The world is facing a rising tide of cyber-attacks and one of the recent victims is San Francisco Airport. Small and medium-sized organizations often feel safe due to the wrong notion that hackers target mainly big businesses. What is the cost of being the victim of an attack? It results in the loss of Data, Money, Time, Clients, Reputation, etc. According to the National Cyber Security Alliance, around 60% of small businesses close operations within 6 months of being the target of cyberattack or data breach.
Chief Information Security officers (CISO) and the cybersecurity teams are fighting a tough battle during the corona crisis. Their situation is similar to those army leaders in the medieval times, trying to protect their forts from the attacking bandits, knowing that a small mistake or loophole can ruin the entire effort.
The defense strategy against cyber-attacks needs to be similar to the one we are using against coronavirus. We need a two-tier approach where institutions and experts lay out the strategic plans and enforce the procedures, while individuals need to strictly follow the security practices in their daily activities.
Individual Digital Hygiene
- Use strong passwords and avoid the use of the same password for multiple accounts.
- Beware of emails from unknown ids and avoid clicking on links. To visit the website in the link, type the website name in the address bar.
- Phishing emails and Social engineering ploys can be normally identified by poor grammar, emotive language, attempt to create urgency, requesting personal information, etc.
- To avoid the risk in Unsecured Data Transmissions, Use encrypted mediums like Signal or Wire to share critical information like passwords.
- Use only trusted sources like the World Health Organization, websites of TV channels or Newspapers to get information or updates on Covid19. New websites providing Corona information often have very weak security measures.
- Separate work and entertainment. Minimize the usage of personal devices for work purposes and avoid using work laptops for leisure.
- Look out for early signs of a breach - a slowdown, appearance of new pop-ups or programs, some functions not working properly, etc.
- Report issues to the IT team or the concerned person at the earliest. A stitch in time saves a lot.
- Educate all the verticals like finance and HR about the importance of allocating resources for Cybersecurity.
- If your organization lacks a dedicated security team, bring in external experts to review your system and to identify vulnerabilities.
- Update the security software and back up all the valuable data. Shift to better technologies and platforms which are secure by design
- Create a security strategy, and procedures and provide virtual training to all the team members. Discuss case studies of security breaches in the past to identify common pitfalls.
- Develop a graded approach where critical resources and processes are protected as the highest priority.
- Have predetermined alternate channels of communications among leaders and departments in case of an attack.
- Conduct Drills and simulations of emergency situations to test your contingency plans and resilience.
- Be careful in granting access rights to remote users and use multifactor authentication
- Select your partners carefully because many attacks are indirect in nature, through a weak link in the supply chain like a vendor.
- Avoid a culture of blame, so that employees feel comfortable to report any issue or mistake as and when it happens.
- If the assets are of high value, consider cyber insurance which can cover the cost for the direct damages and the indirect losses.
Foolproof cybersecurity and regular monitoring is the need of the hour for any organization. As hackers are continuously changing their tactics, we also need to continuously improve our security systems to match the challenge. And what they say about health is true for security too. Prevention is better than cure.
At Valuebound, we work with organizations to help them in securing their digital platforms holistically, starting from taking care of best security practices during initial development to taking security measures after the platform is hosted on the webserver. Do connect with us if you would like to have a conversation about how we are helping our clients.