Navigating the Covid-19 virus in the digital age is transformational. There are changes in the way we work, including working from home, increased cybersecurity risks, and requiring additional training and enhanced need for recovery. Even seemingly small measures, such as teaching employees what not to click on, will help companies protect their information.
How do we protect IT systems and keep businesses running secure? The National CyberSecurity Alliance provides a great tool and resources to help companies of all sizes fine tune their existing cyber defense.
Now is the time to train everyone to create a barrier mindset around your business like a neighborhood watch: Teach people. They are eager to help. When in need, hire experts in the field to prevent and mitigate attacks. You do not want to have to shut down your revenue systems. Resiliency will stop more attacks and help you find, fix and reduce future breaches.
Know the Basics
Get to know the 7 pillars of cybersecurity and cyber hygiene. There will be ever increasingly advanced AI cybersecurity software and protection and detection techniques. However, if something gets through, you still need to be able to quickly recover your data. Review backups, including multiple layers of backups, san snapshots with replication, local backups stored in a network isolated location, and backup copies stored offsite online and offline. You want to have multiple options to recover your systems when disaster strikes.
Many people assume that if their data is in the cloud it is completely protected. Although there are redundancies, they are not necessarily backups. For example, Office365 should be backed up from the cloud to another location. If Microsoft has an outage resulting in data loss, you want to ensure you can recover from that disaster when they are back online. If you use a product such as Veeam and have the data backed up to a Veeam Service Provider, your data will be protected and available to recover should you need it. Review your backup strategy and test it.
In addition to backups, it is important to have your systems and applications replicated to a different availability zone.
“This will ensure that an outage in one availability zone doesn’t take your business offline. These outages can be devastating to businesses with a large amount of revenue being lost during the outage. These outages do occur and can sometimes take a while to resolve,” according to Roger Mitan, CTO BlueBridge Networks.
He advises that companies train their workforce on cybersecurity tactics.
“A large number of breaches don’t necessarily come from advanced technical hacking techniques like the movies portray. In these cases, increasingly sophisticated phishing, using emails, texts, messaging apps, and phone calls are used to convince a user to open something, download something or provide details they shouldn’t,” he said.
Training is key to preventing these types of attacks. If it sounds a little off, it probably is. Always call the source directly using a number you already know.
There are many reasons to remain vigilant. When crises occur, hackers do not take a vacation. The trend for ever-increasing cybersecurity disorder continues, and the end is not in sight. According to Tim M. Opsitnick, Executive Vice President and General Counsel of TCDI , factors adding to that trend include:
1) the increasing harm and sophistication of the hackers,
2) the indifference to the harm of hacking on the global economy by individuals, corporations and nation-states, and
3) the lack of sophisticated cybersecurity resources.
He believes to that end, “as if encrypting data and holding it ransom for payment was not enough, hackers are now following through on the threat to release data publicly if the ransom is not paid. In addition, the next evolution of harm and attacks will include the use of automated hacking and artificial intelligence tools to learn to attack without human interaction.”
Follow the Legal Advice
It has never been more important to make sure that your organization complies with the burgeoning new body of laws, rules and regulations on cybersecurity.
“Know the law, know your obligations, know the potential penalties, and know the risks of non-compliance,” according to Michael Stovsky, Partner, Chair, Innovations, 3iP Group at Benesch.
- Elevate cybersecurity issues to the highest level of your board and C-suite. Consider forming cybersecurity committees and evaluate cybersecurity risks at the same level you would evaluate the other material risks that your business faces every day.
- If you suffer or suspect you have suffered a cybersecurity breach, do not sit on it. Take immediate steps to stop the threat, mitigate the harm, and contact outside technical and legal professionals who can help you as soon as possible.
- Review your insurance coverage and purchase adequate cybersecurity coverage for your organization.
- Put a cybersecurity risk assessment on your company’s to-do list right away. Don’t wait. Don’t procrastinate. Take cybersecurity risk proactively and it will substantially reduce your risk and the potential costs to your business if you do suffer a breach.
The loss sustained from a breach is not just monetary. It can be reputational and crippling. Be proactive – especially in these uncertain times.
(Kevin Goodman is Managing Director and Partner with BlueBridge Networks, a cloud data center and managed services business headquartered in downtown Cleveland.)