White House Advice on Protecting Your Business from Cyberattacks
Cyberattacks are on the rise, and there’s an increased threat of attacks coming out of Russia right now, according to the Biden administration. As Russia grows increasingly combative and sanctions grow, the state and affiliated groups within it may crank up cyber intrusions soon.
Many of these attacks are likely to be aimed at infrastructure like water or electricity or at other targets with ties to the federal government. But even businesses that don’t fit that profile should take this moment to secure their digital assets, according to the administration.
Here’s what you need to know about the current recommendations coming out of the White House.
Multi-Factor Authentication Matters
If you haven’t yet implemented multi-factor authentication, or MFA, for your logins and key accounts, now is the time to do so. Without MFA, all the bad guys have to do is steal or guess the right combination of a username and a password, and they have access to whatever that account has access to.
That’s scary, given how terribly insecure many users are with their passwords: they reuse the same ones over dozens of sites or they write them all down on a sticky note that anyone with physical access could steal or take a picture of.
MFA adds additional layers of authentication. These could be biometric, like fingerprints, or they could be codes sent to a separate device or authentication apps that work in a similar way.
The short of it is that any MFA setup adds significant complexity to an account, without making it much more challenging for the real account owner to do what they need to do. Russia is going to have a much harder time stealing fingerprints or cloning cellphones than they are simply stealing login credentials.
Check Security of Data Backups; Consider WORM Protocol
Next, the Biden administration recommends that businesses check on the security of their data backups. Some businesses give tons of attention to their live servers, but those data backups are just sitting out there somewhere in relatively low security settings.
A threat actor could gain access to these data backups and then gain access to customer data, medical records, or whatever else is inside your backups. They could even corrupt or change those backups so that if you need to use them, they don’t work—or they show data that doesn’t reflect reality.
To combat this, consider using the WORM protocol: write once, read many. This protocol is common in professions where an unchangeable record of data matters, but it might be useful for you, too. With this system, a backup can be read as many times as you need, but it can never be overwritten or changed.
Elevate Security Awareness Training
The last point of advice will sound familiar if you’re a regular reader here: it’s time to elevate security awareness training even further.
Russia, or any other bad actor, knows that the weakest link of any organization is its human users. They can be tricked, duped, bribed, or otherwise deceived into giving out their login credentials and compromising your systems. Good cybersecurity software and practices can help, but at the end of the day, your people need to know how to spot a threat.
Your First Step Is Partnering with Experts Like Us
So, what should your first step be to prepare for a possible cyberattack? Partner with the pros, of course!
At Blue Ridge Technology, we know cybersecurity. We can help with your cybersecurity awareness training, and we can conduct a thorough review of your cybersecurity practices to determine where you may have gaps, loopholes, or vulnerabilities.
Ready to step up to a new level of security? Reach out today.