Over the last few months, you’ve heard a lot about cybercrimes and attacks on American businesses, and while this is all still an issue, there is the good side of cyber hacking. By now, you probably have heard of Anonymous. The notorious cyber hacktivist organization. Over the past few days, Anonymous declared war on Russia.
So far, the group had infiltrated over 300 Russian sites, hacked media outlet websites, and posted anti-war pro-Ukrainian messages. They made it look like President Putin’s $97million yacht had crashed into Ukraine’s Snake Island. Anonymous accomplished all of this in 4 days.
If a decentralized international group can do this in four days to a foreign government, imagine how quickly they can get into your network? Our biggest target right now is our nation’s supply chain. Is your company part of the supply chain? Imagine if someone started rerouting supplies and shipments? How would your company react? American businesses are under attack, and it will not change anytime soon, yet many company leaders don’t believe it will happen to them. This belief is what leaves many companies open to attack.
So, what do you need to do to protect your organization? Hiring a fractional CIO can be a good solution if you don’t have an excellent CIO to help. A good CIO or Fractional CIO can help you review and evaluate the following to allow you to rest easy in the event of a cyber attack:
Cybersecurity insurance, also called cyber liability insurance, is an insurance policy that a company can buy to help reduce the burden of financial risks associated with cyber-attacks. It can be the intermediary between your company and the cybercriminals in some cases.
Some of the benefits are:
- Meeting extortion demands from a ransomware attack.
- Notifying customers when a security breach has occurred.
- Paying legal fees levied because of privacy violations.
- Hiring computer forensics experts to recover compromised data.
- Restoring identities of customers whose PII was compromised.
- Recovering data that has been altered or stolen; and
- repairing or replacing damaged or compromised computer systems.
Secure your network infrastructure; Securing a network requires a complex combination of hardware devices, such as routers, firewalls, and anti-malware software applications. Your CIO and IT Team employ or contract with highly skilled information security analysts to assess and implement security plans and constantly monitor the efficacy of these plans.
Ensuring your network is secure is an arduous task and is not done just once. Evaluating and reevaluating is essential. Confirm that your team is on top of the latest security patches for all network devices. Most outsourced IT support organizations will only patch desktops and servers, so be aware that you know what they do.
- Your first line of defense is the firewalls.
A firewall dictates what data flows through it and where it should go. Firewalls stop unwanted files from breaching your network and compromising your data. The standard firewall process is to set up an external perimeter for your network. Some companies will include internal firewalls, and this is one of the latest best practices adopted by many companies. It provides a better defense and keeps suspicious external network traffic away. Firewalls are fast evolving. Many can control data flow by identifying the type of application used.
- Use a router to police the flow of traffic.
Routers police the flow of traffic. But routers are complete with security features. Some routers have better security features than a firewall. These include the following:
- Intrusion Defense System (IDS) functionality
- Intrusion Prevention System (IPS) functionality
- Service and traffic functionality tools
- Strong Virtual Private Network (VPN) data encryption
An IDS is different from an IPS. An IPS functions like a firewall with more complex guidelines for qualifying data flow. An IDS acts as a traffic monitoring system, identifying potential breaches at different network points. Having both improves your best practices.
- Have a Wi-Fi Protected Access 2 (WPA2)
A WPA2 is the most popularly used encryption on Wi-Fi networks and uses more robust wireless encryption methods. This system is complicated for hackers and cyber-criminals to break. A person, who can access your network, can slow it down or gain access and retrieve critical information such as passwords, account numbers, and other personal information.
- Keep your email secure.
Your email is a highly sought-after target by black hat hackers. It is not uncommon to receive emails from suspicious sources. Receiving an email from a fraudulent source, also known as phishing, has become increasingly influential, with 30% of these emails opened. These emails often find their way into the spam folder and contain malware and viruses intended to disrupt your network and retrieve data.
Remember that over 80% of the world’s emails are spam. The latest email filters can remove most of your spam emails, but you should continue evaluating and updating your settings.
The more spam that gets through your current filtering system, only means you are at greater risk of getting malware.
- Use web security.
Attacks against web applications have increased dramatically, with 51% of the victims being financial institutions.
Attacks are becoming more complex and frequent, making simple URL filtering no longer sufficient. Among the features that need consideration for a robust web security system are:
- AV Scanning
- Malware Scanning
- IP reputation awareness
- Dynamic URL categorization techniques
- Data leakage prevention function
A web security system needs to be dynamic and accurately scan web traffic. Web security needs to be prioritized in best practices and strategies for enterprise security protocols.
Make sure you’re backing up! Companies always assume that backing up is their best defense, and it is, but your backup is only as good as what you can recover from it. When was the last time you tested a backup and tried to restore something to ensure you could?
Your industry may be regulations on how long you should keep your data, how to backup, and how important the data is to you. Do you need to recover to the last point of failure, or can you restore to a month ago? Your CIO can help you decide the risk factors vs. the cost factors.
There are five things for a good backup strategy:
- Onsite Backups: When a server fails, it is critical to have backups on hand for fast restoration. Time is money. Depending on your internet connection, onsite backups are faster to restore than cloud backups and usually faster than offsite tape backups.
- Offsite Backups: Onsite backups, while valuable, cannot be the only backups. Should a disastrous event happen and it takes down the data center, it could damage any backups you have onsite. For that reason, you should have copies of your backups offsite where you can access them manually or through the cloud.
- Optimized Backup Schedule: Backups are not a one-and-done process. The critical data on your network must be backed up regularly and consistently, according to a clear and organized schedule.
- Backup Testing: Backups need testing regularly. In addition, the IT staff must know how to access and restore their data backups as quickly as possible. A backup that fails or a team that is unable to restore the backup rapidly weakens the company’s return on investment in a backup solution in the first place.
- Organized Storage System: Applying tape-based backup solutions, the repository for backups and labeling system must be clear and organized. The team cannot commit extra time digging through box after box of tape, looking for a specific backup from a specified date several years ago.
Disaster Recovery or Business Continuity Playbook. Every company should have a playbook because you don’t have to worry if something happens when there’s a plan. The problem companies have with a Disaster Recovery / Business Continuity plan is that they believe it is a “one and done” effort. As your company grows, so does the complexity of the plans, and if you aren’t testing it at least once a year, you will never know if the plan will help you when you need it the most.
Set Your Recovery Time Objective (RTO) and Recovery Point Objective (RPO). The first thing you need to determine is the RTO and RPO for your company. These facts refer to:
- The amount of time necessary to restore all applications (RTO)
- The age of the files that need restoring for your company to resume normal operations (RPO)
- Setting RTO and RPO goals will require input from multiple stakeholders to assess the business needs.
Your RTO and RPO helps you determine which solutions are necessary to survive a disastrous event or a data breach. The RTO and RPO will allow you to choose which hardware and software configurations you need to recover your workloads.
Inventory of Hardware and Software
Take an inventory of all your hardware and software. Categorize each application in one of three groups:
- Critical applications you cannot do business without
- Applications you need to use within the first 24 hours
- Apps you don’t need for a week or more.
Your most critical applications will be prioritized first in the event of a disaster. You need to revisit this list once or twice a year as you make changes to the hardware and software.
Make sure you have your vendor support information for every hardware device and application so you can get back up and running as quickly as possible.
Identify Personnel Roles
You must specify the roles and responsibilities involved during a disaster recovery event. Duties range from deciding to declare a disaster to contacting support vendors.
Your disaster recovery plan will include a list of each person with their position, responsibilities, and emergency contact information. Everyone has a role to play, and each person should understand their role in detail.
You should also have a list of backup employees in the event someone is on vacation or is no longer available.
Choose Disaster Recovery Sites
A good business continuity plan will also include using a disaster recovery site where the critical data, assets, and applications will be relocated during a disaster. Whatever location you choose should support your essential hardware and software.
Disaster recovery plans typically use three types of sites:
- Hot sites, which act as a duplicate data center with duplicate hardware, software, personnel, and customer data (Operational immediately)
- Warm sites which allow access to critical applications (excluding customer data) (Operational in a few hours to a few days)
- Cold sites where you can store systems and data. (Operational in a few weeks or months)
These sites must perform backups and replicate workloads to speed up recovery.
Outline Response Procedures
Documenting your recovery strategy in a playbook is the only way to assure that your team will act quickly and accordingly, so they know what to do and where to start. Document guidelines for everything, including:
- Communication procedures for employees, media, and customers
- Data backup procedures, including a list of locations and third-party vendors
- Playbook instructions for starting a response, including employee roles and critical activities
- Post-disaster activities that take place after operations are restored, such as contacting customers and vendors
Your procedures need to be exceptionally well detailed in the playbook, so the response is clear. The plan needs to be fully transparent and make sure each staff member understands the disaster recovery process from start to finish.
Identify Sensitive Documents and Data
Beyond hardware and software, you need a list of the essential documents and data that you cannot lose without disastrous effects. These documents and data can include sensitive information, such as Personally Identifiable Information (PII), and who needs access to that data during a breach or disaster.
Create a Critical Communication Plan
You need a clear strategy for updating employees, vendors, suppliers, and customers in the event of a disaster. If you keep customers and the media informed on the status of your data outage or the breach, they will feel much better about how the situation is being handled.
Larger companies should have a crisis management media kit for the media and customers. Include statements that your PR team can publish across social media platforms and your website, including contact information and an estimate on when things will be back up and running.
Run Continuous Practice Tests to Ensure Your Plan Is Effective
The last thing you want is to have your disaster recovery plan fail in your time of need. Test your plan at least once or twice each year and look for red flags, such as failed backup hardware or a slow internet connection that can’t restore your data in time.
Any time you run through a practice test, you should also review your risk assessments, personnel lists, and inventory to update everything.
There is no 100% solution and no perfect plan. Having someone accountable like a CIO or Fractional CIO can make sure you are doing the best you can accomplish.
At JAYCO CIO Services, we don’t do anything other than CIO services. Right now, we are offering 50% off our CIO Assessment. The assessment is an excellent way to get to know us. We will work with your executive officers, stakeholders, and IT team to show you where you are deficient and supply you with a report to increase your understanding of where you need help.