Categories
General Cyber and IT Security

Decoding Digital Dangers: Common Cybersecurity Threats Explained – Part 2

Security should be a lifestyle and not just a “To-Do” list. As a Cybersecurity Professional myself, I cannot preach enough about the importance of Layered Security. No matter how big or small your environment, remember that even David took down a GIANT with a slingshot and pebble. Threats in our industry are diverse and dangerous. Staying ahead of the curve is no walk in the park and that is why a series of this magnitude is important for proactive reasoning.

In the first installment, we briefly covered threats such as Phishing (BEC Attacks), Malware Attacks, and Insider Threats. In this second installment, we will dive into Ransomware Attacks, Distributed Denial of Service attacks, and Zero-Day Exploits.

4. Ransomware Attacks:

Ransomware involves the encryption of a victim’s data by an attacker, who then demands a ransom in exchange for the decryption key. The impact of ransomware attacks ranges from financial loss to severe disruption of operations. This form of attack is huge in critical sectors such as healthcare, finance, and government.

Motions to Mitigate:

Mitigation against Ransomware attacks can consist of:

· Endpoint Security: Install and regularly update endpoint security software to detect and prevent malicious software from running on a user’s device.

o Some popular Endpoint Detection and Response solutions include Microsoft Defender for Endpoint, VMware’s Carbon Black, and CrowdStrike Falcon Platform.

o If Endpoint Security is something your company is interested in implementing, SecurIT360 would love to assist you on this journey through our SOC services.

· User Behavior Analytics: Using user behavior analytics tools to identify deviations from normal user behavior can help detect compromised accounts more efficiently.

o This can be achieved through SecurIT360’s 24/7/365 security operations center, which provides real-time monitoring through utilization of MDR and EDR solutions.

· Disable Unnecessary Services: Disabling or restricting services and features that are not essential for business operations can prevent Ransomware from exploiting these services.

· Network Segmentation: Segmenting your network to isolate critical systems and data from the rest of the network can help contain the spreading of ransomware.

· Backup and Disaster Recovery: Regularly backing up critical data and systems to offline or secure locations is another helpful tip. Ensuring backups are not accessible from the network and testing data recovery procedures can go a long way when ensuring you can restore your systems in case of an attack.

· Patch and Update Software: Keeping operating systems, software, and applications up to date with the latest security patches will combat and address vulnerabilities that ransomware may exploit.

5. Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks:

DoS and DDoS attacks aim to make a network, service, or system unavailable to its intended users. This type of attack is aimed to hinder the “A”, availability, within the CIA (Confidentiality, Integrity, and Availability) triad. This is achieved by overwhelming the target with a flood of internet traffic that the target was not built to withstand. In a DDoS attack, the attacker uses multiple compromised computers (Botnets) as sources of traffic, making these attacks particularly challenging to mitigate.

Motions to Mitigate:

A few ways to mitigate this are by implementing Distributed Traffic Filtering, Content Delivery Networks, and Geographic Blocking in your environment. Other forms of DOS/DDOS mitigation consist of:

· IP Reputation Lists: Utilize IP reputation lists and databases to block known malicious IP addresses and networks. This should be updated quarterly due to the frequency of IPs switching hands or ISPs (Internet Service Providers).

o We know that this can become quite a task but our Security Operations Center can help relieve this pressure through our managed firewall services.

· Network and Server Redundancy: Build redundancy into your network and server infrastructure to ensure that a failure in one component does not result in a complete service outage.

· Intrusion Prevention Systems (IPS)/Intrusion Detection Systems (IDS): Deploy IPS solutions to detect and block malicious traffic and behavior at the network level.

o The SecurIT360 SOC Team can assist with detecting malicious activity through our MDR solutions and blocking known malicious with some of our other managed services (EDR, Managed Firewalls, etc).

· Black Hole Routing (BGP Sink holing): Configure your network to use black hole routing to discard malicious traffic. BGP sink-holing can redirect DDoS traffic to a “black hole” where it is discarded.

6. Zero-Day Exploits:

A zero-day exploit targets a software vulnerability that is unknown to the software’s developer. The term “zero-day” refers to the fact that the developer has zero days to fix the vulnerability once it becomes known. This method is one of the most dangerous to defend which is why organizations need to have a more proactive approach rather than reactive when regarding this subject.

Motions to Mitigate:

· Advanced Threat Detection Solutions: Deploy advanced threat detection solutions that can identify zero-day attacks based on abnormal behavior and anomaly detection.

· Application Security Testing: Conduct regular security assessments, including penetration testing, to identify and address potential weaknesses in your applications and systems.

o If a Pentest is something your organization is interested in having conducted, contact SecurIT360’s Offsec Department to set up an engagement.

· Behavior-Based Analysis: Employ behavior-based analysis tools that can detect unusual or malicious behavior on endpoints and networks. Zero-day exploits often exhibit abnormal patterns.

o This can fall under the umbrella of EDR services. Detecting User/Behavior-Based Analytics to determine your environment’s baseline behaviors in comparison to anomalies is something SecurIT360’s SOC works with daily.

· Threat Intelligence Sharing: Participate in threat intelligence sharing communities and organizations to stay informed about the latest threats, including zero-day vulnerabilities.

· Sandboxing: Use sandboxing techniques to run potentially risky or untrusted code in an isolated environment, preventing it from affecting the rest of the system.

· Vulnerability Management: Proactively discover and mitigate weaknesses in your systems before attackers can exploit them. This includes software, hardware, and even human behaviors.

o SecurIT360’s ISSO department specializes in internal scan assessments.

o SecurIT360’s Security Operations Center services include External Scan Assessments monthly or per request.

As you can see, there are many threats in our industry and the need for persistent protection is constant. My goal for this second installment was to provide easily digestible information on some common threats Cybersecurity Professionals like myself witness on a day to day.

If you have enjoyed this second installment of the Decoding Digital Dangers: Common Cybersecurity Threats Explained series, be sure to go back and check out Part 1 as well.

Additionally, If your company needs expert cyber security and IT services for ongoing risk management and operational excellence, such as SOC services, please contact us here at SecurIT360 to be of assistance: Contact – SecurIT360.

Categories
General Cyber and IT Security

Decoding Digital Dangers: Common Cybersecurity Threats Explained – Part 1

Have you heard the phrase “Don’t bring a knife to a gunfight”? Well, this phrase holds the same truth within the realms of modern cybersecurity. There are a wide range of dangers in our industry and one must know what they are, to properly prepare for the battle against these. The sheer volume of these risks alone should emphasize how critical it is to comprehend them while also developing mitigation solutions.

One might ask, well what are a few common threats that we as cybersecurity professionals should look out for in this constantly changing digital environment? This series was created to highlight just that. In this first installment, we will cover Phishing (BEC Attacks), Malware Attacks, and Insider Threats.

  1. Phishing Attacks:

Phishing attacks are the most common form of cybersecurity threats. This is where an attacker masquerades as a legitimate entity to “reel” victims into revealing sensitive data such as usernames, passwords, and credit card information. Phishing attacks often take the form of emails, website pop-ups, or text messages. Which stresses the importance of always verifying that you are communicating with whom the entity states they are.

Once a successful Phishing Attack has occurred this can lead to a Business Email Compromise or BEC for short. As Cybersecurity professionals we must empower ourselves against BECs. Implementing the following recommended strategies can assist in strengthening your cybersecurity posture:

Motions to Mitigate:

A few ways to stay proactive against Phishing attempts are:

  • User Education and Training: Provide regular cybersecurity training and awareness programs to educate users about the risks of phishing.
    • The SecurIT360 SOC Team can assist with this through our KnowBe4 managed services. Through this service, we can set up Phishing Simulations along with Awareness Training.
  • Email Filtering and Authentication: Implement email filtering solutions to block or flag potential phishing emails before they reach users. Configure email authentication protocols like DMARC (Domain-based Message Authentication, Reporting, and Conformance) to verify the authenticity of incoming emails.
  • Multi-Factor Authentication (MFA): Enforce MFA for email and other critical accounts. Even if a phishing attack results in stolen credentials, MFA can provide an additional layer of security.
    • SIEM and MDR services can even help to identify and respond to suspicious MFA activity. These services can collect and analyze logs from a variety of sources, including MFA devices, applications, and servers. This data can be used to identify patterns of behavior that may indicate an attack, such as MFA Bombing, logins sourced from known malicious IPs, and logins originating from non-approved countries.
    •  As a SecurIT360 SOC MDR client, we can add this particular log source type in our SIEM solution to best accommodate your environment’s real-time monitoring.
  • Phishing Simulations: Conduct phishing simulations and tests within your organization to assess user awareness and response. Use the results to tailor training and awareness efforts.

Additional helpful articles for improving awareness of BEC attacks/Phishing:

  1. Malware Attacks: 

Malware, short for malicious software, refers to any software designed to damage or disrupt a computer system. Types of malware include viruses, worms, Trojans, spyware, and adware. Malware attacks typically involve the installation of this malicious software onto a victim’s device without their knowledge, leading to data loss or theft. Another way Malware can be downloaded unknowingly is by clicking unfamiliar links such as from a Phishing email. This illustrates how some of these attacks can be combined to get what the Threat Actor is after.

Motions to Mitigate:

Malware can be a pest but implementing the following can assist in reducing the appearance in your environment:

  • Application Whitelisting: Implement application whitelisting, which allows only authorized and known applications to run on endpoints. This can prevent unapproved applications, including malware, from executing.
  • Network Monitoring and Alerting: Implementing network monitoring tools to detect unusual network traffic and behaviors that may indicate a malware infection can be helpful.
    • The SecurIT360 SOC Team can assist with this through our 24/7/365 operations of real-time monitoring and utilization of MDR and EDR solutions.
      • Through our EDR services, we can detect User Behavior Analytics to assist with determining baseline behaviors in comparison to anomalies.
  1. Insider Threats: 

Insider threats involve cybersecurity threats that originate from within an organization. These can be intentional – for instance, a disgruntled employee causing harm – or unintentional, such as an employee unknowingly clicking on a phishing link or accidentally uploading sensitive login credentials of your company’s own infrastructure on a site like GitHub (In reference to: https://www.vice.com/en/article/m7gb43/microsoft-employees-exposed-login-credentials-azure-github

Motions to Mitigate:

  • Least Privilege Access: Limit user and system access to only the resources and data required for their tasks. This principle minimizes the potential impact of a ransomware infection.
    • A great way to test your current Access Controls is by performing a Pentest. It is recommended to get a Penetration Test done once to twice a year at a minimum. If a Pentest is something your organization is interested in having conducted, contact SecurIT360’s Offsec Department to set up an engagement.
  • Data Loss Prevention (DLP): Use DLP solutions to monitor and prevent the unauthorized transfer or leakage of sensitive data. This can help prevent both accidental and intentional data breaches.
  • Secure Offboarding: Ensure that when employees leave the organization, their access is immediately revoked. This includes disabling accounts, collecting company-owned devices, and updating access control lists.
  • Data Access Auditing: Implement auditing and logging for data access to track who accessed sensitive data and when.
  • Secure Mobile Device Management (MDM): Manage and secure mobile devices that employees use for work, including the ability to remotely wipe devices in case of loss or theft.

All mitigation strategies require a comprehensive approach that includes a combination of technology, user education, and proactive security measures. By implementing these practices, your organization can significantly reduce its vulnerabilities and minimize potential damage.

One takeaway is the mantra of the “12 P’s”:

“Positive Proper Preparation Prevents Piss Poor Performance; Piss Poor Performance Promotes Pain” and we don’t want your organization to experience the pain of improper preparation.

Understanding the common cybersecurity threats listed in this first installment is the initial step toward strengthening your cybersecurity defenses. Your organization’s defenses should mimic that of an Onion. An onion has many layers to it and your defense should follow this same blueprint. We recommend investing in regular staff training and maintaining a culture of cybersecurity awareness to protect against these threats along with utilizing robust cybersecurity solutions. For instance, utilizing a Cybersecurity Framework could be essential to your business long term.

To get more information on implementing the best Cybersecurity Framework for your environment, check out: The Building Blocks of Cyber Defense: Why Your Business Needs a Cybersecurity Framework – SecurIT360

If your company needs expert cyber security and IT services for ongoing risk management and operational excellence, such as SOC services, please contact us here at SecurIT360 to be of assistance: Contact – SecurIT360.

Additionally, be sure to be on the lookout for the second installment of this Decoding Digital Dangers: Common Cybersecurity Threats Explained series releasing in the coming weeks.

Categories
General Cyber and IT Security

New Techniques Threat Actors Are Using To Steal Your Secrets

In a digital era where information is vital, understanding the new techniques that threat actors are using to steal your secrets is critical. As technological advancements surge forward, so do the methods employed by malicious agents seeking to exploit those technologies for their gain. Let’s explore these techniques to equip ourselves with knowledge that will serve as our first line of defense against these threat actors.

The Emergence of Deepfake Technology

In the realm of cybersecurity, the emergence of deepfake technology poses a significant and growing threat. Deepfakes, powered by artificial intelligence, allow threat actors to create realistic, manipulated content that can deceive individuals and organizations alike. With sophisticated AI algorithms, they can create incredibly realistic video and audio content, impersonating individuals to bypass security measures, manipulate public opinion, or commit fraud.

Deepfakes open new avenues for social engineering attacks. Threat actors can use manipulated videos or audio recordings to impersonate trusted figures, such as CEOs or government officials, leading to misinformation, reputational damage, or even financial loss. The ability to create realistic content makes it challenging for individuals to discern between authentic and manipulated information.

Deepfake technology can be utilized in business email compromise attacks where threat actors impersonate high-ranking executives or colleagues. Additionally, voice phishing (vishing) attacks can leverage deepfake-generated voices to trick individuals into divulging sensitive information over the phone. The combination of realistic voices and manipulated content enhances the success rate of such attacks.

Rise of Cryptojacking

Cryptojacking has rapidly gained momentum as a preferred technique of many cyber criminals. Cryptojacking is a form of cyber-attack where malicious actors hijack computing resources, such as computers, servers, or mobile devices, to mine cryptocurrencies. Unlike traditional cyber-attacks that focus on data theft or ransom, cryptojacking operates in the background, leveraging the victim’s processing power to mine digital currencies.

Threat actors employ various methods to deliver cryptojacking payloads. This can include malicious websites that run in-browser mining scripts, phishing emails with infected attachments, or exploiting vulnerabilities in software and hardware. Once executed, the cryptojacking code operates quietly, siphoning off computing resources to mine cryptocurrencies without the user’s awareness. In recent years, threat actors have organized cryptojacking campaigns using botnets—networks of compromised devices under the control of a single entity. These large-scale operations enable attackers to amass significant mining power, intensifying the impact on targeted systems.

Cloudjacking

As organizations transition their data and operations to the cloud, a new form of attack has taken center stage – Cloudjacking. Threat actors exploit inadequately secured cloud configurations to gain unauthorized access to data, disrupt services, or even hold the data hostage for ransom. Given the sensitive nature of the information usually stored in the cloud, this technique poses a severe threat to businesses and individuals alike.

Cloudjacking attacks can be mitigated in several ways.

  • Implement Robust Access Controls: Organizations should enforce strong authentication mechanisms, regularly review, update access permissions, and adopt the principle of least privilege.
  • Regular Security Audits: Conducting regular security audits and vulnerability assessments of cloud environments can help identify and address potential weaknesses before they are exploited.
  • Implement Multi-Factor Authentication (MFA): Implementing MFA on cloud resources can help to prevent most attacks by threat actors to access a business cloud environment.
  • Educate and Train Personnel: Employee awareness and training programs are crucial for preventing phishing attacks and ensuring that cloud security best practices are followed.

The Growing Threat of Ransomware

Ransomware is a type of malicious software designed to encrypt files or systems, rendering them inaccessible. The attackers then demand a ransom, usually in cryptocurrency, in exchange for providing the decryption key. This digital extortion tactic has become increasingly sophisticated, with ransomware attacks evolving in both scale and complexity. Today’s iterations of ransomware are becoming more potent, with threat actors increasingly targeting large organizations and critical infrastructure. The potential for massive disruption and financial gain ensures that ransomware remains a popular method for stealing secrets and causing havoc. Best practices to mitigate ransomware include:

  • Regularly backing up critical data and ensuring that backups are stored securely and can be quickly restored in the event of an attack.
  • Educating employees about phishing threats, social engineering tactics, and the importance of maintaining a vigilant cybersecurity posture.
  • Keeping software, operating systems, and security solutions up-to-date to address vulnerabilities that could be exploited by ransomware.
  • Implementing network segmentation to limit the lateral movement of ransomware within a network, preventing widespread damage.

Defending Against These Threats

Understanding these techniques is only the first step; defending against these threats is the next. It requires implementing robust cybersecurity measures, including secure cloud configurations, multi-factor authentication, data encryption, regular system updates, and comprehensive employee training programs. Being proactive rather than reactive in cybersecurity is paramount to securing your secrets in the digital landscape.

Categories
General Cyber and IT Security

The Critical Role of Cyber Threat Intelligence for SMBs

Hello, savvy business owners and entrepreneurs!  Let’s cut to the chase: cybersecurity isn’t just a buzzword; it’s a necessity. And while you might be doing the basics like firewalls and endpoint security software, there’s a hidden gem you’re likely missing out on: Cyber Threat Intelligence (CTI). 

What is CTI and Why Should You Care? 

Imagine CTI as your business’s personal meteorologist, but for cyber threats. It’s not just about telling you it’s going to rain; it gives you the exact time, the severity, and even what kind of umbrella to use. Here’s the breakdown: 

  • Reduce the Noise: CTI is like a museum curator for your cybersecurity, carefully selecting the most relevant information and discarding the noise.  This allows you to focus your time on the threats that matter. 
  • Navigation Assistance: Imagine CTI as your ship’s captain, steering you through the treacherous waters of cyber threats and ensuring you reach your destination safely.  Don’t let decision fatigue set in, know where you’re heading.   
  • Be Proactive: CTI serves as your watchtower, giving you a bird’s-eye view of the cyber landscape and alerting you to any approaching dangers.  With this knowledge you can be proactive before it’s too late. 

The SMB Dilemma: Size Doesn’t Matter to Cybercriminals 

One of the biggest myths in the cybersecurity world is that small to medium-sized businesses (SMBs) are too insignificant to be targeted. Wrong. Cybercriminals are opportunists; they go for easy targets. Without CTI, you’re essentially putting a “Kick Me” sign on your business. 

Statistics: Cyber Attacks on SMBs 

Nearly 43% of cyberattacks are on small businesses, with most unprepared to face such an attack. Over the past twelve months, there has been a spike in attacks against SMBs. The trend is only continuing and evolving. CTI reduces cyber risk, allowing businesses to identify potential attacks and apply countermeasures. 

The ROI of CTI: An Investment, Not a Cost 

Let’s talk about numbers. A single cyber-attack can cost an SMB thousands, if not millions, in damages, not to mention the loss of customer trust. CTI is your insurance policy. It helps you allocate your limited resources where they’re needed most, giving you the best bang for your buck. 

The Future is Now: AI and CTI 

The world of CTI is evolving at warp speed, thanks to advancements in AI and machine learning. These technologies are making CTI more accurate, faster, and incredibly efficient. It’s not science fiction; it’s your new reality. 

Your Next Steps: We’ve Got Your Back 

Here at SecurIT360, we’re not just another cybersecurity company. We’re your cybersecurity partners. We offer several services including but not limited to 24/7 SOC monitoring, incident response, compliance assessments, customized program and policy development, pen testing and vulnerability management to fit your unique needs. 

If you’re already using one of our Managed SOC services, then our Threat Intelligence team is already working alongside you. 

And because we believe knowledge is power, we’ve got a free threat intelligence newsletter that’s like a weekly cybersecurity masterclass. It’s actionable, it’s insightful, and it’s free.  Subscribe here 

Ready to make cybersecurity your strength, not your weakness? Contact us today and let’s build a safer, more secure digital future for your business. 

Categories
General Cyber and IT Security Uncategorized

Understanding DNSSEC and DNS Security

In our increasingly interconnected world, where the digital landscape expands every day, safeguarding our online presence has become vital. One fundamental yet often overlooked aspect of online security is Domain Name System (DNS) security. DNS is the backbone of the internet, responsible for translating domain names into IP addresses that computers can understand. To protect this system from threats, DNS security extensions (DNSSEC) plays a pivotal role.

How DNS Works

DNS Attacks

DNS spoofing and DNS cache poisoning are malicious techniques aimed at manipulating the Domain Name System (DNS) to redirect users to fraudulent websites or compromise network security. DNS spoofing involves forging DNS responses to trick a user’s device into believing it has received legitimate information when, in reality, it’s been directed to a malicious site. This can lead to various security breaches, including phishing attacks. On the other hand, DNS cache poisoning involves corrupting a DNS server’s cache with fraudulent data. Once the cache is poisoned, the server can distribute this tainted information to users, redirecting them to attacker-controlled websites. Both DNS spoofing and cache poisoning are serious threats to the integrity of the DNS infrastructure that highlight the importance of DNSSEC.

DNSSEC

DNSSEC is a suite of extensions to DNS that adds an extra layer of security by digitally signing DNS data. This verification process ensures that the data retrieved from DNS servers is authentic and hasn’t been tampered with by malicious actors. Here’s how it works:

  1. Signing Zone Data: DNSSEC involves signing zone data with cryptographic signatures. Each DNS record in a zone is signed using a private key.
  2. Public Key Distribution: The public key for each zone is published in a DNS record called the Delegation Signer (DS) record. This record is stored in the parent zone, creating a chain of trust. The public key is paired with a private key which is typically stored offline. This creates a digital signature which is published to DNS.
  3. Authentication: When a user’s device queries a DNS server for a domain, the server provides not only the requested data but also the corresponding digital signature. The user’s device uses the public key stored in the DS record to verify the signature’s authenticity.
  4. Validation: If the signature is valid, the DNSSEC client trusts the data it received, knowing it hasn’t been altered during transmission.

How DNSSEC Works:

Benefits of DNSSEC:

  1. Data Integrity: DNSSEC ensures that the DNS data remains unchanged, preventing attackers from redirecting users to malicious websites.
  2. Authentication: It guarantees that the data comes from a legitimate source, reducing the risk of DNS spoofing attacks.
  3. Trust Chain: By establishing a trust chain through DS records, DNSSEC enhances the security of the entire DNS hierarchy.

Challenges with DNSSEC:

While DNSSEC offers robust security, its adoption faces some challenges:

  1. Complex Implementation: DNSSEC implementation can be complex and may require significant effort. However, other DNS providers may offer to enable DNSSEC as part of your DNS package.
  2. Compatibility: Not all DNS servers and clients support DNSSEC, which can lead to compatibility issues.
  3. Key Management: Managing cryptographic keys can be challenging and requires careful consideration.
  4. Increased Packet Size: DNSSEC can result in larger DNS responses, which may impact network performance.

Other DNS Security Options:

DNSSEC is a cornerstone of DNS security, but several other extensions complement it:

  1. DNS-based Authentication of Named Entities (DANE): DANE allows domain owners to associate their TLS certificates with DNS records, improving the security of encrypted connections.
  2. Response Policy Zones (RPZ): RPZ enables DNS servers to block or redirect requests to known malicious domains.
  3. DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT): These protocols encrypt DNS traffic, preventing eavesdropping and manipulation.

In conclusion, DNSSEC is an essential component of our digital defense. DNSSEC provides a robust framework for ensuring the integrity and authenticity of DNS data. The benefits of a more secure and trustworthy internet make the adoption of DNS security extensions a worthy investment in our digital future.

 

Categories
General Cyber and IT Security

The Building Blocks of Cyber Defense: Why Your Business Needs a Cybersecurity Framework

Let’s talk about something that’s as essential to your business as a solid foundation is to a skyscraper: Cybersecurity Frameworks. Trust me, this is the blueprint you didn’t know you needed.

What’s a Cybersecurity Framework and Why It’s Your New BFF?

Think of a cybersecurity framework as your business’s recipe for Grandma’s secret sauce. It’s a step-by-step guide that helps you mix the right ingredients in the right order to cook up some top-notch cybersecurity.  A framework offers a common language that allows businesses to understand, manage, and reduce cybersecurity risks effectively.

  • The Universal Translator: Imagine you’re at a United Nations meeting, but for cybersecurity. A framework is the translator that helps everyone speak the same language, making sure you and your partners are on the same page.
  • The GPS for Your Cyber Journey: It’s like having a GPS that not only tells you how to get from point A to point B but also warns you about roadblocks and speed traps along the way.
  • The Health Checkup: Just like you’d go to a doctor for a health checkup, a cybersecurity framework gives your business a thorough examination to spot any weak points before they become major issues.

Popular Cybersecurity Frameworks  

 1. CIS Controls v8: The Center for Internet Security (CIS) Controls v8 provides a prioritized set of actions to help organizations defend against cyber threats. It is a flexible framework suitable for various industries, emphasizing a risk-based approach.

Industry Applicability: CIS Controls can be applied across various industries, making it a versatile choice. Whether you’re a small business or a large corporation, CIS Controls offers a strong cybersecurity foundation.

Why Choose CIS Controls: CIS Controls are known for their simplicity and effectiveness. They provide actionable steps that organizations can implement to strengthen their cybersecurity posture. Moreover, they are regularly updated to address emerging threats.

2. NIST CSF: The National Institute of Standards and Technology (NIST) Cybersecurity Framework offers guidelines for organizations to improve their cybersecurity posture. It’s especially relevant to critical infrastructure sectors.

Industry Applicability: Critical infrastructure sectors such as energy, healthcare, and finance find the NIST CSF particularly valuable due to its sector-specific adaptation.

Why Choose NIST CSF: NIST CSF is a comprehensive framework that aligns well with industry-specific regulations and standards. It helps organizations identify, protect, detect, respond to, and recover from cybersecurity incidents, making it a holistic choice.

3. NIST 800-0171: NIST 800-0171 safeguards Controlled Unclassified Information (CUI) and is mandated for government contractors. It’s crucial for industries handling sensitive government data.

Industry Applicability: Government contractors, suppliers, and subcontractors dealing with CUI must adhere to NIST 800-171 to maintain government contracts.

Why Choose NIST 800-0171: If your business is involved in government contracting or collaborates with federal agencies, NIST 800-171 is a legal requirement. Implementing this framework ensures compliance and security in handling CUI.

4. CMMC Levels 1 and 2: The Cybersecurity Maturity Model Certification (CMMC) focuses on protecting Controlled Unclassified Information (CUI) within the defense industry supply chain.

Industry Applicability: Mandatory for defense industry contractors handling CUI, CMMC Levels 1 and 2 lay the foundation for robust cybersecurity in this sector.

Why Choose CMMC Levels 1 and 2: If your business is involved in defense contracts or part of the supply chain, compliance with CMMC Levels 1 and 2 is essential for contract eligibility. These levels provide fundamental cybersecurity controls.

5. NIST Security and Privacy Framework (NIST SSDF): NIST SSDF combines security and privacy considerations, helping organizations address both aspects simultaneously.

Industry Applicability: Suitable for organizations prioritizing privacy alongside security, particularly those handling sensitive personal information. Industries such as healthcare and finance benefit from this dual-focus framework.

Why Choose NIST SSDF: NIST SSDF simplifies the integration of security and privacy practices. This framework streamlines compliance efforts and protects customer data in an era of increasing data privacy regulations.

6. ISO 27001/2: ISO 27001 is a globally recognized information security management system (ISMS) standard. It applies to organizations of all sizes and industries.

Industry Applicability: ISO 27001 is versatile and can be implemented by any organization seeking a comprehensive cybersecurity framework. It is often chosen by multinational corporations and organizations seeking a universally recognized certification.

Why Choose ISO 27001: ISO 27001 is renowned for its global recognition and flexibility. It allows organizations to customize their security controls to meet their needs while adhering to international best practices.

7. SOC2: Service Organization Control (SOC) 2 focuses on controls relevant to data security, availability, processing integrity, confidentiality, and customer data privacy.

Industry Applicability: Service providers, including cloud and SaaS companies, commonly adopt SOC 2 to assure clients of their security measures.

Why Choose SOC 2: SOC 2 is crucial for service providers as it builds customer trust. It demonstrates your commitment to protecting their data, making it a competitive advantage in the market.

8. GDPR: The General Data Protection Regulation (GDPR) is a European regulation that governs personal data protection. It applies to organizations processing EU citizens’ data.

Industry Applicability: Essential for organizations handling European customer data or operating in the EU. Industries such as e-commerce, marketing, and healthcare are particularly affected.

Why Choose GDPR: GDPR compliance is not optional if you handle EU data. Non-compliance can result in hefty fines. Implementing GDPR measures also enhances data protection and customer trust.

9. FTC Safeguards Rule: The Federal Trade Commission (FTC) Safeguards Rule applies to financial institutions and requires them to implement security measures to protect consumer information.

Industry Applicability: Financial institutions must adhere to the FTC Safeguards Rule to safeguard customer data.

Why Choose FTC Safeguards Rule: Compliance is a legal obligation for financial institutions. By implementing these safeguards, you meet regulatory requirements and safeguard your customers’ financial information.

10. SEC Compliance: SEC Compliance involves adhering to the Securities and Exchange Commission’s regulations, including cybersecurity disclosure requirements.

Industry Applicability: Essential for publicly traded companies subject to SEC regulations, primarily in the finance and investment sectors.

Why Choose SEC Compliance: SEC compliance ensures transparency and accountability in financial markets. It helps protect investors and maintain the integrity of financial systems.

11. Cyber Essentials: Cyber Essentials is a UK government-backed certification scheme focusing on fundamental cybersecurity practices.

Industry Applicability: Suitable for small to medium-sized businesses seeking a cost-effective cybersecurity framework.

Why Choose Cyber Essentials: If you’re a smaller organization with limited resources, Cyber Essentials offers a practical and affordable way to establish basic cybersecurity measures and build a strong foundation.

12. CCPA: The California Consumer Privacy Act (CCPA) aims to protect the privacy of California residents and applies to organizations handling their personal information.

Industry Applicability: Necessary for businesses dealing with California residents’ data, particularly in the tech and retail sectors.

Why Choose CCPA: CCPA compliance is crucial for companies with a California customer base. It demonstrates a commitment to respecting consumer privacy and avoids costly penalties.

13. HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) Security Rule applies to healthcare organizations handling protected health information (PHI).

Industry Applicability: Mandatory for healthcare providers and entities handling PHI.

Why Choose HIPAA Security: Compliance with HIPAA is a legal requirement and essential for safeguarding sensitive patient information. Non-compliance can result in severe penalties and damage to reputation.

14. PCI-DSS: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that organizations that accept, process, store, or transmit credit card information maintain a secure environment.

Industry Applicability: PCI DSS is particularly relevant to businesses in the retail, e-commerce, hospitality, and financial sectors that handle payment card data. It is essential for any organization that accepts credit card payments.

Why Choose PCI DSS: PCI DSS compliance is not just a best practice but often a contractual requirement enforced by credit card companies. Failure to comply can result in financial penalties and the loss of the ability to process credit card payments. Implementing PCI DSS measures protects sensitive customer data and enhances trust and credibility with customers.

Why You Can’t Afford to Skip This

Imagine you’re building a house. You wouldn’t start without a blueprint, right? Similarly, a cybersecurity framework is your blueprint for building a secure digital environment. It’s not just a nice-to-have; it’s a must-have. Here’s why:

  • Risk Mitigation: Operating without a framework is like driving without a GPS—you’re more likely to end up in a bad neighborhood. A framework helps you identify and prioritize risks, guiding you safely to your destination.
  • Trust Factor: In a world where data breaches make headlines, a recognized framework is your seal of approval. It tells your clients, partners, and stakeholders that you’re serious about security.
  • Regulatory Compliance: A framework is your roadmap to compliance, helping you avoid the pitfalls of hefty fines and legal troubles. It’s like having a lawyer in your pocket, guiding you through the complex legal landscape.
  • Competitive Edge: In a saturated market, a robust cybersecurity posture can set you apart. It’s like having a five-star safety rating in a world of three-star competitors.
  • Cost-Effective Prioritization: Frameworks enable you to allocate your limited resources wisely. It’s like having a financial advisor for your cybersecurity budget, ensuring you get the most bang for your buck.
  • Unified Communication: One of the key benefits of a framework is that it provides a common language for discussing cybersecurity issues. This enhances internal communication and can also improve your interactions with suppliers and partners.

So, a cybersecurity framework isn’t just a set of guidelines; it’s your strategic asset. It’s the VIP pass that not only gets you into the cybersecurity club but also helps you navigate it like a pro. 

Ready to Level Up Your Cybersecurity Game?

By adopting a framework, you’re not just ticking off a compliance checklist; you’re making a strategic business decision. It helps you cut through the noise, focus on what matters, and shows everyone that you’re a business that takes security seriously.

So, if you’re ready to take your cybersecurity to the next level, contact us and let us be your cybersecurity wingman. We offer several services including but not limited to 24/7 SOC monitoring, incident response, compliance assessments, customized program and policy development, pen testing and vulnerability management to fit your unique needs.

Categories
General Cyber and IT Security

Public Wi-Fi: The Double-Edged Sword of Connectivity and Cybersecurity

The appeal of free public Wi-Fi is inescapable in today’s digital world. The ability to connect, work, and socialize from any location – be it a local café, an airport lounge, or a hotel lobby – is a convenience that many have come to rely on. However, this convenience is not without its risks. As the digital landscape evolves, so do the threats associated with public Wi-Fi networks. Public Wi-Fi has become a staple in our daily lives. With the surge in remote work and the digital nomad lifestyle, the need to stay connected while on the move has never been greater. Yet, a staggering 56% of individuals connect to public Wi-Fi networks without a password, as reported by Forbes Advisor. This seemingly harmless act can expose users to a myriad of cyber threats. 

Below are a few attack vectors that cyber criminals can use to access users’ digital information using public Wi-Fi.

  • Evil Twin (Rogue Access Point) – Cybercriminals often set up counterfeit Wi-Fi networks with an SSID (Service Set Identifier) resembling legitimate ones. Unsuspecting users, thinking they’re connecting to a genuine network, inadvertently expose their data to these rogue hotspots. After a user connects to an Evil Twin, all data sent over the network can be seen by the attacker.
  • Man-in-the-Middle (MITM) Attacks – In these attacks a threat actor, who is on the same public network you connect to, intercepts packets sent between your computer and the internet. Similar to eavesdropping, this allows attackers to view and manipulate data.
  • Session Hijacking and Sidejacking – This occurs when the attacker is able to steal a legitimate session ID from a user to “hijack” the user’s session. For instance, a user may log into their bank account on public Wi-Fi. Simultaneously, the attacker will capture the information in the session cookie and use it to impersonate the user after they are done with their banking activity.
  • Login Page Phishing – Some public Wi-Fi login pages may prompt users to enter information to securely login. This may be leveraged by attackers using a phishing attack to obtain credentials. For example, an attacker may redirect a user attempting to access a public Wi-Fi point to a phishing page requesting the user login through Facebook. If the user enters their Facebook credentials, they are passed to the attacker who can then use them.
  • Unencrypted Public Wi-Fi – By default most access points are set up with WPA2 encryption enabled. However, if encryption is disabled on the Wi-Fi access point, information sent over the network can be viewed by attackers connected to the network.
  • Malware Distribution – Attackers can use public Wi-Fi to prompt a user to download or install a malicious program that may log keystrokes, or enable remote access to a user’s computer.

Public Wi-Fi Best Practices

In most cases, the most secure action would be to avoid public Wi-Fi. A low-cost solution would be to connect to a personal mobile hotspot. However, if one must connect to a public hot spot here are some best practices.

  • Ensure that you are connecting to a legitimate Wi-Fi access point. Usually, this can be confirmed by asking an employee what the SSID for their Wi-Fi is.
  • When connecting to a public Wi-Fi access point, use a VPN to encrypt your data in transit over the network.
  • Disable auto-connecting to Wi-Fi networks.
  • Avoid accessing your personal financial information or work information while using un-trusted public Wi-Fi.
  • Only access HTTPS site to ensure an SSL/TLS connection with the webpage.
  • Enable anti-virus and anti-malware software on your computer.
Categories
General Cyber and IT Security

Cybersecurity Tips For International Travel

International travel presents unique challenges to securing devices and information. This is particularly true when traveling to destinations that are considered to be high cyber risk countries such as China or Russia. 

Here are some precautions to take when traveling to these countries that will improve the security of your devices and data.  

Before you travel, you should first consider your company policies and procedures. Your device may have Mobile Device Management which can allow for a remote wipe of data if your device is lost or stolen. It may also specify an application whitelist or limit the device’s use when traveling.

Your company may also have a regularly scheduled backup for data and files to a secure server. If they do not, ensure that you back up all your device information before traveling internationally.

Another important consideration is to update your anti-malware and anti-virus before leaving the country. This guarantees that your device can defend against the most recent exploits. 

Finally, make sure your hard drives and data storage devices are encrypted, and be sure to verify the local laws of the country that you are visiting. Some countries, like China, do not allow encrypted devices and your device may be seized.  

When traveling internationally it is imperative that you always maintain physical control of your devices. Thieves often target foreigners for their devices and may extract sensitive data or personal information.

Another important reminder is to never connect a device to an insecure or untrusted connection. A simple act like plugging your phone into an unknown USB charger or outlet may install malware or extract data.

Avoid connecting to public Wi-Fi networks and turn off automatic connections for Wi-Fi and Bluetooth. 

When using your device in a foreign country establish a secured Virtual Private Network or VPN connection to a server in the United States. A VPN creates an encrypted tunnel to transfer your information and data. Still, you should assume any communications made in high cyber risk countries may be monitored.  

After returning home from your international travel, it is critical to not introduce any devices back into your home or work network. Doing this may introduce malware into the network. Instead, immediately format and update your devices along with your anti-virus and anti-malware programs.

It is also good practice to change the passwords of any devices that were brought with you during your travel. If any of your credentials were compromised while traveling, changing your password when you return may prevent escalation of any cyber threats.

Finally, monitor your financial accounts when returning to ensure that no credit card or account information was compromised.  


Sources:

https://www.securit360.com/blog/hitlist-international-travel/ 
https://tech.rochester.edu/security/international-travel-guidelines/ 
https://www.fcc.gov/consumers/guides/cybersecurity-tips-international-travelers 

Categories
General Cyber and IT Security

Understanding the Modern Cyber-Threat Landscape and Its Impact on Your Business Operations

Digital transformation has played a substantial role in the evolution of the modern cyber threat landscape—especially during the COVID-19 global pandemic, which gave rise to the environment of remote work. As businesses tackle challenges associated with the fully virtualized working environment, the implementation of emerging technologies within corporate networks has helped enhance business operations to meet the growing demands of IT process virtualization and automation, data storage, data privacy and security, etc.

However, threat actors also learned to leverage the digital transformation era to achieve attack precision and scalability. In today’s modern cyber threat landscape, sophisticated cyber-attacks have dramatically increased: with ransomware attacks projected to occur every 11 seconds in 2021 and the losses associated with Business Email Compromise (BEC) averaging $80,000 per victim, it is clear that cyber threats have made their way to the top of business risks in the last couple of years.

As organizations attempt to detect and respond to signature- and behavioral-based tactics, techniques, and procedures (TTPs), newer threat actors emerge with more sophisticated and far-reaching TTPs than their peers. Therefore, understanding where your corporate security posture is aligned with the dynamic nature of the modern cyber-threat landscape is critical to determining the likelihood, probability, and impact of a security incident on your infrastructure.

In this article, we discuss the evolving complexities of the modern cyber-threat landscape, its impact on business operations, and how to align your security posture to achieve cyber-resilience. 

Most Likely Cyber Threats In 2021

As the cyber threat landscape is constantly evolving in nature, you must know how to spot new threats, and how to identify the techniques that threat actors may be using to bypass your existing cybersecurity infrastructure.

As a security professional, it is important to understand that the threat landscape in 2021 and beyond is likely to expand, with more attack vectors than ever before.  The SolarWinds attack in 2020 showed us that organizations can suffer from a breach through their software vendors in addition to their internal applications. APTs will be investing their time into new vectors of attack throughout 2021, with more of a focus on enterprise software and the growing hybrid environment, to name a few. 

The rise in persistent threats is a cause for concern, as threat actors are making their way into critical infrastructure more easily, through a combination of AI, automation, and existing techniques such as malware and phishing, to enhance the sophistication of their attacking methods. Threat actors are now more likely to use their knowledge of emerging technologies, such as attacks via IoT devices, such as smartphones and routers, and use it to expand the scale of their attack (moor backdoors, more access points).

Preparing Your Business for the Modern Threat Landscape

Responding to cyber threats within the modern landscape is a difficult task if your IT department does not actively encourage a mixture of AI-powered threat intelligence–information about cyber threats and threat actors–as well as human effort and security awareness. AI and automated threat detection and response are not sufficient on their own to fight against the adaptive intelligence of today’s threat actors. 

The first step to take is to make sure everyone on your team is aware that threat intelligence is only one stepping stone towards a resilient cybersecurity posture. The emergence of new technology in your existing infrastructure will provide threat actors with security loopholes to attack through, and it is your responsibility to understand and adapt your cyber threat response plan accordingly against the growing number of attacking vectors.

To fight attacks before they become prominent threats, it is vital to consistently implement threat prevention, detection and response countermeasures using human-based capabilities as well as automated capabilities. 

Common countermeasures for preparing for cyber attacks should include basic cyber hygiene, such as security awareness training and tabletop exercises; security policy developments for critical infrastructures; managed network detection and response procedures that are documented; MDR and EDR monitoring; and regular assessments.  Therefore, incorporating human touch and automation in the threat detection and response procedures provide more holistic insights and visibility in attack avenues. 

Combating the Probabilities and Impacts of Emerging Cyber-Threats

As your organization’s infrastructure changes, so does the need to protect your data and accounts. Emerging cyber threats are more prominent in areas of functionality that are limited in cybersecurity flexibility, where outdated security tools are still playing catch up with the software/applications themselves. This is often either at the fault of the IT department, or the software vendor themselves. Common examples include remote working setups and applications that are still yet to implement industry-standard security updates such as endpoint protection. It is estimated that 77% of organizations do not yet have a detailed incident response plan in place. 

Cyber incident response preparations

Emerging cyber threats are only going to get more prominent as the barrier to entry for threat actors becomes artificially lower. With a growing selection of open-source AI software and automated tools available to the common cybercriminal, the cost to commit cyber crimes is getting far lower. Technical knowledge is now also becoming a less-critical requirement for threat actors, as phishing and malware techniques can be learned online and thus automated using the tools they obtain.

Luckily for CTOs/CISOs, policy and plan development assessments and network/endpoint monitoring can be implemented very easily. By adopting the following 3-step approach, you can begin to enhance your cybersecurity posture much quicker:

  • Prepare and know your current and future risks by implementing basic hygiene measures, such as cybersecurity training to all. 
  • Protect/defend your infrastructure by implementing automated cybersecurity tools such as MDR/EDR, so threats are recognized and responded to proactively before any damage is caused.
  • Respond to attacks with a progressive mindset, so they cannot ever be repeated. This step involves setting more robust cybersecurity policies like MFA and restricted data access for some employees.

The only way to combat the rising probability of an attack is to have all of your employees adopt a security-first, zero-trust mindset. Your organization will be using more software, more environments and more applications than ever before in 2021, therefore security has to be at the forefront of every user’s mind at all times.

Human error is the cause of 95% of cyber attacks, so the easiest way to respond to these threats is to actively encourage caution, and a standard procedure for all employees when they are operating in the sensitive or emerging environments that may cause reputational and financial burden if breached.

Promote the benefits of regularly updating software, fully encrypting PII or PHI data, and steering away from any link, file, or email that is not associated with your organization. Although emerging threats are hard to spot, practicing a staged attack can help you assess where the weakest link is, so you can enhance your security posture as required.

Conclusion

Threats are real and so are threat actors.  Therefore, you always must stay one step ahead of them. In today’s business landscape, IT infrastructure represents a key business risk because the attack sophistication of threat actors today is capable of impacting business continuity and causing damage worth tens of millions of dollars. Financial damage is not the only downfall, as an organization’s reputation can be quickly lost as a result of a successful breach, whereby customers will quickly lose all trust in the continuity of their service.

There are a number of security applications readily available, which can be implemented in all environments, such as cloud, AI-powered systems, and remote working. Whether you choose to implement data loss prevention,  multi factor authentication (MFA) or behavior analytics into your existing cybersecurity posture, it is paramount that your threat response plan combines the human initiative too. If your security posture is limited in either the technological or human aspect, threat actors will always have the upper hand on speed and persistence.

Understanding and responding to the modern threat landscape should be one of the top priorities for the management in any organizations. It is always worth investing in an objective view and independent confirmation, to see if your infrastructure has the right protection available to mitigate the growing intelligence of modern-day threat actors. 
If you would like to receive expert advice to support all aspects of your cyber security infrastructure, visit SecurIT360 to get the most out of your security assessments, endpoint detection and response processes, as well as compliance-ready penetration testing. All aspects of cybersecurity are critical in the landscape of emerging technologies—let us manage your operations as a concerted package.

Categories
General Cyber and IT Security

Returning to the Post-COVID-19 New Normal: What to Expect for IT and Cyber Security Professionals Coming Back to the Workplace

COVID-19 is still with us, however many enterprises are reopening their doors and attempting to return to some sense of normal. It’s certainly a new normal: keeping staff safe requires a host of new processes, precautions, and even potentially new technologies and equipment.

From all perspectives, lock downs and work-from-home directives have created a significant disruption to normal enterprise operations. Looking at the situation from the point of view of technology staff, specific operational challenges shift into focus. Work equipment may have left the enterprise environment, home devices may have been used for work purposes, the delineation between work and home spaces has been blurred, or even removed completely.

There’s a lot on the plates of IT and cyber security specialists. Here are some of the most pressing issues to consider as you, your colleagues and the staff you support return to the post-COVID-19 workplace.

COVID-19 Mitigations

At the most basic level, normal workplace procedures are affected by recommendations for safety, as announced by the CDC. The most elementary of these recommendations likely apply to how cyber security professionals must conduct themselves, including:

  • Sick or symptomatic employees should stay home
  • Wear a mask
  • Limit interpersonal contact
  • Maintain appropriate spacing between staff
  • Sanitize surfaces after touching

IT and cyber security staff should be particularly aware of sanitizing devices before and after working with them. Check the CDC list for more recommendations, which vary according to the type of workplace, and follow any guidelines specified by your organization.

Relearn Cyber Security Fundamentals

Basic enterprise cyber security training for staff is often on the “we’ll get to it eventually” list, with indefinite deferral to maintain priority for operational needs. Now is an excellent time to reserve a block of time to review best practices, refresh basic training and boost awareness. Follow your cyber security training protocols and be sure to highlight the basics:

  • Password security training
  • Phishing and social engineering awareness
  • Email security
  • Updating and patching

Reestablishing the importance of awareness can go a long way toward creating resilience against the most elementary threats.

Speaking of Passwords…

Password security is often the first casualty when work and home environments are blurred together. Enterprise equipment and devices may be used by staff family or friends, or home devices could be used on enterprise networks. New employees might have been onboarded outside the usual training and processing framework, including being brought on remotely.

Passwords

A required password reset is the first step toward reasserting control over your security posture. Ensure staff adhere to company password policies when making changes. If your organization hasn’t yet implemented two-factor authentication, now is an ideal time to do so.

  • Have users reset all relevant passwords
  • Implement 2FA

Returning Equipment

Working from home has become the new normal for staff at many enterprises, which requires work equipment and devices migrating from the enterprise environment to homes. Returning work equipment to the enterprise environment creates two important IT security concerns:

Trivial equipment return. Certain items require only basic inventorying: cables, chargers, docking stations, etc. This is a tedious but necessary requirement, to ensure equipment is tracked and available if needed again, and that resources are not wasted. Damaged equipment is inevitable and needs to be replaced. Reemergence of lock down requirements may necessitate a return to large-scale work-from-home deployment: make certain you maintain the basic equipment resources required for that scenario.

USB

Returning devices. Work devices that left the enterprise environment in a secure state do not necessarily return that way. Expect that staff have been negligent in maintaining high security standards and respond accordingly. Many staff will ignore update prompts or postpone them indefinitely. Others might disable security apps as a matter of convenience. Conduct comprehensive updating and patching of all returning devices.

Additionally, staff might install software they commonly use in their home environment, or to replace resources unavailable outside the office. Certain upgraded software licenses may have been added to facilitate work-from-home efficiency, but are no longer necessary (video conferencing, remote sharing and collaboration software in particular). Scan for unregistered software to determine potential vulnerabilities and risks, and cancel unneeded licenses to manage costs.

  • Inventory and maintain adequate supply of trivial equipment
  • Update and patch OS, software, and EDR solutions
  • Scan for unregistered software
  • Inventory software licenses

New Devices in the Enterprise Environment

Returning staff introducing new devices to the enterprise environment is a significant threat to security. These will typically be personal devices – laptops and phones – that staff used for work at home out of necessity because office resources were not available, or because they were more convenient.

Work From Home

Home devices are vulnerable for all the obvious reasons: lack of updating and patching, presence of unauthorized apps, absence of enterprise-grade security solutions, poor password security, etc. Once one of these devices connects, the entire network is at risk of compromise.

USB and NAS devices are an additional threat vector that can slip through the cracks. Staff may have been using these devices regularly, or as a one-shot solution to port data or files from home to the newly reestablished enterprise environment. Enforce your existing device controls to restrict use of unauthorized storage devices.

  • Run scans to check for new, unknown and/or unapproved devices; personal laptops, phones and devices should not be allowed within the enterprise environment
  • Monitor use of USB and NAS and enforce device control protocols

Maintaining a High Readiness Posture

It’s critically important to remember that the post-COVID-19 new normal can, at any point in the future and without warning, revert to a crisis environment. Your staff could get sick and require your office to close, or general rates of infection could increase enough to cause reimplementation of a shut down. The possibility that things could again get worse still exists.

Make certain that the lessons learned, strategies implemented, and changes made are maintained to ensure readiness in the face of additional challenges. Navigating the new normal is tough enough – don’t let your guard down and be forced to start from scratch, relearning adjustments that were made in March and April.

The path forward requires an extra effort of safety and vigilance. If you can maintain focus, the new normal will become the regular normal and you can once again focus on operations, performance and your core business mission.