5 Laws of Cybersecurity
The business world is becoming increasingly digitized; everything from operations to customer relations is moving online. As a result, companies have become more reliant on technology to conduct their day-to-day operations. This increased reliance on technology has left businesses more vulnerable to cyberattacks and data breaches than ever before. With the rise in cybercrime and data breaches, businesses must implement robust cybersecurity measures to keep their company secure. The five cyber security laws can help you avoid being hacked, protect your data, and quickly recover if you are a victim of an attack. Read on to find out more.
The First Law – Utilize SSL Certificates
The most vulnerable aspect of communication in the digital age is the transmission and transfer of information from one location or system to another. Fortunately, there are several ways we can ensure the data contained within these transmissions is secure and protected. Take a look at the address bar of your web browser window. You should see a little padlock symbol to the left of the address. This symbol means that you are accessing a web page secured with HTTPS. (Hypertext Transfer Protocol Secure) Websites enable HTTPS by using an SSL (Secure Sockets Layer) certificate on the web server they intend to make available to the world.
Using SSL ensures that the communications between one party and another are secure. SSL can be used to secure communications between a visitor and a website, between two different servers, between two endpoints on a Virtual Private Network, and more. While SSL is undoubtedly a powerful tool to help safeguard your data and information, it is not without its limitations. The two most common limitations are unsecured third-party elements and the certificate’s expiration. If an SSL Certificate expires, your traffic is no longer secure. You will have to renew your certification to restore your SSL encryption.
Now that we’ve addressed certificate expirations let’s address third-party services. Third-party services and elements are anything connected or attached to your website or systems but unintegrated into the product’s core. What do we mean by “unintegrated?” In this case, we suggest that it is a piece of software that is “plugged in” to existing infrastructure and manufactured by a different party instead of being provided by the same party or group that manufactures the core system. If any outside element communicates without going through the encrypted SSL tunnel, that traffic is open and visible to the world.
Although SSL is not enough to completely safeguard against cybercrime, it’s an excellent place to start. It will help to protect customer data from being intercepted by cybercriminals and website hackers. Furthermore, it will help keep your private traffic secure if you have multiple locations that need to communicate regularly.
If you’re interested in learning more about SSL, please look for our upcoming articles detailing how to set up a VPN that utilizes SSL to establish an encrypted tunnel between two different LANs (Local Area Networks) and how the more secure TLS (Transport Layer Security) has superseded SSL. For now, let’s move on to Law #2.
The Second Law – Build A Secure Culture
Deploying the right cybersecurity tools is only one part of ensuring your business remains secure online. Equally important is building a safe culture within your organization. If an employee accidentally leaves the door open for hackers, it’s more than likely that cybercriminals will take advantage of the mistake. With that in mind, your staff members must be vigilant about cybersecurity.
You can build a more secure culture by conducting cybersecurity training for staff members. You can further improve the security culture by implementing standards that minimize risky actions and behavior. In future articles, we will cover the topic of security culture for both home users and businesses. For now, though, let’s focus on a few essential procedures every business employee should follow to help minimize risk.
Passwords: You can’t expect someone to be mindful of security if you ignore the basics. Implementing a firm password policy is the first and most straightforward method of building a security-minded culture. In an ideal setting, you will not rely solely on a password; instead, you will utilize a specific protocol such as Multi-Factor Authentication (MFA) or Single-Sign-On (SSO). However, if circumstances force you to rely solely on passwords, ensure each person has a secure password. A combination of capital and lowercase letters, numbers, and special characters will help provide a hardened password that is difficult to guess. To further increase password security, implement a mandatory policy to change passwords every 30 days. The final and most crucial step in securing passwords is lockout implementation. If the system detects an incorrect password more than three times, the system should lock that user account and immediately notify a supervisor so that a supervisor can conduct an audit to check for intrusion.
Firewalls: Good firewalls are the first line of defense for any network. What is a firewall? In the simplest terms, a firewall is a security system that works to prevent unauthorized access into or out of a computer network. You can think of firewalls as the bouncers of the network. They decide who gets in, who needs to be thrown out, and sometimes, who needs to stay inside. While most firewalls sit between the internet and the local network, some firewalls are software-based and are positioned directly on a device to act as a final line of defense against malicious activity from the internet. Ensuring that your company or home network has an up-to-date firewall is critical to network defense. Furthermore, ensuring that your network has a suitable first line of defense is vital to establishing a security-minded culture. After all, why should employees make sure they’re being responsible if you leave the front door wide open?
Outside Links: One of the simplest ways to ensure security within your organization is also one of the most overlooked: external links. Many links sent in emails and found on websites, sometimes even on Google, can compromise the security of your organization’s network. These links typically break down into one of two attack types.
- Phishing: Phishing is a standard attack method that involves sending a link in an email that leads to a fake payment website designed to look authentic. By sending you to these fake websites, attackers hope you will input sensitive information such as banking details or credit card information. Unfortunately, people often only realize a website is fraudulent once they have attempted to utilize the payment screen. If you recognize that you have been a victim of such a phishing attack, you need to go and check with your credit card company to see if your number is in danger. It’s always better to be late rather than never take action.
- Imposter Attack: While many people have heard of “Phishing” attacks, many are still unaware of the rise in so-called “Imposter” attacks. What is an imposter attack? Simply put, an imposter attack involves directing the victim to a phony login screen in the hopes of securing their login credentials for a service or system. Sometimes, attackers will even attempt to duplicate an organization’s website and hope to slip by with a slight change in the domain name to acquire secure login information for the organization’s site. Many times these attacks will involve a slightly more complicated methodology. Upon input of login credentials, a dummy login screen will redirect to the authentic login screen with a message to “please try again.” Using these tricks and diversionary tactics, many attackers can steal credentials necessary to access their victims’ systems or services.
So, what can we do to help reduce the probability of these attack methods? The simplest means of minimizing these threats is to help your employees understand the importance of clicking on links only from trusted or known sources. If your organization must use external links, please ensure that your network has a good-quality firewall and trust verification protocols to help scan incoming emails for addresses or links associated with known threats.
Open Communication: Sometimes things happen; when they do, the appropriate people must know so that they can take steps to correct the problem. Unfortunately, with today’s fast-paced communications and emphasis on efficiency, we sometimes need help communicating appropriately. To effectively communicate, we as managers and leaders must set our egos aside to be approachable. After all, you can only solve a problem if everyone is confident about bringing it to your attention.
This section is not a lecture on the ethics of inter-team communication, but it is important to stress that teams look to their leader as their rock. Now, let’s address two brief points on why communication is crucial for a security-minded culture.
- Knowledge Is Power: Perhaps the single most important reason to properly communicate. Proper communication brings accurate knowledge. Accurate knowledge, in turn, allows you to make effective and strategic decisions.
- Reduced Response Time: The faster you know about a problem, the quicker you can fix it. If people are hesitant to bring things to your attention because of how you might react, problems will grow uninhibited while people wait for you to be in an “approachable” mood.
As you can see, we could have gone more in-depth regarding communication. We could write an entire article on the topic and its importance, but this is not the place for such a conversation. The two critical points listed above are the hallmark arguments for communication from a strict perspective of security consciousness.
Lockout Procedure: Lockout is often overlooked and even more often misunderstood. However, this does not negate its importance nor its relevance in helping provide a secure environment for your data.
What is a lockout? In the simplest terms: “locking out” refers to the practice of entirely isolating components, networks, or equipment from outside influence for security. If you’ve ever worked around machine operations or operators, you’ve likely heard the term in passing. You can implement lockouts on machinery, servers, networks, individual computers, cell phones, and more. When dealing with machinery, the lockout procedure completely shuts down operations and stops all power from flowing into the machine. Lockout is, therefore, beneficial if equipment requires servicing or needs to alter production. Similarly, we can use system lockouts on networks and computers to isolate them from data flowing in or out. In this way, lockouts can be critical in a potential security breach. By separating the network or individual system, you are buying time to identify and remedy problems before they have a chance to grow.
You can implement lockouts by shutting devices off, removing data cables, installing network kill switches to physically isolate segments, or even throwing the electrical breaker to remove any possibility of access until you or a member of your response team can perform a full diagnostic. (We may fully address the lockout procedure in a future article.)
While lockout for networks shouldn’t be a standard practice except in specific applications, it should be a responsive practice in the event of system breaches. Train your staff and yourself appropriately so you can buy yourself time when a problem occurs.
The Third Law – Data Encryption & Localized Storage
Data Encryption
One of the best ways to keep your data secure online is to ensure it is encrypted. Encryption is a technique used to protect data by scrambling it so it can’t be read or understood. If a hacker were to break into your website or compromise an employee and steal your data, they would not be able to understand it. Encryption is especially beneficial for protecting sensitive data like customer information. Examples of encryption are Virtual Private Networks (VPNs) and other security tools. With businesses becoming increasingly reliant on cloud computing, they are also becoming more vulnerable to data breaches. This vulnerability is partly because cloud data resides on remote servers. Remote servers are inevitably less secure than on-premise servers. You must ensure your data is encrypted to protect it during transmission to and from remote systems.
Localized Storage
Now that we have addressed encryption, let us discuss cloud storage itself. While cloud computing offers many advantages, it’s important to note that it’s far from immune to cybercrime. In reality, cloud-based data is often more susceptible because the information resides on remote servers that are often outside our control. Data outside our control is data that is at risk. If you store sensitive data in the cloud, it’s crucial to ensure the strongest possible encryption; otherwise, it will risk theft of your information. Even if you encrypt your data, you should consider offline backups. With offline backups, you can be sure that your data will remain safe even if a breach occurs on the cloud-based service.
The Fourth Law – Be Vigilant
Install Effective Detection Tool
An Intrusion Detection System, or IDS, is one of the most valuable investments of time and money any company can make. But what is it? An IDS is a computer security system that monitors network activities to identify and log suspicious activity, known as “intrusions.” An IDS alerts the network administrator when it detects a possible intrusion attempt. IDS can be either software or hardware-based. Software-based IDS can run on a server and monitor the activity of all the systems on the network. Software-based is usually cheaper than hardware-based IDS because the system administrator can install it without purchasing additional hardware. Intrusion detection systems can help to detect various cyber attacks, including DDoS attacks, ransomware, malicious code, and brute force login attempts. An IDS coupled with a logger to monitor internal activity significantly increases your network vigilance. We will be expanding on this topic in a later article.
With the proper detection tools, you will be able to identify numerous forms of malicious activity, both internal and external. There are many forms of malicious activity, but some of the most common include unauthorized access attempts, data breaches, and unauthorized actions taken by authorized users with insufficient access permission. You will want to install a detection tool on all computers, mobile devices, and servers that store your most critical and sensitive data. Installing a detection tool on all vital devices allows you to be alerted in real-time whenever there is malicious activity on your network. Such alerts will enable you to respond quickly by shutting down the device or network and preventing further damage. You can also use the detection tool to generate signals you can share with law enforcement so you can work with law enforcement to trace the source of the cyberattack and bring the perpetrators to justice.
The Fifth Law – Respond Effectively
Lastly, be prepared to respond to an attack. Every business is susceptible to cybercrime, regardless of size or industry. Whether a small business or a large corporation, you’re at risk if you don’t take proper precautions. When an attack occurs, you need to respond quickly and effectively to help minimize loss of data and disruption in services. Outlined below is an elementary six-step plan to help ensure an effective response. Please be advised that the procedure outlined below should be considered a partial solution. It serves as a “key points” plan to get your business moving as quickly as possible, and it is not a comprehensive plan of action.
Change Your Passwords Immediately
When one of your employees becomes infected with a ransomware virus, the virus may prompt them to provide a payment to the attacker. If they comply with these demands, they will pay the responsible cyber-criminals with cryptocurrency. Since these transactions leave no paper trail, there is no way to track them or determine who made the payment. If your employees’ login credentials are compromised during the attack, the cybercriminals might try logging into your network again and stealing more sensitive data. To protect against this possibility, you should immediately change your employees’ passwords. Doing so will help minimize the damage that may have been done during the attack and may prevent similar attacks from occurring in the future.
Additionally, consider implementing two-factor authentication (2FA) for your logins. With this feature enabled, a user will have to enter both a password and a one-time code sent to their smartphone to gain access to the network. While 2FA is not 100% foolproof, it is an excellent way to protect your business from cyber-attacks.
Install Software Updates
Businesses have been urged for years to install automatic software updates on their computer systems, and for a good reason, as they often include critical security patches that keep users protected from newly discovered threats. Unfortunately, many businesses still don’t routinely install software updates, leaving their systems open to attack. If your business is currently facing a cyber attack, it is critical that you install all available software updates as soon as possible. Doing so will help close any potential loopholes the attackers may use to gain access to your system. Even if your business is not under attack now, installing regular updates is still an excellent practice. Doing so will help keep your systems up to date and running smoothly, which will help prevent your business from being compromised by malicious threats.
Run Security Audits
If you’re unsure where to begin after your business is attacked, one of your best options is to hire a trusted computer security firm to perform a security audit. These firms specialize in helping companies identify and close any potential vulnerabilities within their computer systems to prevent future attacks. To that end, security audits typically include a thorough review of your business’s network and computer systems and any existing security protocols in place. Once the auditors have completed their analysis, they will provide you with a report detailing their findings and any recommended changes to secure your network better. A security audit is an excellent way to get a detailed overview of your computer systems and learn where your business is most vulnerable so that you can immediately close any potential loopholes.
Enable 2FA
If your employees currently log into their workstations using a single-factor authentication system (i.e., a password or username and password alone), you should strongly consider switching to a two-factor authentication system. As mentioned previously, 2FA is an extra layer of security designed to protect your logins from being hacked. With this feature enabled, a user will have to enter both a password and a one-time code sent to their smartphone to gain access to the network. If someone tries to log in to your system using a username and password alone, they won’t be able to gain access. While 2FA is not 100% foolproof, it is an excellent way to protect your business from cyber-attacks. Additionally, if your current authentication system has recently been attacked, you can add 2FA as a failsafe to keep your logins from being stolen.
Review Network Activity and Logs
If your business is currently under attack, you will want to review network activity and logs for any suspicious activity. These logs will contain information about the attack being attempted, as well as the source of the attack. Once you have identified the source of the attack, you can then block that source from accessing your network. Taking this action will help minimize the effects of the attack and may even allow your company to trace the attack back to the cybercriminals. In some cases, the authorities may even be able to track down the attackers and hold them accountable for their actions. If you notice suspicious activity on your network but have yet to be attacked, you should also examine your logs for any potential red flags. Doing so will allow you to take action before an attack occurs while providing you with information that you can follow back to the source of the attack.
Take Care of Employee Education
Finally, it would help if you took care of employee education after your business has been attacked. As you investigate the source of the attack, you may find that employees were responsible for the breach. If that’s the case, you’ll want to take disciplinary action against those employees to prevent similar violations from occurring. Additionally, you’ll want to provide additional training to your employees on how to avoid falling victim to similar attacks. Educating your employees on the types of attacks they are likely to face and how to defend against them is one of the best ways to prevent future breaches. By taking these steps, you will be able to respond appropriately to a cyber attack on your business and limit the amount of damage done. Unfortunately, these attacks are rising, so all companies must take steps to protect themselves from them. With the right tools and appropriate responses to attacks, your business can minimize the damage and keep hackers from getting in again.
Conclusion
The world of business is becoming increasingly digitized. This digitization has left businesses more reliant on technology to conduct their day-to-day operations. As a result, businesses have become more vulnerable to cyberattacks and data breaches. To keep your company secure, you need to implement robust cybersecurity measures. First, you must ensure that the communications between your website and visitors are encrypted with HTTPS. You also need to ensure that the data is encrypted. Lastly, you must be prepared to respond to an attack and remember not to store sensitive data in the cloud. Now that you know what to do to secure your business, it’s time to start implementing these strategies. With these cybersecurity laws in place, you’ll be well on your way to keeping your company protected from cybercrime.