October 16, 2019

Safeguard Against Cyberattack with a 3-Part Cyber Plan

The earth with the webs of cyber security

Since October is National Cybersecurity Awareness Month, it’s a good time for businesses to review important, commonsense steps they should take to protect their organizations from cyber threats. Such threats can lead to theft of confidential information, data recovery expenses, and lawsuits from customers affected by the cyber breach.

In the Cybersecurity world, we use the term “Global Attack Surface” to refer to those areas of vulnerability that can be exploited to hack into a computer network. Since hackers are masters at finding and targeting weak spots, the first line of defense is to create a strong offense in each of the three areas of vulnerability that make up your company’s attack surface:

  1. Hardware
    Tip 1: When purchasing company hardware, such as computers, routers, switches, and mobile devices, choose reputable, big-name vendors. Avoid off-market websites that sell hardware and accessories that look like the real thing—but aren’t. You risk the possibility of buying copycat components from questionable supply chains. Such components could be loaded with malware that gives cyber criminals complete control over a device or computer. Just one entry point like this can open back doors into an entire system.
    Tip 2: Ensure that your network has firewalls in place, which block unauthorized computer access while still permitting outward communication. Another important safety measure is to make sure firewalls are configured to industry-standard benchmarks. The Center for Internet Security (CIS) is an organization that sets such benchmarks.
    Tip 3: Keep all hardware updated per the recommended vendor requirements around updates and patches. Basically put, if there’s an update, do the update. It’s that simple.
  2. Software
    Tip 1: 
    When installing applications (apps) on company computers, make sure to download and/or install only verified software that has been vetted and authenticated for its specific use.
    Tip 2: Along the same vein, employ application whitelisting by using only those apps that are required for your particular business purpose.
    Tip 3: In addition, put multi-factor authentication (MFA) in place across your company for network access. This entails granting computer users access to the company network only after they successfully present two or more pieces of authentication: for instance, entering a code sent to a different device and keying in a personal password.
  3. People
    Tip 1: Since human error can often account for cyber breaches, your employees are an important cog in your total cybersecurity plan. Foster a sense of cyber urgency throughout your organization by instructing employees to follow all policies and recommendations from your Cybersecurity and IT departments.
    Tip 2: We’re all guilty of it: using the same password over and over or updating passwords by changing just one letter. Well, cyber criminals look for these types of “tells” to discover patterns they can predict and exploit. Encourage employees to break these habits for company security—and their own security, as well.
    Tip 3: And, of course, never click links in emails from unknown or suspicious senders. These can be phishing attempts to obtain sensitive or confidential information. In addition, the act of just “clicking” could secretly launch a download of malicious software through something called client-side exploits without employees being none the wiser.

Whether cyber thieves are looking to ransom your sensitive data, manipulate it, or sell it on the dark web, they have one ultimate goal: their own financial gain. Don’t let them easily have it at the expense of your company. Make sure part of your risk management plan includes cyber safety to help reduce risks and keep your business cybersecure.



– Jason Shockey,
Chief Information Security Officer

 

Additional Resources:


Ways to Minimize Your Attack Surface:
https://www.techrepublic.com/article/3-ways-to-minimize-cyberattack-threats-by-reducing-attack-surfaces/

Supply Chain Risk Management: https://www.dni.gov/index.php/ncsc-what-we-do/ncsc-supply-chain-threats

Best Practices for Keeping your Home Network Secure: https://www.nsa.gov/Portals/70/documents/what-we-do/cybersecurity/professional-resources/csi-best-practices-for-keeping-home-network-secure.pdf

The tips described herein are for informational purposes only.  It is strongly recommended that entities create their own cybersecurity plans based on their own individual needs. Following any or all of the tips described in no way guarantees or prevents a cyber event from occurring. ProSight Specialty Insurance Group, Inc. and its affiliates and subsidiaries shall not be held responsible for the creation or implementation of an entity’s cybersecurity plan.