When Russia invaded Ukraine in early 2022, the term ‘cyber warfare’ saw a major spike on search engines. We’ve often written about cyberattacks and criminal cyber activity, but cyber warfare? That’s in a league all its own.
Organizations we used to trust, like AO Kaspersky Lab, a Moscow-based cybersecurity firm and creator of a popular antivirus software, are being added to a national security threat list by the Federal Communications Commission (FCC). Implementing security measures to protect your business is more important than ever.
What is Cyber Warfare?
If you find yourself wondering what cyber warfare is, you’re certainly not alone. Cyber warfare is a strategic cyberattack that targets a state or organization. We’re talking about digital espionage and activity aimed at government or business infrastructure.
Do we need to be on high alert for criminal cyber activity?
Yes. We need to be on the alert, but it’s not time to panic. It’s the difference between walking in the dark with your face buried in your phone or with your head on a swivel, minding your surroundings. We’re not saying you need to start preparing your business for doomsday, but you should absolutely start taking strategic steps to empower your team to help protect your business.
- Strong Passwords with 2 FA
It’s no longer a suggestion in many respects – it’s a requirement for many organizations, for good reason. We can’t stress this enough. Embrace password best practices today. Encourage employees to create complex passwords that mix upper and lowercase letters, numbers and symbols – and are long. Use two-factor authentication whenever possible. We know it is difficult to keep up with frequent password changes, but the minor inconvenience is worth the cost of trying to recover after a security breach. Is managing passwords a pain in the rear? Yes. Is the additional work worth it? Absolutely.
- Identity & Access Management
Managing access is a complex job. It’s a lot of work to manage, but if access is like the wild wild west, your business is an easier target for bad actors. What happens when someone transfers departments or leaves the company? Do you have a process to address access needs in these situations? Involta’s recommendation? Designate an owner for access management, and empower that person to perform entitlement reviews to ensure only appropriate and necessary access is granted.
Scams aren’t just obvious emails from “Nigerian princes” anymore. It could look like a request from your boss or a harmless link from a supposedly trustworthy source. You’ve got to look closer because bad actors are getting savvier. Look for nuances in the email address and notice phrases that don’t quite sound right. Text message scams and robocalls are also on the rise – and they’re almost always fraudulent requests for aid or donations. The days of blindly answering your phone are over. If you’re not 100% sure who sent the link, do not click it. If you don’t know the number calling you, let it go to voicemail. There’s no shame in screening calls these days!
- Disaster Recovery
Formal disaster recovery plans should include contingencies for cyber attacks. We highly recommend thinking through how to prepare for and respond to cyber attacks in your disaster recovery planning. How can you instill best practices across remote and in-office teams? How can you secure remote environments? What will you do if your networks are down for hours, days or weeks? Which staff members are critical to operations? How will you keep your team connected and secure in an outage or emergency? As the questions start piling up, consider working with an IT service provider that can help you craft not only a disaster recovery plan, but an incident response plan, that works for your business.
60 percent of small companies go out of business within six months of falling victim to a data breach or cyber attack. That’s a staggering statistic. If you’re not backing up your environment already, start now. This is one of the most critical things you can do to protect your business. If your environment is compromised, you’ll save literal millions if your files and data are backed up properly and easily accessible. Could your business withstand a day without access? A week?
- Lead with Security
Even if you have all the right disaster recovery and backup strategies in place, all it takes is one click on a malicious email to put your company at risk. Without buy-in from the entire company, your business will still be vulnerable. Embracing a security culture throughout the entire organization is critical. When everyone from leadership to interns operates with a security-first mentality, all your efforts to protect your company will be multiplied. When your whole team is working toward the same goal of improved security, the needle will move faster. It’s easier to do the right thing when everyone else is doing it, too.
Take security and password protection seriously. If you see something, say something. Use password managers and generators to help reduce the need for memorization and to help create strong passwords. Develop an incident response plan. Back up your data. Paying attention will pay off.
Not sure where to start? We can help. If you’re ready to take the next step to protect your company, schedule a consultation with Involta. We look forward to helping prepare your business for anything.