As an information security professional, I am often asked by managers and owners of SMBs on how they can protect their businesses from a cyber-attack. I have therefore decided to put together a playbook that may assist these businesses to protect themselves or in worst case scenario withstand a cyber-attack. I have tried to list down all the efforts that need to be taken based on the priority attached to it. The given priority is based on my experience and this may vary from business to business. I would strongly advise the business owners and managers to take professional advice before working out from this playbook. Without much ado, we will now look into the playbook.
- Backup data: Creating daily backups and copies of data and files. This will come in very handy in the event of system compromise or ransomware attacks. I have seen many businesses suffering a premature closure because they did not have a proper data backup strategy. Having a decent backup will help businesses bounce back quickly after a disaster, irrespective it is natural or man-made. It is always advisable to have two copies; one stays on-site and the other is sent off to a remote site. Backups without recovery make no sense; test your backups periodically.
- Anti-malware: Installing anti-virus and firewall utilities do come handy on a long-term basis. These utilities scan for malware (malicious/harmful applications) and counter them. They also help in countering attacks that come in via an exposed network. It is also very critical to keep these utilities updated frequently so even recently discovered vulnerabilities are addressed.
- Policy and procedures: Start creating an IT security policy for your organization. Use it to create other standard operating procedures and rules.
- Access rules: Staff access must be limited to only those files, folders, and applications that are required by them to perform their routine tasks. In simple words, provide needs-only access to your staff, nothing more and nothing less.
- Authentication: Utilizing multifactor authentication before authorizing access to the company’s information resources. Enforcing a strong password policy throughout the organization can be a starting point. This can help in delaying access breaches, where hackers try to force themselves into your company’s information resources.
- Data encryption: Information encryption tools can be used to keep confidential and private information safe. This gets increasingly important due to legal requirements and regulatory legislations. Restriction of access to this encrypted data is critical and policies need to be in place on the access privileges.
- Data leakage (loss) prevention: Most SMBs do have a lot of sensitive information, leakage of which can have a crippling effect on the business. Investing in robust data leakage prevention (DLP) will help organizations mitigate the financial and reputational risks that arise out of data leakage.
- It is suggested at minimum, routine monitoring and scanning of devices connected to a computer and/or the network and prohibiting the use of removable media like USB drives.
- Cybersecurity awareness: Providing regular, up-to-date training for staff at least every 90 days on the latest online threats and trends in cybercrime.
- Awareness drills and exercises grounded in real-world everyday scenarios that test employees’ ability to detect scammers and respond appropriately to fraudulent requests.
- Awareness training provided to staff about the dangers of clicking on unsolicited email links and attachments, and the need to stay alert for warning signs of fraudulent emails.
- Vulnerability assessment: Conducting vulnerability testing and risk assessments on computer networks and applications to seek out and address possible points of failure before they arise. It is recommended to perform this assessment once annually or every time a new application or system is added in the network or any change is made in the system architecture.
- Audit trails: Installing audit tools to track actions and pin accountability on users will act as a major deterrence for insider attacks.
- Smart tools: Implementing smart analytics tools that use artificial intelligence to scan networks, user accounts, and applications to discover and preemptively engage any attacks will drastically improve the cyber defenses of your company. In the evolving threat landscape, these tools are no longer a luxury but a necessity for survival. Services associated with these tools also provide a complete analysis that may include regulatory compliance.
About the author
Sudhakar S Narayan is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and Certified lead auditor in ISO Information Security Management System (ISMS) and ISO Business Continuity Management System (BCMS). He has more than two decades of experience in Information Assurance. He is currently a Principal Consultant and Director at SSD Tech.