Hygiene to Protect Solarwinds type of attacks
Giant companies have entire departments set up to assess a product or service. That’s both how SolarWinds got so big and how small businesses got wrapped up in its recent hack, which is likely to be seen as the most significant cyber attack in modern history.
If large, sophisticated organizations with big budgets and huge IT departments have difficulty securing their global operations, then how can small businesses secure their operations
Assess and act.
Prioritize your assets and determine how you might protect your data. You cannot protect all assets equally; prioritizing them allows you to know where to invest resources. Additionally, you should know what functions make economic sense and, from a security perspective, what to keep or build in-house and what functions should be outsourced. A common step in small business security is often moving data storage to the cloud. As you determine what to outsource, it is important to remember that outsourcing a function does not outsource your responsibility.
Manage your risk.
You should have a list of requirements, based on your own security and risk management profile, that you require of all of your vendors and third-party suppliers. For example, you should ask how they protect their data and what protocol do they follow for protecting your data. The fundamental tenet of cybersecurity is risk management. As a small business, you need to determine which risks you can tolerate and which ones you cannot.
Focus on employees.
With limited resources, small businesses should focus on the resources they do have–specifically, employees. The foundation of good cybersecurity is human behavior, not technology alone. Human beings, your employees, can be your greatest vulnerability or they can be a force multiplier for security in your organization. A trained, educated, and informed workforce can be a powerful and resilient asset in any enterprise. Start by educating each employee on their responsibility and accountability for security in your organization. Specifically, train your employees on strong authentication. Strong authentication is using a passphrase with a minimum of 15 characters to log into your network and making sure you use different passphrases for personal and business use. Almost all major cyber breaches occur through a compromised password. One of the access points to SolarWinds had the password solarwinds123–stunningly simple and extremely easy to hack. In addition to strong passphrases, ensure that your employees use multi-factor authentication whenever possible.
Back up your data.
Throughout the pandemic, we have seen a dramatic increase in ransomware. Ransomware holds your critical data hostage to a ransom. Once ransomware has infiltrated your system, it can be extremely difficult to remediate quickly and effectively. Paying a ransom can be expensive, and you are not guaranteed the recovery of your data if you pay. The first step you should take to prevent ransomware is to ensure strong authentication on all of your networks so the hackers can’t gain access. The second important step any enterprise–large or small–should take in preventing ransomware is to back-up your critical data on a separate network. Then commit to testing that back-up regularly, so you know it is current and the back-up works.
Though the enterprise is small , medium, large. A proper security hygiene will keep the external threat actors away from business to an extent