Layer your security to present a harder target

Cyberattacks have dominated the headlines recently: In May alone, the Colonial Pipeline was struck with ransomware, the Belgian Parliament was hit by a denial of service attack, and Scripps Health had its servers hacked. Those enterprise-sized breaches will take substantial resources to correct; now consider the effect cyberattacks have on much smaller businesses. 

The U.S. National Cyber Security Alliance reports that 60 percent of small companies could not sustain their businesses for more than six months after a cyberattack. To protect against these threats, companies must have multiple layers of security. Hackers will try different methods to punch through a security perimeter, so the more layers a company has — a firewall, multiple servers, backup solutions — the more protected it is. Knowing the threats, including phishing, malware, ransomware, weak passwords, insider threats, social engineering, and DDoS attacks, helps to prepare for when they do happen. And having a plan in place is critical in order to react quickly and effectively.

Let's take a closer look at these attack vectors and the measures you can put in place to protect them.

Layer up

Any device employees use to communicate is a vulnerability. The more layers that separate data from intruders, the more likely it is to be protected. Critical assets should be defended by several measures, starting with a firewall. 

A firewall monitors incoming and outgoing network traffic and is generally one of the first security layers that companies implement. Based on a defined set of security rules, it permits or blocks specific traffic. But a firewall alone is not enough. Firewalls allow internet and email use — which are the main ways exploits are delivered — and they don't prevent outbound data theft. In addition, today's exploit kit routinely changes malware, so it is not always detectable by the virus definitions on the firewall. Endpoint security can provide an additional layer of protection.

Endpoint security software prevents devices that are connected to a network from becoming an entry point for a cyberattack. Antivirus, email, and web filtering are popular methods of providing endpoint security:

• Antivirus scans incoming files for malware and viruses, and then identifies, flags, and removes any malicious software. 

• Email filtering analyzes incoming emails for indications that they may contain spam or phishing content and automatically moves them to a separate "spam" or "junk" folder.

• Web filtering blocks users from viewing particular websites by preventing their browsers from loading certain URLs. Some companies provide employees with a virtualized instance of a filtered standard browser, which provides a high level of assurance against commonplace attacks and prevents even successful attacks from executing code, compromising the OS, or reaching the local file system or other vulnerable targets.

Using multiple servers for resources allows businesses to allocate data separately from their core servers. Multi-server environments also allow more granular and more effective monitoring: A granular view can ensure uptime and performance, as well as maintain cybersecurity, and provide more efficient development or resource allocation. Backup servers [Link to 0506] manage copies of data, files, applications, and databases. They have hardware and software capabilities to save and recover lost, stolen, or destroyed information.

Upgraded desktop and laptop operating systems provide another security layer. Updates often close security weaknesses, thereby eliminating an avenue of attack. An outdated OS can be very profitable for a hacker. Many ransomware attacks, for example, can be avoided by updating the OS and patching software fully. 

Vulnerable default settings are also attractive to hackers. By implementing configuration management software, companies can monitor device, OS, application, and other configuration settings, and identify misconfigurations that put systems at risk. Configuration management can also recognize atypical changes to critical files or registry keys, and it helps if you want to remotely control stolen or otherwise compromised devices.

Unified Threat Management systems consolidate these security and network functions, and they can be easier to manage than running individual solutions. UTM devices can also be helpful for companies that want to outsource security monitoring and network management. 

Hackers generally look for the easiest way into any system. If you make access more challenging, you're less likely to be a target. 

You should also look into two-factor authentication, which adds a secondary credential to an organization's login portal, such as a code sent to a user's cell phone, and biometrics — such as requiring a face or fingerprint scan for access.

Plan, plan, plan

Prevention is critical, but you must also prepare a response should the worst happen. Backing up data can be a lifesaver in the event of a cyberattack, and being ready with a plan of action means a fast, efficient, and effective reaction that can save time and money. Without a plan in place, companies can face crippling fines and devastating publicity.

The initial steps include contacting the management team, and, as appropriate, law enforcement. Then, employees, suppliers, and customers should be informed. In certain instances, deadlines for communications may be stipulated by law. After-hour contacts should be listed in the document, as well as what situations require escalation. Typically, as scale, risk, or impact increases, executive involvement increases. 

After the breach has been appropriately communicated, corrective actions are developed and implemented. Internal teams who would be expected to investigate the incident and bring in experts are identified in the recovery plan and should include representatives from IT security, compliance, legal, senior leadership, risk management, and marketing, as appropriate.

While the immediate response occurs in the first 24 to 48 hours, the analysis and investigation into what occurred can take weeks. Post-incident reviews are conducted, staff is trained and educated, and internal communications are disseminated to minimize potential future incidents. Corrective actions, including appropriate disciplinary procedures, should also be outlined in the remediation plan.

As cyberattacks become increasingly brazen, small firms must be diligent about preventing data breaches. Creating and following a centralized security process can prevent many breaches, but a well-documented recovery plan is insurance worth having to ease the aftermath should a cyberattack happen to occur.