Open letter to businesses outlines best cybersecurity practices to protect against attacks.
The White House has sent an open letter to companies across the nation urging them to take immediate action in their effort to fight cybercrime. The letter provides several recommendations for companies to take to improve their cybersecurity stance. Ransomware, in particular, is causing tremendous damage to businesses. Because of the recent successful ransomware attacks against oil and food processing companies, the urgency to improve cybersecurity is higher than ever.
Ransomware has been a rising problem in cybersecurity for many years. The ransom demands continue to increase, in some cases, they are several million dollars. With this threat on the rise, the U.S. government is taking several steps to combat the issue. In the letter, the White House urges private sector businesses to implement security measures like two-factor authentication and off-site back-ups. They also recommend regular updates and system patching.
If you want to read the White House letter, you can download a copy here.
What should I do to improve security in my business?
None of these recommendations is anything new. All of these security strategies are common practice in our business and should be in yours as well. Hopefully, this new rash of attention from media outlets and our federal government will get American businesses to take note and act.
Our company performs security assessments for small to medium businesses. It is shocking how many businesses have glaring cybersecurity weaknesses when we initially evaluate their systems. It seems like many businesses take the approach of “if it ain’t broke, don’t fix it”, but that can quickly lead to trouble. Out-of-date and unsupported software can leave your business exposed to attack even if the software is still working.
Back-ups are another area of concern and particularly important in defending against ransomware. If you are still using a legacy backup system using portable hard drives, you should consider a newer solution. Modern backup systems are automated and include a backup to a secure location in the cloud. We also offer systems that include ransomware detection and defense.
Are there other steps I should consider to increase my security in my small business?
The White House letter offers some solid advice, but some of it seems directed towards larger corporations. For instance, it recommends pen testing which can be an expensive proposition. Pen testing is when cybersecurity experts attempt to break in or find security holes in the security of a network. It is a valuable way to uncover potential security issues, but may not be a viable option for a small business on a strict budget.
A much better approach for smaller businesses would be to engage with an IT Services provider and have them conduct a network assessment. Most of them have powerful assessment tools that can uncover the most pressing security issues. You don’t have to spend thousands of dollars to learn that some of your computers don’t have a supported version of Windows 10 running, for example.
You may want to consider working with a Managed IT Services Provider (MSP) even if you have an IT person. An MSP can often fill in gaps in security with systems that they are very efficient at supporting. These services are usually offered on a monthly agreement so they don’t require a huge initial investment.
How do I secure my company’s Microsoft accounts?
Many small businesses have embraced Microsoft’s 365 solutions for email and office applications. It is important to make sure those are secure and backed up just like anything that runs on your computer. Just because an application like Microsoft 365 runs in the cloud, it does not automatically make it secure.
Using multi-factor authentication (MFA) is a critical step to securing any cloud-based application. It adds a second level of identity verification in addition to a username and password for access to an account. Read more about it in a recent blog post I wrote here.
Microsoft also offers a service called Microsoft Secure Score. This service evaluates the security of your Microsoft 365 accounts for your business and assigns a score between 1 and 100. We recently completed a project for all of our clients to bring their secure score at least into the 90s (very secure). A Microsoft 365 account will typically score in the low to mid-teens (very insecure) set up using defaults. Learn more about Microsoft Secure Score here.
With so much to consider, where do I start to make my business more secure?
As I previously suggested, start by having a security assessment done for your business network. Our company offers them and if you’re not in our area, do a Google search for “Managed IT Services Provider” and your home town to find one in your area. Get some help with the items that the White House is recommending. Do what you can to avoid being the next victim of ransomware.
One last suggestion I offer is to help your employees be more aware of how these attacks occur. People don’t need to know all the technical details, but helping them to understand the risks will help. There are many excellent cybersecurity awareness training programs available. We offer one called Ninjio that delivers a cartoon video each month that tells a story of a cyber attack. The videos are only three or four minutes long and are easy to digest. Check out a sample here and if you want additional assistance, contact me at success@rspn.com
