You can significantly reduce your cyber risk efficiently and expeditiously. The strategies to defend yourself against Russian hostility are the same strategies we urge any small- to medium-sized business to deploy to protect themselves against malicious hackers in general. If you haven’t done so already, now is a good time to start, review, and up-level your security plan.
On Monday, Mar 21, 2022, President Biden issued a warning to American business owners, urging them to build up their cybersecurity defenses sooner rather than later. Russian President Vladimir Putin is expected to launch cyber attacks in retaliation to sanctions and other actions undertaken by the United States to curtail Russia’s infiltration of Ukraine.
“I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we’ve imposed on Russia alongside our allies and partners. It’s part of Russia’s playbook,” stated Biden.
For decades, Russia has utilized hacking as a form of aggression against the United States, and attacks are expected to increase imminently, both in might and quantity.
As dire as the warning sounds, the reality is that you can significantly reduce your cyber risk efficiently and expeditiously. There isn’t anything exceptional you need to do to fight Russian cybercrime. Yes, the country has a history of deploying these types of attacks, and, yes, Russia has a war to finance. But cybercrime is not unique to this situation, and cybercriminals span nations, localities, ages, etc. The strategies to defend yourself against Russian hostility are the same strategies we urge any small- to medium-sized business to deploy to defend themselves against malicious hackers in general. Now, however, is a good time to start, review, and up-level your security plan if you have not done so already.
Too many advertisers will have you believe cybersecurity is too complicated or scary. Not only is this unhelpful, but it’s egregiously harmful. Deploying fear all too often leads to overwhelm, and, ultimately, inertia. We believe you can protect yourself and do so from a place of confidence instead of fear. Below are five easy ways to reduce your cyber risk.
Five tips to protect your business against cyber attacks
1) Invest time in creating a culture of security.
Start with security education, early and often, to the point of habit.
One of the key ways malicious hackers attempt to exploit organizations is through the organizations’ employees. It is worth your time to invest in security training in such a way that you create a culture of security awareness within your organization. In other words, train and re-train employees, talk about incidents and suspicious emails, and brainstorm security – together.
Essentially, empower your employees with the knowledge they need – and the motivation to care. When you do so, you go beyond just checking a security training box, you create a culture of security, replete with the information and behavior needed to be effective.
In an organization with a strong security culture, employees are better equipped to identify suspicious files – and do something about it.
Phishing emails are a common tactic and only becoming more sophisticated. For example, BazarLoader is an advanced malware that uses social engineering to trick an employee into downloading a malicious file. Once a computer is infected, it downloads and runs other malware.
If you mindfully develop a security culture with consistent training and conversations, your employees will be better equipped to identify suspicious emails and steer clear of potentially dangerous files. Furthermore, encourage your employees to report these incidents so others are aware and can protect themselves from falling victim. One way to think about this is to treat your information security as a cultural value, just as you would clean up the conference room after using it. When you do so, people will treat information security with respect, hold themselves and others accountable, and see it as more than just checking a box. They will feel a sense of pride in protecting your business.
2) Ensure strong password hygiene within your organization.
Demystify what good password hygiene looks like for your employees to better ensure your organization is protected on this front. Cybercriminals have technological capabilities to crack passwords at alarming speeds. According to research by Hive Systems, an 8-character password made up of both upper and lower case characters can be hacked in 2 minutes–and instantaneously if the password is only made up of lower or uppercase letters. This doesn’t mean you just have to accept the risk–you can take action and communicate the steps to dramatically reduce the likelihood that your employees’ accounts will be compromised.
Provide your employees with guidelines for passwords.
Knowing how vulnerable certain types of passwords are, you have the knowledge to draft an easy-to-follow password policy for your employees, and it can be as simple as:
Use a secure password manager.
Take the headache out of password management for your employees. Have employees use secure password managers to generate and keep track of unique passwords for each of their accounts.
If you cannot provide password managers for your employees, then the easiest way to generate and remember a password is by using a passphrase that is at least 18 characters long.
Use two-factor authentication.
Two-factor authentication, often written as 2FA, is an extra layer of security to verify that a person logging into an account is who they say they are. The most secure method of 2FA is by installing an authenticator app.
Do not reuse or share passwords.
A secure password manager helps ease the burden of juggling all of the passwords we are encumbered with today. Again, if you cannot enforce the usage of password managers in your business, it is important to communicate that each account should have a unique secure password. Just as passwords should not be used between accounts, they should not be shared between people.
Part of your move towards developing a security culture is supported when you have clear guidelines, such as a password policy. There is a tremendous return on the investment it takes to produce this resource and develop your security culture. You’ve got this!
3) Invest in practical, right-sized solutions for your business
You do not have to build Fort Knox to protect your business or purchase all of the products that advertisers are flinging left and right. All you need to have are the right-sized and practical solutions for your business.
Knowing where to start can be challenging, however. Sifting through the barrage of products and services can cost you time and money that you could better use to develop your business. Fortunately, there are tools and providers, such as ZeroWall, that can help you identify your risks, any weaknesses in your approach to security and make customized, clear, and actionable recommendations that are just right for your business.
4) Have a backup plan in the event of a breach
The reality of today is that businesses get hacked. It happens, but it doesn’t have to mean game over for you. You can build resistance with the steps mentioned above, and you can build resilience with the steps mentioned below.
Identify the systems that contain valuable information to you and your customers, and back them up at intervals that make sense for your business. How this looks will depend on the type of information you hold and value, as well as your risk profile. Here are some helpful tips to serve as a starting point:
- Keep a backed-up version of your contact database on hand should your communications systems be cut off.
- Keep a backed-up version of the systems critical to maintaining your operations. And keep these backups offline so that ransomware or any other similar malware infection will not affect them along with your primary data.
- Test your strategy.
- Train employees and discuss scenarios for when and how you may need to deploy your backups.
Like with any disaster, preparedness is shown to improve your recovery outcomes. Take the time to identify what is at risk; when, how, and where to back up the information at risk; test your strategy; and plan for recovery.
5) Communicate effectively and efficiently in the event of a breach
No recovery plan is complete without a crisis communication plan. As mentioned earlier, you can build resilience if your business is hacked. One of the ways to recover from the reputational impacts of a data breach is by doing the right thing–communicating–and doing it well.
- Inform your customers about the breach quickly and clearly.
- Share what you can share and provide necessary recommendations to your customers if you know or suspect their data is exposed.
- Provide frequent updates using a variety of communication channels.
- Share resources, including communication templates, if your customers need to communicate with any of their stakeholders about the breach.
- Follow up with findings from any investigations and how you plan to further address security moving forward.
The content and frequency of your communications will vary depending on the situation. Consider assembling a crisis communication team or placing a crisis communication agency on retainer to provide critical support should the need arise. Ensure that your team’s contact information is easily accessible should you ever need to assemble outside of work hours to address a breach.
Do what you can to be prepared–and remember, no one is entirely immune.
Russian cybercrime, like any crime, is part of the risk landscape that businesses today have to think about. Just like you install locks on your brick-and-mortar business to do your best to prevent a criminal’s access-to-entry, so too you would want to address and mitigate the digital risks your business faces. You can significantly reduce your risk without going out and buying every tool in the market. Instead, take the time to:
- Create a culture of security
- Ensure strong password hygiene
- Invest in practical, right-sized solutions
- Have a backup plan
- Communicate effectively and efficiently if you are hacked
Better understand your business’s unique cyber risks and be prepared to address them.
ZeroWall’s tools can help you assess your business’s risks and develop practical solutions to reduce those risks. With a ZeroWall Assessment, you will be able to easily visualize:
- Your unique risks and how they could impact your business
- The gaps in your security program
- How well your current investments are addressing risks
- How you compare to similarly-sized organizations in your industry
- Right-sized recommendations catered to your unique organization
Get the information you need to build your organization’s right-sized security program, confidently. Get started >