essential best practices the BCAW recommends you require of employees, with some additions of my own:
Use complex login credentials. Creating passwords or passphrases with a blend of special characters, numbers and lower- and uppercase letters makes them more difficult to guess.
Store passwords securely. Using a resilient password manager with a strong passphrase keeps passwords safe from prying eyes.
Where possible, employ multifactor authentication methods. Using a second method of authentication in addition to a password adds an additional layer of security.
Lock your computer when you leave your desk. Following this simple step prevents passers-by from accessing restricted data and applications.
Beware of malicious links. Checking the validity of a link by hovering over the link with the cursor allows you to determine if the destination URL is different to the supposed sender’s primary domain or does not match the URL text in the email ‒ both key indicators of a phishing email. It’s also good practice to retype the URL rather than clicking on it.
Avoid using unsecured Wi-Fi networks. When working remotely, connecting to the business network through a virtual private network (VPN) prevents hackers from exploiting your device through an unsecured Wi-Fi network.
Simply improving your practices at the end-user level can mitigate a fair amount risk.
Do you have adequate security staff?
While it’s true that cybersecurity isn’t solely the responsibility of security professionals, it is, of course, still important to have the right security tools in place. During my career, one of the surprising problems I’ve seen is that even organisations with a security manager can still have firewalls that are either misconfigured or out of date. This is particularly the case at small- to medium-sized enterprises (SMEs). This problem is not always entirely the fault of the security professionals at these organisations, however. SMEs often have an understaffed team, so tasks such as security updates, employee monitoring, and compliance and audit routines are bumped down on the priority list.
There are also budgetary roadblocks that make it challenging to invest in the security tools and upgrades needed to provide multiple layers of defence, including intrusion detection and prevention; deep packet inspection; port scanning and protocol inspection; perimeter anti-virus and malware blocking; and vulnerability assessments. With stakeholders demanding an increased focus on cybersecurity risk mitigation, security professionals are held to a higher standard than ever before. If the challenges of implementing day-to-day security protocols get in the way of overall cybersecurity preparedness, this does not bode well for cybersecurity professionals, who are liable to be held responsible for any breaches that may occur.
If you don’t have the time or personnel to ensure your network security is up to par, a managed service could be an option.
Are you prepared to face backup and restore challenges?
Last year, one of our clients had a critical server encrypted by a CryptoLocker strain of ransomware. The hacker’s message instructed the customer to “Please use public mail service like gmail or yahoo to contact me, because your messages can be not delivered. You have a 72 hour to contact me, otherwise recovering may be harder for you.” While the hacker provided a 72-hour window of time before the files would be deleted, our team had to fulfil a four-hour service level agreement. Working against the clock, we were able to successfully recover the server from backups – before the customer’s workday began. This example is a prime example of the importance of having backups in place. However, data restores are not without challenges. If malware infects the backups, restoring them will be useless. This is why it’s important to have adequate security tools and monitoring in place to detect any potential threats on the network.
There’s also the issue of restore times, which can be lengthy for large amounts of data. Lighting retailer Lyco has solved the restore time challenge with BlackVault Managed Recovery Platform, a fully managed disaster recovery as a service solution that uses a combination of a cloud environment and dedicated on-site appliance. While backing up full data sets off-site is always recommended, storing critical data on-site in a dedicated appliance can prevent long restore times from severely impacting business operations. By taking this approach, Lyco has the ability to restore 1.5 TB of local data in less than four working hours.
As you can see, your cybersecurity chain is only as strong as the weakest link, whether that’s a lack of employee education or inadequate security infrastructure. If you need help building cybersecurity awareness within your organisation, visit http://www.itspecialists.uk.com/bc-awareness-week-its to download a cybersecurity awareness kit.
