Tips for Comprehensive Cyber Coverage

I think 90% of companies couldn't pull their own plug.  Here are some ideas... ICYMI, Co-op avoided a more severe cyber attack by disconnecting its own network and choosing a self-imposed short-term disruption to prevent a longer-term one caused by criminals. We've all read stories about that "critical moment at 2 AM" when some security leader has to make the call to take the entire company offline to apply a digital tourniquet. But how many companies could "pull the plug" even if they wanted to? The interconnected "plugs" are all virtual in today's IT landscape. And what else do you need to do quickly when faced with impending cyber doom? Here are some quick tips to ponder: 1⃣ Practice "pulling the plug" as a part of your BCDR preparedness. • What is the business disruption impact? • How do you notify users? • Can you still log in? • How are customers affected? • What middleware comms will function? • Do you need out-of-band comms? 2⃣ Consider using access control instead of a full disconnect. • Can you block all egress or ingress with a few firewall or router rules? • What about SaaS and cloud? • Could you push some ready-to-go emergency endpoint hardening rules instantly (assume your endpoint management/orchestration platform is not compromised, and if it was, you could switch to a backup method, such as using EDR command & control). 3⃣ Think about identity - lots of ways to slow an attacker or prevent new login sessions using identity controls. • Would blocking all user logins except a few designated, safe logins all for a more limited disconnect? • Maybe you only need to block egress, or some egress. • Maybe you only need to block RDP and NetBIOS internally. • Do you have a trusted business-critical allowlist that could have precedence above an all-block rule?   • If yes, is the allowlist translated into discrete source/destination/protocol access policies that could be deployed quickly? 4⃣ Can you reset all privileged credentials quickly? • Most companies do this manually, but you need to be able to do it with push-button automation. • What if access was obtained via API keys? Can you reset API keys quickly? • What about currently active sessions? • What about SaaS and cloud? "Pulling the plug" is a lot more complicated than most realize until you start planning and practicing for scenarios that may require it. My message to all is not only to practice pulling the plug, but to define the different scenarios and degrees of emergency access changes to deploy so you can be more surgical and limit business impact. This list is just the tip of the iceberg. What am I missing? 

Does this work? Asking for a friend. While AV can play a role in defending an organization, it's only a part of a strong #cybersecurity program that utilizes a defense in depth methodology that implements other security measures like: 👉 Layered Security: Implement multiple layers of security controls and defenses to protect against different types of threats. This ensures that if one layer is compromised, others remain in place to provide protection. 👉 Physical Security: Secure physical access to facilities, including locks, surveillance systems, and access controls, to prevent unauthorized physical access to critical assets. 👉 Network Security: Use firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and network segmentation to protect the network infrastructure. 👉 Endpoint Security: Deploy antivirus software, endpoint detection and response (EDR) solutions, and ensure that all devices are regularly updated with security patches. 👉 Application Security: Implement secure coding practices, conduct regular security assessments, and use web application firewalls (WAFs) to protect applications from vulnerabilities and attacks. 👉 Data Security: Encrypt sensitive data both at rest and in transit, implement access controls, and regularly back up data to prevent data breaches and loss. 👉 Identity and Access Management (IAM): Use strong authentication methods, enforce least privilege access, and implement multi-factor authentication (MFA) to ensure secure access to systems and data. 👉 User Awareness Training: Educate employees about cybersecurity best practices, phishing attacks, and social engineering techniques to reduce the risk of human errors leading to security incidents. 👉 Incident Response: Develop and regularly test an incident response plan to quickly detect, respond to, and recover from security incidents.

As an SMB owner, you have a long list of trusted vendors, partners, and third-party services that keep your operations running smoothly.  But each connection is also a potential backdoor for hackers to sneak in and wreak havoc on your systems. Don't believe me?  Ask the folks at Target, who suffered a massive data breach in 2013 all because cybercriminals gained access through their HVAC vendor's credentials.  Or the countless small businesses that got hit hard when their cloud storage provider got hacked. You don't need to have the same experience. So here are my top 5 recommendations for SMB owners: 1. Do your due diligence on every vendor, partner, and third-party service you work with. Thoroughly vet their security practices, policies, and incident response plans before signing contracts. 2. Insist on robust security requirements and data protection clauses in your vendor contracts. Make sure they're held accountable for any security lapses or breaches on their end. 3. Implement strict access controls and segregate your networks. Only give vendors and partners the bare minimum access they need to do their jobs and keep their connections isolated from your most sensitive data and systems. 4. Monitor your vendors' security posture and any potential threats or incidents that could impact your business. Don't just assume they've got it covered – stay vigilant. 5. Have an incident response plan in place that accounts for supply chain breaches. Know exactly what steps to take and who to contact if one of your vendors gets compromised. Managing cyber risks can feel daunting, especially for SMBs. But, the consequences of ignoring these vulnerabilities could be catastrophic.  So, prioritize supply chain cybersecurity as much as you would for your internal systems.  A business is only as strong as the weakest link in its vendor ecosystem. 

📌 Understanding the Small Business Cybersecurity Landscape 📌 Small businesses are often targeted because they typically have fewer security measures in place compared to larger enterprises. It's crucial to understand that the risk of cyber attacks is real and that taking proactive steps can significantly reduce these risks. 🛡️ Basic Protection Measures 1. Software Updates: Regularly update your apps, web browsers, and operating systems to close security gaps. 2. Data Backup: Back up important files offline or in the cloud to prevent data loss from cyber incidents. 3. Strong Passwords & MFA: Use complex passwords and implement multi-factor authentication to enhance access security. 4. Secure Devices: Encrypt devices and restrict physical access to sensitive data. 🔐 Securing Your Network 1. Router Security: Change default router settings and use strong encryption protocols like WPA2 or WPA3. 2. Strong Password Policies: Ensure passwords are unique and difficult to guess, and never reuse them across different platforms. 3. Employee Training: Foster a security-aware culture by regularly updating employees on new threats and security practices. 📑 NIST Cybersecurity Framework Utilize the NIST Cybersecurity Framework to build a robust security posture through the steps of Identify, Protect, Detect, Respond, and Recover. This framework helps prioritize cybersecurity measures and allocate resources effectively. 💻 Protecting Against Common Threats 1. Phishing: Educate employees about recognizing and avoiding phishing attempts. Always verify the authenticity of unexpected emails or messages. 2. Ransomware: Regularly back up data and have a response plan in place. Consider the risks carefully before deciding to pay a ransom. 3. Physical Security: Secure physical access to sensitive data and devices to prevent unauthorized access and data breaches. 🚀 Moving Forward: By implementing these cybersecurity measures, small businesses can significantly reduce the risk of cyber threats and ensure they are prepared to respond effectively if an attack occurs. Stay informed and proactive to protect your business and customer data. 💡Educate yourself, stay vigilant, and share to strengthen our collective defense!🔒 📥 Download the PDF from the post. 📲 Mobile device: 🔹 Tap the book image 🔹 Tap the download icon on the upper right 💻 Desktop: 🔹 Mouse over the book icon 🔹 Click in the box on the lower right 🔹 Click the download icon on the upper right #Cybersecurity #SmallBusiness #CyberManDan