One way to mitigate the increased risk of cyber attacks is to look to low cost and no cost solutions that can offer an immediate risk management benefit without added expense or complexity. Lockton Affinity’s CyberLock Defense Program has prepared this list of 12 low cost and no cost ways to help prevent cyber attacks on your business.
- Identify Key Accounts and Systems. An inventory of your vulnerabilities can help illuminate opportunities to protect them. Take a few minutes to think through all the key accounts and systems vital to your business. Ask yourself if you could continue to operate without issue if something were to happen to them. Jotting down a few notes about protecting these key vulnerabilities is a great place to start as you put your cyber risk management plan together.
- Establish a Written Funds Transfer Policy. Your digital financial transactions are a primary target for cybercriminals. A funds transfer policy can help minimize your risk. Prior to any funds transfer, follow these steps:
- Require verbal verification of all new account numbers and any previously verified account number that has changed for any reason.
- Require the other party to recite their account number to your employee while on the phone.
- Train any employees that have the ability to transfer funds on behalf of the business to follow the policy according to these procedures.
- Implement Remote Access MFA. Cybersecurity experts now recommend enabling Multi-Factor Authentication (MFA) to mitigate the risk of unauthorized remote access to your computer network, accounts and systems. This built-in security feature works by disallowing remote access without standard MFA verifications. For many networks, it is as easy as turning on a setting that enables MFA for anyone who will be remote accessing your computer network.
- Carry Out Patch and Update Maintenance. Patch and update maintenance is important for cyber risk protection as new software vulnerabilities are regularly discovered.
- Take an inventory of devices, systems and applications and update where needed.
- Create a process to regularly download, test and install patches within 30 days of release on your computer network.
- Audit your network to ensure patches and updates are successful and monitor for future releases.
- Back Up All Computer Systems and Data. A cyber attack can result in the loss or theft of your firm’s trade secrets, client data and financial credentials. This can cause a truly great deal of damage from which it’s difficult to recover, so having adequate backup system protections in place is crucial. It’s fairly easy to implement a system that will handle backups for you automatically. Back up all the systems and data on your network at least weekly.
- Isolate Backups from Your Primary Network. Backups stored alongside your other data on the same network are little help in the event of a cyber attack. If your network is compromised, you want to make sure your backups remain unaffected. It is best to keep multiple, redundant backups stored fully isolated from your primary network and in a separate geographic location to avoid contamination in the event of a network intrusion.
- Remove Unsupported Operating System Versions. Many popular operating system versions are no longer supported by their developers. That means companies no longer make or release updates to patch their security vulnerabilities. Examples of unsupported operating systems include Microsoft Windows 7, Microsoft Windows Server 2008 and others. It’s important to depreciate these versions and upgrade to supported operating systems, as even one unsupported system connected to your network can compromise the whole network.
- Scan and Filter Content on the Network. Incoming emails and files can contain viruses that easily infect your computer and spread throughout your whole network. Often, all that’s required is to open a suspicious email or download an attachment. A simple solution is to activate security features to scan and filter email and web content for malicious items. The security system can quarantine the item and alert your administrator that a problem has been detected.
- Use Tools to Authenticate Incoming Mail. Special tools such as Domain Keys Identified Mail (DKIM), Sender Policy Framework (SPF), and Domain-Based Message Authentication, Reporting & Conformance (DMARC) exist which can authenticate incoming email and prevent phishing attacks. This one can be tricky, so don’t despair if your first thought on seeing SPF is suntan lotion. Your IT staff or network/server administrator should be able to recognize these options. Otherwise, simply contact us and we can provide a written guide on implementation.
- Secure or Disable All RDP Endpoints. Remote Desktop Protocol (RDP) is a popular Microsoft Windows component used to connect to a computer remotely that can introduce serious security vulnerabilities if improperly configured. Either protect your RDP with MFA (multi-factor authentication) or disable it on all network endpoints. Similar to #9, if your IT professional is at a loss for words with this technical solution, simply contact us for help on how to implement this risk management control to secure your system.
- Encrypt All Sensitive and Confidential Information. Data encryption is an essential tool that automatically scrambles data to protect it from prying eyes and unscrambles the same data so that authorized parties can work with it. Computer systems, software applications and online services all have built-in settings to turn on encryption while data is “at rest” and “in-transit.” In addition, most email providers can add specific encryption when needed.
- Restrict Network Administrative Privileges. Computer networks rely on a hierarchical system of access levels to help protect critical parts of the network from both accidental and intentional alterations. Having administrative privileges allows a user to make changes to the system, such as downloading software onto the computer network. Limit the number of employees with these high-level privileges to a select few to protect the system.
With these simple low cost and no cost solutions, you can significantly reduce the risk of a cyber attack impacting your business. For help with any of the above, please contact Lockton Affinity and we will be glad to assist. Also, make sure part of your cyber risk management planning includes purchasing the right cyber liability insurance policy.
For more information, please contact us today at CyberLockDefense.com.