Prioritizing Cyber Security in the Wake of Disaster
The conflict in Ukraine should serve as a reminder to review your cyber security, backup/disaster recovery and business continuity plans. Forbes reported that “immediately after the conflict broke out, suspected Russian-sourced cyberattacks were observed over a 48-hour period at an increase of over 800%.”
With this increase in cyberattacks, you need to consider and plan for the worse possible scenario. We can hope we never have to face a natural disaster, ransomware, cyberattacks or even war, but you should be prepared no matter what and stay vigilant.
A basic tenant for your everyday cyber security is to always keep your passwords complex and unique. Don’t reuse the same password for multiple sites.
Use a password manager to keep those passwords organized and protected. Not even the best photographic memory will be able to keep hundreds of unique passwords straight! A password manager provides layers of security, automated complex password generation and the convenience we all want.
Enable multi-factor authentication (MFA) for your passwords and use it for every single account that supports it. Did you know most breaches come from compromised passwords and accounts that have not enabled MFA? Keeping unique passwords and using MFA will prevent a remarkably high number of breaches from occurring, most of which result from phishing scams that capture credentials.
Anti-virus is no longer good enough. You need a true endpoint protection software package to protect your machine and network. In the event an attacker got into your network and planted malware, a reliable endpoint protection product featuring zero-trust could stop the attacker from installing ransomware, keyloggers or back door trojans.
Another tool to deploy is advanced email threat protection, which can scan for malicious attachments and links, even if they are deemed malicious after the email is sent.
Patch, patch, patch! Run those updates to keep your system safe and secure. Did you know that vulnerabilities found in the wild are reported to software developers and fixed before any public announcement is made?
Also known as a “bug bounty,” ethical hackers and other cyber security companies are paid to find and exploit vulnerabilities in programs and then report them to the vendors to be patched. Once a patch has been made, evaluated and confirmed to resolve the vulnerability, you usually see a press release about it. A vulnerability sometimes leaks out before a patch is developed, but this is rare.
In the case of Log4j, this long-running vulnerability has taken so long to get fixed because Apache is open source (meaning it’s free and relies on developers in the community to fix these types of issues).
Apache is still reputable but products you pay for (i.e., Microsoft) have employees paid to fix issues, resulting in timely patches.
It’s super important to back up your files in the event of a system failure, disaster or malware attack. However, keeping your files on an external hard drive at your desk is not enough.
You should be backing up your files to the cloud and reading the service-level agreement (SLA) from your cloud vendor to find out where they back up to, and if they replicate coast to coast. We’ll dive into this in more detail later in the “Disaster Recovery and Business Continuity” section.
Using an effective firewall with security services like intrusion prevention, along with a solid configuration, will help keep malicious files and bad actors out of your network. Firewall appliances can detect if someone is trying to brute force their way into your network and will shut them down. Using hardware keys like a YubiKey can also help to secure your physical system and logins.
Using encryption, like BitLocker, can help protect the data on your machine in the event it was stolen. Having your server data encrypted will also help. Other applications, like VeraCrypt, are available to encrypt folders, partitions and more so they can only be accessed by the key holder.
Once encrypted, not even IT will be able to unlock without the decryption key. Speaking of encryption, it’s also important to watch the websites you are going to and ensure they have the little lock in the URL bar to indicate the site is secure.
While we hope and pray the data being recorded on that site is encrypted and stored securely (you can’t control that), you can control that the site you’re entering your data into is trusted, verified and secure.
Training and Employee Awareness
Teaching and training are fundamental in any job, trade or everyday life. The same is true with cyber security. Knowing what to look for and having the resources and knowledge to identify potential suspicious or malicious emails are key to keeping your network safe. Investing in security awareness training can save you thousands (or more) on the fallout in the event of a breach. It will always be less expensive to train everyone than to recover from a mistaken click or download!
Disaster Recovery and Business Continuity
Unfortunately, in today’s world of ransomware, cyberattacks, war and global health crises, you need to be prepared for a disaster. It’s always critical to have a disaster recovery and business continuity solution in place whether you are on-premises or in the cloud.
At the writing of this post, Russia is attacking Ukraine and it’s a literal war zone. Buildings are being destroyed, critical infrastructure is being seized and it’s devastating to watch. Our primary concern is the victims of the conflict, but when the fighting stops and lives begin to resume, can businesses rebuild and get back to normal?
Ukrainian businesses whose offices have been destroyed have likely lost their computer infrastructure and valuable company data.
What if the United States faced this sort of destruction? What if a foreign entity intentionally destroyed buildings in cities and struck down Google, Amazon and Microsoft data centers?
If you’re in the cloud and you’re hosted in one of those impacted data centers, what would happen to your backups and information?
Specifically regarding Azure, by default, most data is redundant within the data center or other local sites (as there can be multiple data centers at one site). There are offerings to back up your data to other coasts. Microsoft also offers disaster sites, which means you have your hot site (i.e., in the eastern United States) and a cold disaster restoration site (i.e., in the western United States). In the event of a catastrophic outage, this type of disaster recovery and business continuity situation could spin up your virtual data on the west coast and continue to operate.
Datto stores its data on both the East and West coasts. In the event of an attack on one of those locations, you could still recover your data and/or continue business operations by virtualizing in Datto cloud.
There are tons of cloud solution providers, but just because “it’s in the cloud” doesn’t mean it’s 100% safe and recoverable. For instance, Apple iCloud stores data for iPhones and other products. Let’s say you have all your data in iCloud. It has a single data center in North Carolina, but after thorough research, I can’t find where they specifically call out that your data is geo-replicated to another coast.
It would be plausible that Apple keeps the data in that single location, which means if it’s ever attacked, there could possibly be data loss to its subscribers. For this reason, it’s critical to review the SLA and terms and conditions of the services you subscribe to so you know what to expect and what could happen in the event of a disaster.
Again, I hope we never have to witness war, catastrophe or cataclysmic destruction, but it’s always best to be prepared. It’s like insurance; you never hope to use it, but when you need it, you’re glad you have it.
Our Technology Solutions Group includes a team of cyber security experts. We’re happy to meet with you for a free cyber security assessment of your organization’s IT infrastructure. Or, you can contact us online or call 410.685.5512 with any questions.
About Joshua Beitler
Josh monitors, updates and troubleshoots network and server systems for clients. He works primarily in Windows Server, Microsoft Office and Office 365 environments, but also has experience with automated network monitoring and data backup solutions. Outside of work, Josh is a wine enthusiast. His technology background resulted in Josh creating an app to log the different wines he’s sampled.