Organizations and IT departments are still fighting off the WannaCry ransomware attack, which has crippled corporations, government agencies and healthcare systems across the globe. Every threat is different, but this is yet another example of why every organization, no matter how big or small, needs to take these threats more seriously.
At Cimphoni, we have built our cybersecurity program around five pillars that are key to lower your organization’s risk levels. Here are a few highlights that did protect most organizations, and would have protected those who have fallen victim to the latest cybersecurity epidemic:
- The Human Firewall: WannaCry used phishing emails to spread the ransomware to organizations worldwide. Train your employees on common security threats such as phishing to ensure they do not open emails or click on links from untrusted sources.
- Keep Systems Updated: This attack was based on a known vulnerability in Windows operating systems for which Microsoft had already issued a fix or “patch” in mid-March. That was over six weeks before the malware started spreading! By using up-to-date operating systems that are still fully supported by their creators, and updating them at least monthly, you can remove many vulnerabilities before malware can exploit them to attack your systems and damage your operations.
- Defense in Depth: The more layers of defense you build around your digital assets, the harder it will be for malware and hackers to get to them. Ensure you are protected with anti-virus/anti-malware applications and that they are up to date. Add intrusion detection or intrusion prevention systems (IDS/IPS) and make sure they are also kept up to date.
- Protect Sensitive Data: Ensure that your mission-critical and sensitive data is identified and has additional layers of protection from viruses, ransomware and other nefarious cybercrimes. This allows you to focus your resources on your most important digital assets, and manage your cybersecurity investment wisely.
- Incident Management and Response Plan: Write a plan on how to respond to cyber attacks and practice the plan at least once per year. This will avoid losing precious time when – not if – your systems are attacked because your staff knows how to respond. Do not rely on electronic copies of your incident management and response plan only, as they may not be available during a cyber attack such as WannaCry. Make sure there are up-to-date paper copies available at every point of use.
To learn more about how to build a strong cybersecurity program for your organization, download our white paper Building a Cyber Fortress to Protect Your Digital Assets or schedule a call with a Cimphoni cybersecurity expert.