Russia’s continued, weeklong invasion of Ukraine has altered the landscape of cybersecurity threats facing organizations both near and far from the physical threat of war.
Disinformation is spreading and being actively fought. The old hacker group Anonymous promised “cyber war” against Russia. One ransomware group swore to launch retaliatory attacks for any harm brought to Russia’s critical infrastructure (and then subsequently had to stanch the informational bleeding caused by an insider’s leak campaign). And external government-sponsored threat actors are still continuing their own campaigns against Africa, Asia, Europe, and North America.
The crossfire of these international cyber offensives can, regrettably, catch ordinary small- to medium-sized businesses (SMBs) in the middle. Here are four cybersecurity best practices that SMBs can adopt today to protect their businesses, employees, devices, and networks in this continually evolving crisis.
1. Lock down your public-facing networks and beef up internal security
Cybersecurity’s history of its most devastating attacks involves many stories of basic lapses in judgment—unprotected Remote Desktop Protocol (RDP) ports, elevated access privileges for far too many employees, unpatched vulnerabilities, and lacking multi-factor authentication.
These are simple errors that, with the right prioritization, can be solved. According to the most recent advice from the US Cybersecurity and Infrastructure Security Agency (CISA), all companies, including SMBs, should commit to the following:
- Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
- Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
- Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
With these practices, many of the most common types of cyberattacks can be prevented. For more information on how to detect cyber breaches as they happen, and to prepare on how to respond to such an attack when it happens, you can read CISA’s “Shields Up” guidance on staying cybersecure during Russia’s attacks against Ukraine.
2. Audit access privileges and clean up old account credentials
Similar to how any SMB should be ensuring that any remote access to their networks is protected with multi-factor authentication, SMBs should also audit which of their employees have access privileges to which systems and resources. Too often, employees who do not need access to high-level, sensitive controls are given blanket access to their entire company. All it takes for an attacker to get in, then, is for any of those employees to slip up in, say, a phishing scam.
Take the time to audit who has access to what parts of the company, and whether they actually need it. Also, be sure to clean up any old user accounts from ex-employees. Such accounts should be deactivated.
3. Stay vigilant of phishing scams
Much like how online scammers leveraged the global COVID-19 pandemic in its earliest days to swindle people out of their money, the crisis in Ukraine will likely lead to bogus pleas for charity donations that, in truth, could end up in a cyberthief’s hands.
SMBs should remind their employees about phishing threats and, if possible, send an updated notice about phishing attempts specifically related to Russia’s invasion of Ukraine.
The same rules for spotting phishing emails still apply: Be wary of any unexpected requests for personal information, hover over URL links to ensure they’re legitimate, double-check the sender’s own email address, avoid opening email attachments from unknown senders, and scan any message for spelling and grammar mistakes.
But as we’ll explain in our next cybersecurity best practice, if an SMB has not pushed out any phishing training in its organization, now is not the time to roll out a new training module.
4. Do not roll out brand new, untested cybersecurity measures
The cybersecurity priorities for SMBs right now are securing the tools and programs that they currently use—not adding new ones, and new complexity, to the mix. This work takes time and caution, as even a small business could be in control of hundreds of endpoints each with dozens of software tools that each have their own reams of account credentials, both current and out-of-date.
While a new, fancy tool may sound promising in bolstering your cybersecurity, what it could actually add is a headache for your IT professionals.
As the cybersecurity landscape continues to change, IT professionals inside SMBs should not have to split their time with yet another project to manage. Give them the time—and the authority—to raise red flag issues with your C-suite and to fix any problems that they find today without having to worry about new ones tomorrow.
The post Four SMB cybersecurity practices during geopolitical upheaval appeared first on Malwarebytes Labs.