We’re hearing a lot about protecting ourselves during the COVID-19 pandemic. Unfortunately, cybercriminals are using the opportunity to create sophisticated social engineering campaigns and scaling up criminal activity, which means we need to work even harder to protect our online assets too.
The team at Avalon Cyber has put together a list of actions to take to help protect your business – and some of these can be implemented today!
- Change default credentials on home wireless and networking – not just your WPA2/3 password, but the router password itself. (Do this now!)
- Enable multi-factor authentication (MFA) wherever possible. MFA makes your accounts more secure by requiring two or more pieces of information when logging into an account. This can help prevent attackers from being able to log in to an account if they’ve guessed or otherwise obtained your credentials. (Do this now!)
- Use a virtual private network (VPN), which creates an encrypted tunnel between your device and the network you’re connecting to. This “hides” your IP address, so attackers can’t track your online movements. (Do this now!)
- Change your Office 365 defaults, which includes enabling the data logging setting, and setting up MFA to access your Microsoft account. (Do this now!)
- Obtain AND enforce the use of a password manager and force password changes on a regular basis. Adversaries can use weak and reused passwords to obtain unauthorized access. (Do this now!)
- Disable RDP (remote desktop protocol) unless necessary and disable when not in use to prevent unwanted “visitors” (i.e. cybercriminals) from connecting to your network.
- Make sure your data is backed up on a regular basis and backups are maintained separately from your network.
- Review your incident response (IR) plan (if you have one) and hold tabletop exercises to prepare for a variety of scenarios.
- Know – and stick to – your compliance requirements, unless advised otherwise by the governing authority.
- Make sure you have a next-gen antivirus endpoint detection and response solution in place, and that it’s installed on all hosts. This will provide insight into your endpoints, so you can detect and respond to threats.
- Leverage your SIEM/SOC solution (if you have one) to aggregate log data from all available sources – network, security, servers, databases, applications, etc. – which can help you respond to threats as they happen and serve as forensic evidence in the aftermath of a cyberattack should one occur.
- Remediate any known vulnerabilities and conduct regular vulnerability assessments and penetration testing to identify vulnerabilities that need patching or require configuration changes/system upgrades. Adversaries take advantage of unpatched systems and misconfigurations to launch attacks.
- Consider Dark Web monitoring for situational awareness. This can help you get ahead of sensitive data that could be available to an attacker, such as credentials, credit card information, etc.
- Launch simulated phishing attacks and provide security awareness training regularly. Organizations that send phishing campaigns on a regular basis keep their employees on high alert for these types of attacks, which helps them stay safer. KnowB4 reports that “In just 90 days, the phish-prone percentage was cut in half” from 30% to 15% when computer-based training and phishing security training was provided.
- Provide off-boarding for all dismissed/departing employees and contractors to ensure accounts are properly disabled, so they cannot be used by the departed entity or an adversary.
- Make sure whoever is responsible for your cloud security is knowledgeable – and held accountable. You may want to create a checklist of questions, so you don’t forget to ask anything.
The Cybersecurity and Infrastructure Security Agency (CISA) provides similar guidance and may have additional recommendations found here: https://www.us-cert.gov/ncas/tips/ST15-002.
If you have any questions about any of the services and suggestions mentioned above, please feel free to contact Avalon Cyber or call us at 877.216.2511. We’re ready and able to assist you during these trying times and always. Stay safe!