There is every indication that businesses and networks in Western countries are very likely to face increased cybersecurity attacks in the near- to mid-term. Here are some things to consider and for the protection of personal and commercial networks (to include those of schools and churches).
The geopolitical realities of our planet have a bearing on our personal and corporate cybersecurity posture, and there is credible evidence to suggest that things are going to be a bit rough for a while. While it is true that very few entities can thwart a direct and dedicated attack from a well-funded attacker, this is not the threat profile we are discussing today.
We have spoken about the desirability of multi-factor authentication in the past, and we continue to recommend that this be pursued, especially for critical and/or sensitive services such as online financial activity, etc.
It is also important for everyone to understand that being careful with both personal and business-related computing devices is vital to staying out of harm’s way, because attacks are likely to come from both angles. With that said, here are some basic things to consider and/or remember:
How to Improve Your Security Posture
Seek Credible Sources of Cybersecurity Info
Know your threats, understand your risks, and understand what options you might have to mitigate or reduce those risks.
Understanding requires knowledge, and it is important to seek out useful and credible sources of cybersecurity-related news and information if you desire to maintain good cybersecurity posture. One such source is: https://www.cisa.gov/
CISA stands for CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY
This US agency provides solid information for both personal and business/government computing, and has links to valuable external resources.
There are also global CERT organizations that coordinate on cybersecurity information and response:
(search for “country Computer Emergency Response Team” to find the appropriate CERT for your country)
Be Careful and Attentive
It doesn’t matter what operating system (OS) you use, and how secure you believe it to be, there are two weak links in all computing systems:
- Configuration of the device or system
- The human user of the system
And remember that #2 is often responsible for #1. An attentive and careful person on an insecure system can avoid more problems than an inattentive person on even the most secure system.
Protect Your Phone
Your phone is the gateway to your data, and to much of your security. Please protect it.
Put a password on it. (Yes, I know that there is a focus on passwordless security, but until we’re there, let’s to something!)
Pay attention to what applications you run on it, and where you obtain these applications.
SMS and malicious applications are the major infection vectors for mobile phones, and from there, almost all your other data can be accessed.
Avoid Public WiFi and other Unknown Networks
Avoid public WiFi as much as humanly possible. When outside of your own home, and away from your personal or corporate networks, you will be better served by using your mobile phone as a personal hotspot than by using some unknown network.
If you absolutely must use an unknown network — even one that appears to be from a trusted provider — be sure to use a virtual private network (VPN) application to protect yourself from that network.
Log and Monitor
You cannot necessarily protect yourself from every threat, but logging and monitoring will go a very long way to helping you to identify attack attempts in a timely fashion.
Even if you are unfortunate enough to suffer a breach, having adequate monitoring in place will enable you to get a better sense of what data might have actually been exposed.
If you use online applications that show you your last logon times, and last logon location, pay attention to these and ensure that suspicious logons can be investigated.
And if you have logs, review them regularly. Unreviewed logs are pointless.
Multi-Factor Authentication (MFA)
I encourage you to use Multi-Factor Authentication, especially for highly sensitive or critical accounts.
Be Careful with Approvals
Okay, so you have installed and configured MFA. Great.
Don’t just press YES or OKAY or APPROVED every single time you see an MFA notification. MFA should NEVER be initiated without your knowledge. Not Ever.
If you see an MFA notification request, and you didn’t deliberately initiate it in the last 5-15 seconds or so, then there is a very good chance that your password has been compromised, and that the only thing standing between your data and the attacker, if you approving an MFA request that you did not initiate.
Don’t do that.
What you need to do is check your application logs to see if something undesirable is taking place. BUT, only do this if you are already logged on to the application in question. If you are NOT logged on already, what you need to do in such a scenario is wait for a few minutes (at least 5), and then initiate your own logon attempt, and review any logon attempts that have been logged by the application, and then change your password for that app.
DO NOT do this without letting at least 5-10 minutes pass, because if the attacker is still trying to get into your account, you might approve an MFA attempt for your attacker, and not the one you just initiated.
Keep Your Anti-Malware Tools and Patches Up-To-Date
Please make reasonable efforts to keep your applications and operating systems up-to-date.
Please keep your anti-malware software — even on your mobile phone — up-to-date.
Yes, you do need to be careful about how quickly you apply Windows patches, given the major issues that have accompanied patch releases in the past — especially in the past few months. But, within at least a week or two of release of a given month’s patches, you should be able to update your systems with some assurance. Obviously, the more systems you are responsible for, the more your deployment timing might be impacted, but don’t let months pass, as this will almost certainly adversely impact your security posture.
Be Careful Where You Browse
The internet is dangerous, and there are many avenues of potential attack. If you are cavalier in your browsing practices, whether on your desktop, laptop, tablet or phone, you can expect that your risks will be higher than if you are more cautious and measured.
And remember: Being cautious on every device except one, when all the devices in question are sharing a local network, is pretty much the same as being reckless on all of them.
In other words, your security posture is going to be determined by the weakest link, not the strongest.
These suggestions are things you should be doing anyway, but as there is a greater risk of malicious cyber activity in the foreseeable future, these recommendations are a little bit more urgent.
If you are responsible for the protection of a larger network, be sure to check out the CISA and CERT links for more guidance on additional things you need to consider. And keep up to date with your vendor security notifications, too.
Be attentive — don’t take things for granted, and absolutely investigate any suspicious activity you see on your network.