The Department of Homeland Security released a warning letter on 23 January 2022 — expect Russia to come for you. So what are the 3 Cybersecurity Steps that you can take?
The 3 Cybersecurity Steps that you can take
First, Russia can attack us.
From the dispatch: “Russia maintains a range of offensive cyber tools that it could employ against US networks...” And it’s not just Russia proper. An entire network of hackers operates with Russia’s implicit Russian blessing.
Second, you cannot assume that you are not a target. Your Knoxville business can be weaponized even if you are not in the military or a key part of the infrastructure. HVAC controllers have hooks into many businesses to manage systems. The digital Rolodex and PII of financial firms are worth (literally) millions. Companies that serve subcontractors of DOE and DOD can be used to move up the chain of subcontractors as they use you to bypass others’ cybersecurity protections.
Third, with our large DOE presence, so prepare for disruptions, especially in Knoxville. While not every business will be attacked, you should consider how a cyber security-based disruption can affect you. If your business reacts to the markets, how would an attack on critical infrastructure affect your company — or clients?
When one of your major vendors went down for three weeks, how would it affect you? If one of your clients was affected, would they call on you to help with their operations?
What Can You Do?
Have A Plan
This is not new. For years, businesses have been told to have continuity plans and disaster recovery plans. What has changed is the immediacy of the threat. You can no longer assume that you will be safe because you are small or out of the way — cyber threats know no boundaries.
Train Your Staff & Protect Your Email
You can reasonably expect a large uptick in phishing emails that are topical — perhaps even to your industry. Your company needs to be on the lookout. You also should have both standard spam filtering and AI-based filtering in place. Train your staff on what to look for and how to report suspicious emails.
Ensure That You Have in-depth defense
You should have multiple layers of protection, from firewalls to intrusion detection/prevention systems (IDS/IPS) to endpoint security. It is not enough to have a standard antivirus anymore. Defenses such as Threat Hunting, Advanced XDR, and Application Whitelisting are the new baseline security standards.
You can’t protect everything, but you can make it harder for the bad guys by using two-factor authentication (and not just for email) on your systems. And don’t use easily guessed passwords!
Download our Report!
Get your copy of What Every Business Owner Must Know About Hiring an Honest, Competent, Responsive, and Fairly-Priced Computer Consultant.