The SolarWinds cyber attack, which impacted government agencies and private organizations alike, is one of the biggest virtual crimes in history. It may seem like a global issue and that it has no connection to your business. However, you need to understand how SolarWinds became one of the largest — if not THE largest — cyber incursions ever. It’s the only way you can figure out how to protect your operation against becoming the victim of the next hack, whether it’s a one-off against your business or part of a global event.
1. Don’t assume that well-known organizations always get it right.
You don’t own or work for a major global conglomerate, which means you don’t have unlimited resources available to you. That’s why you probably base some or all of your technology and cyber security decisions on what larger and better funded companies do. You may check to see what other organizations use the solutions you’re considering. Impressive customer lists on websites could sway your decisions. After all, those companies have big teams of top tech talent to help them evaluate their options and select the best ones.
It’s understandable. If it’s good enough for the big players, it should be good enough for you, as well. Right?
Maybe not.
That’s one of the reasons SolarWinds got to be so big and how so many smaller businesses became entangled in its recent hack. Big government agencies and corporations leveraged their solutions and others followed.
It’s going to cost everyone involved a lot of money to recover. It’s also going to have a major negative impact on their reputations.
The difference? Larger, better known enterprises have the staff and funding to recover. Start-ups and other types of businesses don’t. They may not be able to recover at all. Many organizations never make it back after they’ve been hacked.
The lesson: Before deciding on a technology service provider, make sure you do your due diligence. Don’t automatically go with the ones with the most impressive client lists. Look for those that have great reputations and use innovative methods to stay ahead of cyber crooks to protect their clients. If you’re not sure how to assess a new tech provider, the experts at GeeksHD are available to advise you.
2. Don’t treat everything as equal.
All tech assets and company records are NOT the same.
When it comes to protecting your systems, software and data, figure out which ones could ruin you if they’re stolen or destroyed and which would merely inconvenience you. If you have limited resources available, spend more time, money and effort on protecting the things that could cause you serious harm. Decide which assets you should invest on building customized, bullet-proof, in-house solutions to protect and those that you can cover with off-the-shelf software.
The lesson: Don’t provide the same level of protection to all your cyber assets if your budget is limited. Mediocre protection across everything is an invitation for cyber crooks to come in and do as much harm as possible. Instead, take extra steps to protect the most critical assets. If you’re not sure how to set these priorities, the experts at GeeksHD are available to learn about your operation, cyber assets and how you conduct business. Then they will be able to advise you on how to spend your technology and cyber security dollars in the smartest way possible.
3. Actively manage your vendors.
Unless they’re huge multinationals, most businesses have to outsource some aspects of their cyber system management and security to third parties. Based on what we’ve learned from SolarWinds and other attacks, “set it and forget it” isn’t the right approach for any organization that wants to protect itself from hackers. They need to set rules and expectations for the vendors and third party suppliers they work with and make sure they’re met.
Find out how prospective vendors and suppliers protect their data and what protocols they follow to protect your data and other online assets. If you don’t feel comfortable with their standards, move on until you identify ones that you feel confident are looking out for the best interests of your organization.
The lesson: At its foundation, cybersecurity is all about managing risks. As a business owner, operations manager or IT professional, you have to figure out which risks you find acceptable and which you do not. Only you can know for sure, but based on recent events, your list of acceptable ones should be very small and carefully considered.
4. Pay special attention to your employees.
Businesses with limited resources should fully leverage the ones they do have, most importantly, the people that make up their work force.
At the foundation of any solid cybersecurity program is human behavior. No organization can depend on technology alone. The people who work for — and with — you can be your greatest vulnerability. Or you can take steps to turn them into your greatest cyber security asset. A well trained, educated and informed workforce is a powerful asset to any enterprise.
Begin by educating your employees on the cyber assets that they’re accountable for in your organization and what their responsibilities are when it comes to protecting them.
One important thing they need to know about is using strong passwords. A strong password contains a minimum of 15 characters of different types including letters, numbers and symbols.
Almost all major cyber breaches happen because of compromised passwords. This was true of the SolarWinds hack. One of the passwords used to access the system, solarwinds123, was extremely easy for criminals to figure out and use to break in. In addition to enforcing the use of strong passwords, make sure your workers leverage multi-factor authentication whenever possible. It provides an added layer of security protection when it comes to logging in to systems that makes it much harder for cyber crooks to break in.
The lesson: A small investment in employee training and communication could go a long way toward protecting the cybersecurity of your business.
5. Regularly back up your data.
Hacks happen every day. It’s a reality and part of doing business right now. The SolarWinds attack proves it.
In addition to taking steps to protect your systems, you must make sure you’re prepared in case you do get hacked. That’s why it’s critical for you to regularly back up all your data on a separate network. Then have a plan for consistently testing that back-up, so you know the data is current, complete and correct.
The lesson: None of the individual things we’ve recommended is a sure way to prevent cyber threats. However, taken together, they will bolster your cybersecurity, making it harder for potential hackers to access your networks. If there’s one thing we can learn from the SolarWinds attack, it’s that every organization must review its priorities, willingness to tolerate risk and take steps to protect the security of their enterprise, no matter how big or small it is. The experts at GeeksHD are available to help you out if you don’t feel prepared to handle this on your own.