2020 is not done yet. With a second wave of COVID-19 upon us and further restrictions in place, cyber-criminals must be delighted with the chaos plaguing small business. The threatscape has become broader, more sophisticated and, in some cases, only detectable once it's too late.
Small business needs to be taking a multi-layered approach to their security set-up, educating their user base in the latest threatscape and backing up business critical data. An urgent review is required to ensure your business is not left directly in the cyber-criminals firing line.
The 2020 Threatscape
Since March, the Australian Cyber Security Centre (ACSC) has seen an increase in reporting of COVID themed scams and attacks. The ACSC is doing their bit to intercept these cyber-security incidents, but educating your staff in the most common types of attack can add another line of defence to your threat response.
Ransomware and Malware
There are multiple methods by which ransomware and malware can gain access to your network. The most common delivery systems is via email, either masquerading as an attachment or requesting you to download a file from what you assume would be a trusted source. The result of such attacks is data loss across the network, or in some cases a complete compromise and loss of your IT systems.
Once they're downloaded and opened, ransomware and malware can take over your computer, especially if the virus has built-in social engineering tools that trick you into allowing administrative access. Some other, more aggressive forms of ransomware, like NotPetya, exploit security holes to infect computers without requiring any deception.
Phishing and Credential Theft
Credential theft via phishing emails has become more widespread through the Covid-19 pandemic. Spoofed sites (such as government departments or law enforcement agencies) are designed to obtain your credentials and from there these are used to either compromise your business or even your personal accounts and finances. Take the ACSC quiz and test your ability to spot a phishing scam.
It only takes a moment for a hacker to identify the senior staff of a company through a company website, trade publication or LinkedIn profile. The hackers then set up an email account using the same name and send fraudulent requests to other employees. These attacks are highly targeted and generally harder to detect.
Insecure Remote Connections
Any form of remote access is an entry point into your network. Certain ports open on your firewall is an invitation for a cyber-attack. This coupled with a weak password policy is a recipe for disaster. Once a cyber-criminal is inside your network the damage that can be done is limitless.
How to Protect Against a Cyber-Attack
Whether your business has an internal IT department or uses an external Managed Service Provider, your approach to security needs to be urgently and routinely reviewed.
- Are you taking a multi-layered approach to security? Endpoint protection alone will not protect a business.
- Is your endpoint protection software up-to-date and adequate?
- Does your business have secure remote connections?
- Is your user base aware and educated in the latest threatscape?
- Is data backed up in multiple places? Are they tested?
- Do you have an incident plan to follow?
- Is there a cyber-insurance policy in place?
- Find more information, advice and best practices from the ACSC
Taking an "it won't happen to me" attitude has prevailed for far too long. Being proactive and taking action now before a cyber-attack cripples your operations will protect your business critical data. It's these preventative measures that can save your business from having to completely start over.
Luckily, cyber-security doesn't have to be difficult. Below are some steps your business can take today to safeguard against an attack.
- If remote access is required, then do so via an encrypted VPN.
- Enable multi-factor authentication.
- Strengthen passwords governed by a password policy.
- Ensure gateway level email filtering is in place.
- Enforce IT security policies and procedures.
- Frequent update and patching of servers and workstations.
- Find more information, advice and best practices from the ACSC.
What Happens When an Attack Occurs?
If the appropriate security measures are not in place, the result can be devastating. Often the only course of action is to remediate the vulnerability, potentially restore your data, identify who or what has been impacted by the exposure, understand your reporting obligations and seek advice from a Managed Service Provider. Understanding how your business will likely respond to a cyber-attack and your legal obligations, are the first steps to recovery.
- Does your business have a documented disaster recovery plan to follow?
- Are you aware the cost downtime will have on your business?
- Do you have an incident response plan to follow?
- Are you obligated to report to the ACSC?
After the recent cyber-attacks on Australian institutions, we can no longer remain complacent when it comes to protecting our businesses online. The rush to get everyone working remotely has left some businesses dangerously exposed, with many having already been exploited causing irreversible damage. You cannot allow 2020 to land another devastating blow to your business. Prepare today to prevent an attack tomorrow.
If any of the information above has not been addressed or there is an aspect you feel needs addressing, then it's critical that you speak to us by following the link below before it's too late.