One month ago, Russia invaded Ukraine.
Discussions will go on for years to come as to why, and what the outcome will be for all parties involved remains to be seen. But clearly, the result of American businesses and individuals is a greater risk of being ensnared in a cyber attack.
At Seimitsu, our security team is monitoring our clients’ networks and those networks trying to access our clients’ networks for potential nefarious actions that could lead to a cyber attack or data breach.
Recently, the FBI issued an update that included 140 Russian IP addresses that have generated threat concerns. Seimitsu’s TrueSecure security team is monitoring those addresses as well as any others attempting to engage the networks of the clients and partners we support. However, we also wanted to share some tips for other businesses for whom we are not currently providing security solutions.
The intent is to share some cyber readiness questions that can help small to medium businesses (SMBs) mitigate potential risks.
Do you have an organizational cyber awareness training program? This consists of at least an annual formal training that all employees are required to complete to give the organization a baseline foundation for cyber hygiene. Strong programs should include dark web monitoring of organizational professional emails to know which ones have been in a data breach and the credentials of which can be found on the dark web by cyber criminals. There should also be a strong phishing training component that helps employees practice response to nefarious emails throughout the year and not just during the one-time cyber awareness training. Time invested in such training is time well spent: An IBM survey in 2021 found that it takes an average of 197 days to identify a data breach and another 77 to recover from one. A good cyber awareness training program helps develop your staff into human firewalls.The post-COVID world has left us with a workforce heavily focused on remote work. Many organizations have decided to not return to a fully inhouse staff post-pandemic. This will increase security concerns in organizations because the organizational footprint is increased to include residences of employees or other locations from which staff will be working. Organizational data and that of organizational clients is being managed and worked with offsite from a pre-COVID secured organizational office space. This will make assessing cybersecurity posture beyond the firewall of significant importance. Every endpoint (laptop, desktop, and server) should have a security sensor that is providing a high level of security-monitoring activities to ensure remote workers are operating safely and data is less likely to be compromised. Both the stakes and the cost of a data breach go up with the new remote workplace. According to the 2021 IBM report “Cost of a Data Breach,” the average cost of a data breach was $1.07 million higher where remote work was a factor in causing the breach.Small to medium businesses (SMBs) must review not just the age of the version of applications they are using but also the security posture of the systems that are deployed. With the rollout of Windows 11, there are minimum system security requirements that systems must meet. These include the capability to do a Secure Boot at start-up, as well as having a Trusted Platform Module version 2.0 or higher. These are aspects of your computer that help secure your network and organizational data from the operating system and computer hardware level. This will force SMB technology updates but does not remove the need to also use virtual private network (VPN) connections when conducting business off of the organization’s network for increased security of the data traffic being handled. CompariTech reported in 2021 that a computer without a VPN could undergo an attack more than once a minute on a daily basis.It is very likely that there will be an obvious uptick in cyber incidents over the next few months as the sanctions on Russia increase stress on the regime. SMBs should take a moment to access their cyber readiness posture and adjust cyber hygiene practices to strengthen the organization’s cyber-attack resiliency.