The current Russia-Ukraine crisis is unprecedented. One aspect of the current crisis is the very real concern around increased cyberattacks on an unprecedented scale.
The concern is reasonable: there’s simply no way to know what’s going to happen next. And the concern stems not just from nation-state actors and their proxies: cybercriminals, hacktivists, and vandals also thrive in times of chaos and uncertainty like this.
With all these unknown and unknowable cyber risks and threats swirling around, it’s understandable that people are worried and even afraid and not sure what to do.
The important thing to remember is that we do know what we can do to better protect ourselves during this crisis. These are the same things that we can and should be doing every day and during every crisis. We just need to remember them and act on them.
Focusing and executing on five specific, concrete areas of action can help you better protect yourself and your organization from attacks during this time of increased uncertainty:
- Alert and educate your users about the increased risks
- Update systems, mobile, IoT and network devices and apps
- Run and update security software
- Secure remote access accounts and devices
- Make and verify backups
Alert and educate your users about the increased risks
User education is always a key part of any cybersecurity program. People form the last defense against attack. With all that’s going on, many people may not be thinking about the increased cybersecurity risk and their role in helping to protect themselves and their organization. Help people understand we’re in a time of increased risk and that they need to exercise even more caution than usual against phishing, malicious links and attachments.
Update systems, mobile, IoT and network devices and apps
Keeping systems up to date with patches against vulnerabilities is always important but right now even more so. While people have gotten used to updating their mobile devices and computers using automatic updates, it’s important to also remember to update IoT devices, routers and remote access software and devices. Make it a priority to ensure that you’re updating everything, not just mobile devices and computers.
Run and update security software
Having security software on all your endpoints is important to provide protection against attacks. Out-of-date or misconfigured security software however not only fails to protect but can give a false sense of security. Take time to ensure that you not only have security software in place but that’s it’s fully up-to-date and configured properly. Take the time to verify you’ve got automatic updates working on your security software either by logging into it or through the management console.
Secure remote access accounts and devices
Lately, we’ve seen ransomware and more sophisticated attacks carried out successfully by using remote access to access the target network. This problem has become more serious since the pandemic began and remote access became more common. Two specific things that you should do to better protect your organization against these kinds of attacks is to make sure that your remote access devices and software are up-to-date, and that only valid accounts have remote access capabilities. If you’re not using multi-factor authentication (MFA) to protect your remote access you should look at implementing that as soon as possible as well.
Make and verify backups
Good, reliable, usable backups are your parachute and safety net rolled into one. Having good, reliable, usable backups can help you recover from ransomware and major cyberattacks. They can also help you recover from physical threats like natural or human made disasters. But backups only work if the backups are done correctly and can be restored. Take time to ensure that not only do you have a good backup strategy in place, including storing backups off-site, but that you can successfully restore from those backups quickly and effectively. A good rule of thumb is the “3-2-1 Rule”:
- 3 copies of your backups, including the one you’re using now
- 2 different storage locations for those backups
- 1 of which is offsite/offline
