Ditch the Drama: 5 Ways to Stay Ahead of The Hackers

/in , , ,

By Russ Levanway

Ransomware attacks are getting to the point where they are becoming existential threats to organizations and can disrupt entire industries and supply chains.  If it wasn’t serious before, it is now.  Furthermore, hackers are increasingly sophisticated and daring, and are often backed by foreign governments bent on destabilizing, stealing intellectual property, or just plain old making money via extortion.  The risks of a confidential data leak are higher than they’ve ever been before.

One of the questions I get asked regularly is: “What can I do to protect myself from data infiltration?”

The first step is arming yourself with an understanding of how these threat actors operate. The second step is realizing that effective cybersecurity isn’t a question of simply having current antivirus installed. In today’s world, threats are varied in nature, and an effective cybersecurity toolset must be multi-dimensional. [READ: Understanding the Enemy + Why Your Antivirus isn’t Enough.]

Here are the 5 best things you can do to protect your business and stay ahead of the hackers:

#1 Keep learning

As cliché as it is, “knowledge is power”. The most powerful line of defense is prevention and education.

We continually have to remind people of that. Thankfully, at CIO Solutions we have long been offering anti-phishing educational tools to clients. These include a valuable training tool that enables your company to educate users in real-time. Through simulations, training videos, and more this tool can make users aware of phishing and empower them to identify and avoid it. We provide this to most of our customers, but its efficacy is only as good as the business’s willingness to put in the work.

To reap the benefits of a program like this, users have to engage with the orientations and training videos; they don’t work by osmosis. Businesses that embrace these trainings and stress their importance are better off than those that don’t. Often, it’s the companies whose employees skip the trainings that wind up incapacitated by a phishing attack, desperately in need of our help to clean up a mess.

#2 Remember your backups

We were recently engaged by a cybersecurity forensics firm to help a large organization that was mismanaging its backups. Sadly, they had been infected with ransomware and all their data was encrypted, including their backups. The data was not recoverable because of the encryption, and the ransom was beyond what they could afford.

Moral of the story? Backups and protection are key. Never skimp on backups and be sure they are set up properly with an onsite and offsite copy that is firewalled from the regular network.

#3 Invest in cyber liability insurance

We consistently recommend cyber liability insurance. Businesses insure against fire, flood, and theft of property. Based on prevalence, cyber-attacks should now be listed among those sorts of catastrophes.

Cyber liability insurance is extremely valuable and, in the grand scheme of things, pretty affordable. Consider the astronomical cost of getting attacked: loss of business, forced shutdown, frustration, and paying for IT help (not to mention the financial costs incurred by paying a ransom). It can be crippling if your data is encrypted. Several days may pass before you can get your network running again. You may even need forensic help to get back online, investigate whether your data was stolen, and prevent further attacks.

Bottom line: If (or when) that happens, cyber liability insurance is a small price to pay for protection.

#4 Look into Endpoint Detection and Response (EDR)

Don’t confuse EDR with antivirus protection. Antivirus software can detect known threats and prevent the installation or deployment of known viruses. EDR can detect variants to patterns in both software and user behavior.

Let’s say Joe’s computer typically downloads 100MB a day from the internet. One day it reverses and uploads 100MB to the internet. EDR will see that as suspicious and flag it.

In our effort to stay at the forefront of cyber-attack prevention, CIO Solutions now offers CrowdStrike, a very advanced EDR tool. A cybersecurity forensics firm we work closely with thoroughly vetted it as a best of breed solution.  As recently as a year ago, the program was outside most organizations’ budget, but today it’s far more affordably priced. Are you a current client of CIO Solutions with questions about CrowdStrike? Don’t hesitate to ask.

#5 Enable Multi-Factor Authentication (MFA)

You’ve probably gotten used to the number of websites these days that won’t let you in with a plain old password. Your bank probably also texts or emails you a security code. You might even have an application on your phone called an Authenticator app with rolling codes that you have to enter to log in.

These are all examples of MFA.

Your business ought to implement MFA on key applications as well. This tool has quickly become a standard in the evolving security landscape. Even if someone DOES get your password, it is useless without the other authentication factor. The second piece to grant access is the security code that will only come up on your phone (which they don’t have). We highly recommend this.

Don’t put off to tomorrow what you can do today

The bad news: hackers will always be a threat.

The good news: there are effective ways to protect yourself, but you have to deploy them now.

Armed with that information, how will you begin protecting yourself from ransomware, phishing, and data infiltration?  How can we help?

Inflection Point

Inflection Point

/in

By Russ Levanway, President

Throughout the course of a human life, our brains are constantly changing. This neuroplasticity is very good news for anyone hoping to take up the ukulele or overcome a phobia. But at certain stages, the brain makes especially big leaps. One of those leaps happens in adolescence, between childhood and adulthood, when brain matter and computational power increase, but the brain relies more on the limbic system (i.e. emotions) than on the prefrontal cortex (i.e. logic). Anyone parenting a teenager will understand what I mean here!

Like the human brain, the human race is constantly making incremental changes and adjustments. We also occasionally make major leaps in advancement. Think of the prehistoric revelations of fire and the wheel, which really catapulted human progress. Or there’s our understanding of germs and what causes them, after which our life expectancy shot up. During the Industrial Age, the discovery of coal as a source of energy pushed us into a new era of productivity, innovation, and comfort. Refrigeration and large-scale agriculture have lifted hundreds of millions of people out of food insecurity. Computers represented another major leap ahead, allowing us to do many things in a matter of seconds which previously might have taken hours, days, or much longer. Computers drastically, exponentially increased our productivity as a people.

Of course, each advancement has not been without its unique challenges.  Coal is incredibly polluting.  Pesticides used in large-scale agriculture have both pollution and health safety concerns. Computers help you do the wrong thing faster than ever before.  But even so, each of these leaps has created great improvements for society overall.

One giant leap for mankind

We may be at another inflection point now with vaccine technology. We’re getting close to living in a world where we can rapidly immunize people against new illnesses and diseases. Even just a short while back, developing a COVID vaccine would have taken 10 to 15 years, whereas recently scientists developed several vaccines over the course of just a few months.  This is an absolute game-changer in terms of our ability to protect people from the ravages of disease now and in the future.

Even though COVID has made these days extremely difficult and challenging, it’s exciting to know humanity hasn’t stopped making those leaps. History illustrates that tragic events often force our hands. The last year has been a trial for most of us. We have been pushed to our edge. Many moments felt threatening, scary, and unprecedented.

But think about the days leading up to each of history’s inflection points. Moving from an agrarian era to an industrial one was unprecedented. Before the computer age, no one could have imagined we’d be carrying tiny, outrageously powerful computers in our pockets and purses. And just a year ago, folks couldn’t imagine a vaccine being developed to change the course of humanity in just a few months. But here we are.

Purpose under pressure

I think recent movements forward in vaccine technology portend a bright future. We often need a kick in the pants to motivate us to do something big, courageous, and bold, and that’s okay. The takeaway is that we as a people rise to the occasion when responding to a big challenge.  There is nothing like a fundamental threat to our way of life to galvanize our focus on something big, bold, and future-changing.

There is a way to make this relevant to our own businesses.  Getting your teams to think about and brainstorm around the big, tough challenges can result in some great ideas.  Giving them space to develop some moonshot ideas is well worth it.  You can generate a lot of excitement and interest around these activities by connecting them to shared values and purpose.  Or perhaps there is a threat to the way you have been doing things that is driven by outside forces, and a new way of delivering your services is needed.  If your team knows what the threats are, and has space to experiment a bit, they are likely to respond in a creative and problem-solving way.  Is there room in your business for this?

Where Planning Has Its Limits

Where Planning Has Its Limits

/in

By Russ Levanway, President

With the new year, I’ve been thinking a lot about where we are now versus where we were this time in 2020. This might be stating the obvious, but many assumptions we had going into 2020 have been turned on their head.  Going into 2020, everything was (pardon the pun) business as usual. We had our annual business plan dialed in, part of our general three-to-five-year plan. We had our quarterly goals lined up. Everything was set up for success.

And then the pandemic hit.

Looking back, we accomplished maybe half of our internal goals in 2020. That’s not to say we fared badly, though. We accomplished other goals we never even thought we would have to deal with in 2020.  Also, the last year taught us a few extremely valuable lessons — lessons I don’t think we could have learned any other way.

Lesson #1: Working from home isn’t horrible.

Prior to 2020, researchers and business experts debated whether working from home was beneficial or detrimental to productivity and company culture. The opinions were mixed, as were the results of countless studies. But after all that hand-wringing, COVID-19 has taught us that yes, working from home can…work. At first, it was a big, difficult transition for many, but by and large, people did well working from home. Some people were more productive, some were less so, but on balance, we pulled it off — not just at CIO Solutions but as a nation.

That being said, our company held a distinct advantage in 2020 because we were already using a couple of key tools. First is our CIO Cloud.  For us and many of our clients who use our Cloud, transitioning to working remotely was – while not seamless – way easier.

Another huge asset we have internally is good dashboards that show us what our support and project teams are up to at any given time.  At a glance, I can see what people are calling in about, who is on the phone queues, who is working on which support tickets, etc.  We also had a great communication chat tool – Slack – that was already widely used across our team.  So in essence, we had the tools to get people working from home and not be totally isolated in the process.

Lesson #2: It can always get better, and it can always get worse.

It was certainly a new year in terms of new lows. We saw crisis after crisis, from political unrest and protests to wildfires and the effects of a devastating virus.  Our company had to deal with an ungodly number of computer viruses and cyber threats over the year as hackers used every opportunity to exploit vulnerabilities as people transitioned to less secure work from home environments.

On the flip side, though, there have been tremendous success stories over the last year. We’ve handled so much more than we thought we could. Many people have come out stronger. Developing a vaccine in under a year? Incredible! Supporting our hundreds of clients in a few hundred locations and then all of a sudden in thousands of remote locations while also working remotely ourselves?  Wow!  It goes to show that what we can do and achieve is better and more than we realize.

You can’t always plan for the worst, but you can’t always plan for the best, either. When crisis hits, or when the unknown rears its terrifying head, we might be surprised by the downside and the upside. All we can do is embrace it when it comes.

Lesson #3: It pays to be flexible.

Planning is good — no doubt about it. But, ironically, if our planning is rigid and inflexible, we become brittle. When the underlying assumptions that we used for our planning change, it is important to revisit the plan.  This is not the same as letting up on a plan because it is “too hard” or due to a lack of discipline.  This is simply an acknowledgment that realities have changed, and it’s time to adjust.

Sure, looking at the glass half empty, we accomplished nowhere near what we’d planned for 2020. But looking at the glass half full, we shifted nimbly to accommodate the new COVID normal. We equipped our clients to work remotely, no matter where they were. In fact, helping clients work from home has transformed how we deliver our services, across the board. Constant attacks and attempts to exploit our clients by hackers demanded a different approach and way of responding to security incidents. We had to throw out a lot of our original planning and devote resources to remote work and security, and progressed a long way in those regards.

How did your business do in 2020? When your employees shifted to working remotely, did your system allow them to continue to do their job? Did it allow you to keep tabs on them? Were you surprised by how challenging it was, as well as how successful you were as a company? Were you able to adapt?