May 4, 2017
By Tom Kielty
Data protection and risk mitigation are increasingly important subjects for businesses to address because modern hacking techniques have become more varied and debilitating than ever before. Due to the outward facing nature of critical line of business software in use today (email, remote office requirements, and hosted websites), there are many avenues for people who are trying to infiltrate your organization to take.
Email Security Training, Spam Filters, and Attachment Rejection Policies
Phishing campaigns, malicious links/redirects and attachments are extremely common and constitute a large portion of risk for your network. To help mitigate these issues, a spam protection software/hardware and stringent email policy are highly recommended.
Spam protections software/hardware effectively sits in front of your email server and allows you to control what kind of emails end up making into or out of your mailboxes. Good spam protection software will include features such as sandboxing attachments (automatically opening attachments in a safe location and scanning for malicious code execution), spoofing protection (verifying the sender’s info matches what is displayed and where the email originated from globally), and many other useful features. Some of the most common software solutions today would include Microsoft’s Exchange Online Protection (EOP), Mimecast, as well as hardware solutions through next-gen Firewalls (Cisco, Fortinet); the key is finding the correct features, ease of use, and price point for your business.
Good training in identifying malicious emails is just as important as spam protection software itself. Even the best softwares do not have a 100% capture rate, so training your staff to ID and report the bad emails that make it through is key for the safety of your network. A good starting point is to discourage the interaction with an attachment or link from someone, even if you know them, if it was sent to you unsolicited.
There are many examples of companies who have fallen victim to this kind of attack, where someone will impersonate a trusted client or internal staff member, and ask the recipient to click on a link or open an infected attachment. These kind of attacks are common enough that the inconvenience of notifying your IT department, and contacting the sender verbally over the phone, is worth it if it prevents the exfiltration of confidential data.
Lastly, if your company is sending/receiving emails containing FTI (Federal Tax Information), PHI (Protected Health Information), or other confidential information, it is highly recommended to review your internal handling of this data.
Email encryption, data encryption locally, and two factor authentication are swiftly becoming the industry norm. If your company does not currently use these features, it is important to be moving towards doing so to stay compliant with industry practices as well as provide adequate protection of your internal data.
Update your Website Regularly
If you have an internally hosted website constructed from a major content management system (WordPress, Drupal, etc.), make sure to update the systems often. CMSs regularly have exploits which malicious actors can use to gain access to your internal data.
Intrusion Detection, Binary Reporting, and Anti-Virus Software
IDS and Binary Reporting software have come a long way from where they were a few years ago. The ease of implementation and amount of useful information that can be gained from these are critical for combatting intrusions, as well as having forensics to review after an attack has occurred. What these programs do is effectively sit inside your network and watch for patterns of attack. When they see suspicious activities or known malicious files being run, your IT staff will receive an alert, as well as the option to quarantine the infected host.
Backups and Cyber Insurance
If your business becomes the victim of a cyber-attack, one of the most critical tools to have are backup copies of your internal data. If you do not have a policy for creating, testing and off siting backups regularly, it is highly recommended to develop and enforce this. Even if a ransomware/remote takeover event occurs; having complete and well documented backups mean your data will exist outside of the attack to fall back to.
Cyber insurance is something your company will want to invest in. Not only does it provide financial coverage in case a cyber incident occurs, it will also provide invaluable resources about recovery, threat identification, notification to clients, and how to protect yourself from future attacks.
These are just some of the factors to keep in mind when designing an action plan to combat attacks in the modern era of business. For further reading on the subject, SANS as well as AICPA both have example plans available for review.