2020 has been an unusual year riddled with unrest and uncertainty. Cyberattacks have been growing exponentially during this year. Reports of Denial-of-Service, phishing, and ransomware attacks appear to be everywhere. Some techniques to protect you and your company are outlined here.
Check your strategy for incident response
Your incident response plan should provide your IT personnel with guidance on identifying, reacting, and recovering from different types of cyberattacks.
Ensure your employees know who to call in an emergency
For an emergency, each team or agency should have a point of contact, and backup contacts should be available.
A clear policy on escalation
Depending on the type of event, the contact person reported should have a good understanding of how to escalate.
Be watchful of brute force activity
A brute force attack is when hackers attempt to break into a device automatically using random passwords. It is crucial to know if an attempt is being made, even if it is difficult for anyone to get in this way because you have Multi-Factor Authentication allowed. When login attempts exceed a certain level, there are many event tracking systems out there that can send out alerts.
Ensure that you use Multi-Factor Authentication (MFA)
One of the safest ways to defend against brute force and other similar attacks is Multi-Factor Authentication. Brute force style attacks would fail as users have an additional form of authentication on top of their password.
Ensure strong password practices
Passwords can consist of a mixture of various character types: letters in the upper case, letters in the lower case, numbers, and even special characters. For others, this practice makes it harder to guess passwords.
It is a great idea to use a password manager to restrict the number of passwords or, better still, an Identity and Access Management system that identifies if any compromised systems have used the passwords users select.
A dictionary attack is like an attack by the brute force, but it uses recognized passwords, passwords hacked from other systems. Users are known to reuse the same passwords for different systems, and this known activity is taken advantage of by dictionary attacks. You would be able to thwart these types of attacks by restricting users’ ability to reuse passwords, particularly passwords they might have used from other systems.
Have strong policies around less privileged access
Since the workstations of employees are possibly no longer protected behind the physical walls or corporate network of a corporation, they are more vulnerable than ever. The best way to go is to provide a less privileged access approach to all permissions granted to a user. Yes, just giving them a higher level of access would be better, but it can take a little more time and effort to work out how to give them exactly what they really need. However, the estimated average cost of a data breach due to compromised employee accounts is $4.77 million per breach and is increasing.
Enterprises have to remember that cyber attackers are out there, and they attack any interface they can. No organization can afford a good hack. Each one of us must be cautious and conscious. Enterprises need to ensure that these procedures are followed and that their business and their customers’ data are secured.