Initially, Russian cyberattacks slowed down as they focused on Ukrainian targets, but as the ongoing Russian invasion into Ukraine continues, it has led to a sharp rise in cyber-attacks and probably will for quite some time.
While most of the cyber-attacks are between these two countries, there is genuine potential for other countries to become victims of cyber-attacks by Russia, thanks to the sanctions impacting their economy.
While President Joe Biden's declared that the government has been improving national cyber security defenses for some time. But unfortunately, many in private industry have not, especially Small Businesses.
So, the White House has issued a warning while focusing on the infrastructure, ensuring water, electricity, and oil pipeline services aren't at increased attack risk. But realistically, the advice applies to all businesses.
Businesses should be taking a series of actions starting immediately to protect themselves against cyber-attacks and other data security risks.
To start: Data backups should be performed and checked regularly. Ideally, there should be at least one copy of data that cannot be changed during a cyber-attack, preferably somewhere in the cloud. Also, if the backup device is connected to your computer, it is not a backup; it's a target.
Second: Look at implementing multi-factor authentication (MFA or 2FA). This is where you generate an additional login validation code (your PIN) on another device to prove it's you that is logging in. Seriously, your bank has been doing this for almost 50-years when you use your ATM card, so it is time for you to start applying it to everything that supports it.
Third: All data should also be encrypted, meaning it would have no value and would be unusable if anyone did manage to access it.
Fourth: It's also good to have an emergency plan ready to help mitigate any attack quickly and effectively. It would help if you also considered preserving evidence in that plan, so don't rush to restore the corrupted data.
Fifth: Businesses are also advised to give their staff training to help them spot and avoid the common tactics used by cybercriminals. Training should be performed on a regular basis and the results reviewed as part of the process.
Training should include phishing attack simulations where they send an email pretending to be someone else. Additional items to include spoofed login web pages, where they hope you will enter your actual login details.
If you already have an IT support partner, discuss with them to ensure all your systems are fully up to date, patched, and verified as necessary.
They can also help audit how well you're performing with the items above and produce a plan to help you respond to the attack; remember to rehearse the plan, so it is familiar to you when it happens.
If you don't have an IT support partner, or you feel your current one isn't able to help you with your data security, we can help. Let’s Chat.
