How to Shift from a Reactive to a Proactive Cyber Security Approach
As you’ve probably heard, cyber attacks are up this year. But while big-name breaches tend to get the most attention, it isn’t just enterprise companies that are at risk. In fact, some hackers specifically target SMBs and mid-market companies, due to the lax security that many have.
Consider this: while many business owners rate cybersecurity as a top concern, only 57% have actually implemented any type of security plan.
Even government agencies have been affected. In 2019, 22 Texas municipalities – mostly in rural locations – were affected by a ransomware attack that crippled some of their essential city services. Once in place, the unnamed hacker requested a ransom of $2.5 million. While the cities did not pay in this incident, cities in Florida and other states have – some never receiving the information they paid for.
Now is the time to act. While recovery following an attack is critical, shifting to a proactive cyber security approach in the future is even more important.
Recovering After an Attack
When we work with a company that’s been the victim of a successful phishing attack (or any other cyber threat, really), our first step is typically to implement the relevant Microsoft Defender solutions, based on the client’s tech stack. A few specific capabilities we set up include:
With Defender’s anti-phishing features, any emails coming from outside an organization that are designed to look like they come from someone inside the organization are blocked. This can make it more difficult for team members to send emails from their personal accounts to their work accounts, but it’s a necessary trade-off in many cases.
Safe Links and Attachments
Next, with safe links and attachments in place, Defender opens incoming links or attachments in a sandbox, ensuring threats are detected and eliminated. Again, there’s a tradeoff – in this case, an extra delay while the resources are reviewed. Proper training (more on this later in the article) can help staff members understand the necessity of this step.
What’s great about Defender is that, if you’re already running M365 or Azure, you can usually implement these tools at an extremely low cost and with very little hassle, simply by buying new licenses or upgrading your existing licenses.
Conditional Access Policies
With conditional access policies, you define and limit where people can log in to the network. Defender can also be set up to use AI (artificial intelligence) to help determine when multi-factor authentication (MFA) is needed.
For example, if one of your team members is logging in from their home in Austin, Texas, and then heads to a coffee shop a few minutes later, they shouldn’t necessarily trigger MFA, since it’s likely the same person at both locations. However, if a few hours later, they log in from Paris, MFA should be enforced, as covering that distance in that time would be virtually impossible.
Why Having a Proactive Security Strategy Matters
Even experienced IT professionals have a tendency to believe – even subconsciously – that their businesses won’t be affected by cyber attacks. It’s only other businesses that are at risk.
But the numbers prove that this simply isn’t the case. So while the response steps above are important if you’re responding to an attack, it’s important to note that they’re all inherently reactive actions. Implementing a proper proactive strategy lessens the chance you’ll be in that situation in the first place.
Without a proactive security strategy, you risk:
- Direct costs related to recovery after an attack
- Indirect costs and productivity losses caused by shutdowns or disruptions
- The potential negative impact on your business’s reputation
- Possible compliance penalties, depending on your business’s regulatory requirements
The costs and consequences of a cyber attack can be serious and expensive. Avoid them by planning ahead.
How to Implement a Proactive Cyber Security Strategy
If you’ve been lucky enough to avoid the issue until now, don’t take your good fortune for granted. Instead, consider taking the following steps:
Optimize Your Current Systems
If you use Office 365 already, the good news is that you’re already about 70% of the way to full protection – all that may be needed is updating your configurations and licenses. Even better, since Defender lives in the same ecosystem, you can use your existing usernames and passwords, as well as your current organizational structure. Generally speaking, this is a much easier path than purchasing third-party tools and setting them up as standalone services.
It’s important to note that, although Microsoft wasn’t considered a secure platform for a long time, the company has heavily invested in security in recent years. In fact, it’s now considered a leader in five Gartner Magic Quadrants, meaning it’s a solution you can trust for your company’s security needs.
Find Endpoints and Possible Attack Vectors
The increase in cyber attacks and their severity, vulnerabilities in software applications and networks, and operation by uninformed users makes layered security a smart approach.
Having multiple layers in place allows your company to limit the impact of attacks that do occur. For example, your first layer of protection may be using anti-phishing tools to minimize the risk of email-based attacks. But what if something happens to get through? If a virus makes it through your email filter, your workstations should then have anti-virus programs running to identify and eliminate these issues.
Patching servers should represent another layer of protection in your security stack. Take the time to identify all of the servers, workstations and endpoints in your business; then, put a plan in place to ensure they’re patched and updated regularly.
Invest in User Education
Unfortunately, it’s estimated that human error accounts for up to 60% of all security breaches that occur. There’s only so much you can protect against and prevent with technical solutions. The other half of the equation is ensuring your end users are educated on cyber security best practices – and that they understand what they should and should not do.
One of the most common ways individuals are tricked into providing sensitive information is through spoofing attacks, in which emails are made to appear as if they’re coming from legitimate contacts. The emails may ask recipients to provide sensitive information or execute financial transactions – which the recipients do, believing that they’re responding to a trusted relation.
There’s no tech solution that can prevent your users from responding to these requests in good faith. Instead, you have to teach them how to recognize these spoofing attacks and avoid them to prevent compromising your network.
Additional best practices to incorporate to prevent your users from falling victim to these malicious attacks include:
- Investing in ongoing training; for example, on a monthly or bi-monthly basis
- Sending out regular reminders and examples of spoofing emails and attacks
- Keeping employees aware of changes that IT is making in the network and system, including the value of these actions
- Training users on the specific security risks associated with remote work
When It Comes to Security, Think Proactive (Not Reactive)
Ultimately, there’s no way to prevent hackers and other nefarious individuals from targeting your business. But by taking the time to create and implement a proactive security strategy, you limit the odds you’ll need to undertake more costly reactive steps in the wake of a cyber attack.
If you have any questions about the steps described above or how they apply to your business, reach out to the CloudServus team for a discussion. We’re standing by to help strengthen your Microsoft solutions and protect your systems from cyber attacks.