You likely have few to no cybersecurity experts on your IT staff. In my last
No Jitter blog, I took a look at the cyber security skills gap and what businesses and individuals can do to counter it. But it’s a big gap, and it will not be closed easily or quickly. In the meantime, you need to do as much as possible with your current staff to prevent attacks.
Advice You Can Use
The recently revised
Security Tip (ST18-004) provides a good review of malicious code and ransomware, as well as their impact, and prevention and mitigation. It was posted by the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC). Since 2009, NCCIC has served as a national hub for cyber and communications information, technical expertise, and operational integration.
Malicious Code Classifications
Malicious code can harm your computer and compromise your data. They are unwanted files and programs. There are four broad classifications of malicious code:
- Viruses -- can damage or destroy files, and can be spread by sharing already infected media
- Worms -- a type of virus that is self-propagating and can be passed from computer to computer
- Trojan Horses -- computer programs that are masking or hiding a virus or damaging programs, commonly found in free software
- Malicious data files -- non-executable files such as Microsoft Word documents, Adobe files, ZIP files, and image files
Protection Recommendations
Assuming that your enterprise will not be able to add more security staff, you need your current IT staff to implement measures that can protect your environment. Such protections will not guarantee a safe and secure environment, but they will definitely reduce your security liabilities. These are the best practices to follow:
- Ensure that your users are cautious when clicking links and opening attachments that are unsolicited
- Adequately train your users in security and periodically verify their compliance with your best practices
- Block pop-up advertisements
- Limit user permissions
- Disable the ability to run external media features
- Change passwords frequently and ensure that they are not easily discovered
- Keep software updated
- Backup data periodically, not just a few times a year
- Monitor accounts and activities, looking for unauthorized use or unusual activity
- Ensure that your users limit what they do with public Wi-Fi and discourage use, if possible
Where to Look
- Current Activity - provides current information about high-impact types of security activity affecting the larger community
- Alerts - supply information about security issues, vulnerabilities, and exploits
- Bulletins - give weekly summaries of new vulnerabilities and available patch information
- Tips - offer advice about common security issues for the general public
- Analysis Reports – provide analysis on new or evolving cyber threats
As an example, a recent alert covers the WPA3 protocol design and implementations of hostapd and wpa_supplicant, which allow a remote attacker to acquire weak passwords, institute a denial of service, or gain complete authorization to the network. These vulnerabilities have also been referred to as Dragonblood.
Does Antivirus Work?
You need to install and maintain antivirus software. Don’t assume that all software is the same or is equally protective. Keep the antivirus software up to date, and never delay updates. If you install more than one antivirus software solution in your enterprise environment at the same time, you may find that the software of each program competes with the other and slows down your operation.
The software you select should perform automatic scans. If this is an option, definitely enable it. If automatic scans are not possible with your selected antivirus software, make a habit of doing regular manual scans, especially when you are receiving files and media from external sources.
Did you know that the antivirus programs in your Android device likely don’t work the way they should? This is according to a recent
test by AV-Comparatives that found only 80 of the 250 antivirus apps tested for Google’s platform passed basic standards.
After the Attack
If you’ve already been attacked or compromised, there are steps you can take to minimize the damage. If you are in IT, you probably know what to do. Your users you should report any suspicious activities to your IT department.
If you’re working remotely, disconnect your computer from the Internet. This will prevent the attacker from accessing your system. If you think there is malicious code in your computer, you should perform a manual scan of your entire system. If your software cannot locate and remove the malicious code, you may have to reinstall your operating system.
Unfortunately reinstalling or restoring the operating system can erase all your files and any additional software that you have installed. Once the reinstallation has occurred, ensure that you install the appropriate patches first before you resume normal operation.
Insurance?
You likely don’t want to pay for insurance -- it’s expensive! But it may help cover your costs, and will force you to follow effective practices (see “
Cybersecurity Insurance” from the Department of Homeland Security).
Cybersecurity insurance can mitigate losses from a variety of cyber incidents, such as data breaches, business interruption, and network damage. Insurance suppliers can also ensure a business adopts preventative measures in return for insurance coverage. Insurers will encourage the implementation of best practices and base premiums on an insured’s level of self-protection.
Even if you do not buy insurance, look into the insurer’s requirements, as they will inform you about what they think are the best practices your enterprise should be implementing. You can use their requirements for insurance as a security best practices benchmark.