Are users ready? One of the most common infection vectors is via the end-user and phishing/vishing campaigns are getting more sophisticated every year. You can utilise free training material from the NCSC to train your users and raise awareness. What’s great about this service is it includes a user quiz and can be loaded into your own SCORM solution if you have one.
Google also make content available for free on YouTube.
Once you have established some end-user training, deliver your own red team campaigns to test your users and your blue team. SQA can provide a full suite of red team activities to assist with your training and assurance requirement. Read our article series on all the information security coloured teams at Cyber Security Index
Backup, then back up again!
A whole blog series could be written around the best practices for backups but the takeaway here is that you need to balance the time to recover with the risk of having your backups close to your original data. The ideal solution is to back up your files locally and then ship them off somewhere not even you can delete them. An attacker cannot delete backups that are not connected to the network. Big business typically uses tape backups to achieve “cold storage”, but some cloud providers now offer “immutable” storage. As a good middle ground, you should ensure your backup infrastructure does not share credentials with production and has some of the most secure controls.
Control where your data is stored
Backing up everything is often impossible, and always impractical and expensive. Use technical controls and user training to ensure your important data is stored somewhere centrally auditable, easy to backup, encrypted and also available to everyone who needs it. With today’s distributed workforce, bandwidth-hungry cloud services such as Sharepoint Online and OneDrive are surging in popularity. In this series of articles, we shall release our own bespoke OneDrive and Sharepoint file inventory scripts and Kibana dashboards so you can gain visibility into your services.
Review your exposure
We are seeing a shift in focus from email delivered ransomware to the more lucrative server attacks, targeting weak infrastructure. A Ransomware audit from SQA Consulting, or a Cyber Essentials audit, will test your organisation against the most common issues and recommend simple, easy to implement mitigations. Want a quick assessment, here is a free service that will scan your IP to see what ports you have open to your firewall. Ideally, it should all be “Timed-Out”. https://www.whatsmyip.org/port-scanner/server/ and https://www.whatsmyip.org/port-scanner/apps/.
Protect the perimeter
Never expose management services to the internet, use a VPN solution to ensure only authorised entities can get access. A simple solution like ZeroTier can provide a free, scalable VPN solution for small business whilst larger businesses can benefit from the additional features of commercial offerings. You can also defeat the majority of attacks, or at the very least be alerted to them much earlier, with a capable business firewall performing next-generation capabilities at the perimeter. Modern firewalls from Palo Alto, Fortinet and other vendors can perform Anti-Virus scans on traffic as it comes from the internet, killing multi-staged malware before it even gets through the door.
By ensuring your blue team has been trained in readiness for an incident, you can be assured that you will respond more quickly and with fewer mistakes. It is also important to ensure that you are utilising the security features of your existing products, such as Office365 and all the components that compromise the typical enterprise, to drive out near real-time alerting for suspicious activity.
Proactive risk mitigation is a complicated topic, but it is worth investing time now to prevent and mitigate future security incidents. SQA can assist in all parts of this process, from discovery through to technical implementation, business process modelling to digital transformation.
What can SQA Consulting do for you?
Do you have an ongoing incident? SQA Consulting can rapidly mobilise an on-site team to contain and eradicate the threat, minimising impact and protecting data. Our analysts can dig into that malware, looking for any weaknesses you can exploit to recover your data.
Not been hit? It is often only a matter of time until your business is disrupted. Book your ransomware readiness audit now to have our team assess your risk against industry recognised frameworks. By being prepared, you can be assured that you will not only minimise data loss but also prepare the path for the quickest possible recovery and minimal disruption to your business, staff and customers.
Contact SQA Consulting for further information on:
- Reducing the likelihood of an attack
- Mitigating the impact of a successful attack
- Significantly reducing the time to recovery