{"id":18442,"date":"2022-03-07T11:10:09","date_gmt":"2022-03-07T19:10:09","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/03\/07\/news-12175\/"},"modified":"2022-03-07T11:10:09","modified_gmt":"2022-03-07T19:10:09","slug":"news-12175","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/03\/07\/news-12175\/","title":{"rendered":"Four key cybersecurity practices during geopolitical upheaval"},"content":{"rendered":"<p><strong>Credit to Author: David Ruiz| Date: Thu, 03 Mar 2022 10:37:29 +0000<\/strong><\/p>\n<p>Russia\u2019s continued invasion of Ukraine has altered the landscape of cybersecurity threats facing organizations both near and far from the physical threat of war.<\/p>\n<p>Disinformation is spreading and <a href=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2022\/03\/meta-blocks-russia-ukraine-disinformation-campaigns-on-facebook-instagram\/\">being actively fought<\/a>. The old hacker group Anonymous <a href=\"https:\/\/www.theguardian.com\/world\/2022\/feb\/27\/anonymous-the-hacker-collective-that-has-declared-cyberwar-on-russia\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">promised \u201ccyber war\u201d against Russia<\/a>. One ransomware group swore to launch <a href=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/02\/cyber-lures-and-threats-in-the-context-of-the-war-in-ukraine\/\">retaliatory attacks for any harm brought to Russia\u2019s critical infrastructure<\/a> (and then subsequently had to stanch the informational bleeding caused by an insider\u2019s <a href=\"https:\/\/blog.malwarebytes.com\/threat-intelligence\/2022\/03\/the-conti-ransomware-leaks\/\">leak campaign<\/a>). And external government-sponsored threat actors are <a href=\"https:\/\/blog.malwarebytes.com\/awareness\/2022\/02\/cisa-warns-of-cyberespionage-by-iranian-apt-muddywater\/\">still continuing their own campaigns<\/a> against Africa, Asia, Europe, and North America.<\/p>\n<p>The crossfire of these international cyber offensives can, regrettably, catch ordinary small- to medium-sized businesses (SMBs) in the middle. Here are four cybersecurity best practices that SMBs can adopt today to protect their businesses, employees, devices, and networks in this continually evolving crisis.<\/p>\n<h2><strong>1. Lock down your public-facing networks and beef up internal security<\/strong><\/h2>\n<p>Cybersecurity\u2019s history of its most devastating attacks involves many stories of basic lapses in judgment\u2014unprotected Remote Desktop Protocol (RDP) ports, elevated access privileges for far too many employees, unpatched vulnerabilities, and lacking multi-factor authentication.<\/p>\n<p>These are simple errors that, with the right prioritization, can be solved. According to the most recent advice from the US Cybersecurity and Infrastructure Security Agency (CISA), all companies, including SMBs, should commit to the following:<\/p>\n<ul>\n<li>Validate that all remote access to the organization\u2019s network and privileged or administrative access requires multi-factor authentication.<\/li>\n<li>Ensure that software is up to date, prioritizing updates that address&nbsp;<a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">known exploited vulnerabilities identified by CISA<\/a>.<\/li>\n<li>Confirm that the organization\u2019s IT personnel have disabled all ports and protocols that are not essential for business purposes.<\/li>\n<li>If the organization is using cloud services, ensure that IT personnel have reviewed and implemented&nbsp;<a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/analysis-reports\/ar21-013a\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">strong controls outlined in CISA&#8217;s guidance<\/a>.<\/li>\n<li>Sign up for&nbsp;<a href=\"https:\/\/www.cisa.gov\/cyber-hygiene-services\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">CISA&#8217;s free cyber hygiene services<\/a>, including vulnerability scanning, to help reduce exposure to threats.<\/li>\n<\/ul>\n<p>With these practices, many of the most common types of cyberattacks can be prevented. For more information on how to detect cyber breaches as they happen, and to prepare on how to respond to such an attack when it happens, you can read CISA\u2019s \u201c<a href=\"https:\/\/www.cisa.gov\/shields-up\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Shields Up<\/a>\u201d guidance on staying cybersecure during Russia\u2019s attacks against Ukraine.<\/p>\n<h2>2. <strong>Audit access privileges and clean up old account credentials<\/strong><\/h2>\n<p>Similar to how any SMB should be ensuring that any remote access to their networks is protected with multi-factor authentication, SMBs should also audit which of their employees have access privileges to which systems and resources. Too often, employees who do not need access to high-level, sensitive controls are given blanket access to their entire company. All it takes for an attacker to get in, then, is for any of those employees to slip up in, say, a phishing scam.<\/p>\n<p>Take the time to audit who has access to what parts of the company, and whether they actually need it. Also, be sure to clean up any old user accounts from ex-employees. Such accounts should be deactivated.<\/p>\n<h2>3. <strong>Stay vigilant of phishing scams<\/strong><\/h2>\n<p>Much like how online scammers <a href=\"https:\/\/blog.malwarebytes.com\/scams\/2020\/03\/coronavirus-scams-found-and-explained\/\">leveraged the global COVID-19 pandemic<\/a> in its earliest days to swindle people out of their money, the crisis in Ukraine will likely lead to bogus pleas for charity donations that, in truth, could end up in a cyberthief\u2019s hands.<\/p>\n<p>SMBs should remind their employees about phishing threats and, if possible, send an updated notice about phishing attempts specifically related to Russia\u2019s invasion of Ukraine.<\/p>\n<p>The same rules for <a href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/06\/somethings-phishy-how-to-detect-phishing-attempts\/\">spotting phishing emails<\/a> still apply: Be wary of any unexpected requests for personal information, hover over URL links to ensure they\u2019re legitimate, double-check the sender\u2019s own email address, avoid opening email attachments from unknown senders, and scan any message for spelling and grammar mistakes.<\/p>\n<p>But as we\u2019ll explain in our next cybersecurity best practice, if an SMB has not pushed out any phishing training in its organization, now is <strong>not<\/strong> the time to roll out a new training module.<\/p>\n<h2>4. <strong>Do not roll out brand new, untested cybersecurity measures<\/strong><\/h2>\n<p>The cybersecurity priorities for SMBs right now are securing the tools and programs that they currently use\u2014not adding new ones, and new complexity, to the mix. This work takes time and caution, as even a small business could be in control of hundreds of endpoints each with dozens of software tools that each have their own reams of account credentials, both current and out-of-date.<\/p>\n<p>While a new, fancy tool may sound promising in bolstering your cybersecurity, what it could actually add is a headache for your IT professionals.<\/p>\n<p>As the cybersecurity landscape continues to change, IT professionals inside SMBs should not have to split their time with yet another project to manage. Give them the time\u2014and the authority\u2014to raise red flag issues with your C-suite and to fix any problems that they find today without having to worry about new ones tomorrow.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/awareness\/2022\/03\/four-smb-cybersecurity-practices-during-geopolitical-upheaval\/\">Four key cybersecurity practices during geopolitical upheaval<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/awareness\/2022\/03\/four-smb-cybersecurity-practices-during-geopolitical-upheaval\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: David Ruiz| Date: Thu, 03 Mar 2022 10:37:29 +0000<\/strong><\/p>\n<p>In a time of rapid-changing crisis, here are four SMB cybersecurity best practices to help prevent the most common attacks. <\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/awareness\/2022\/03\/four-smb-cybersecurity-practices-during-geopolitical-upheaval\/\">Four key cybersecurity practices during geopolitical upheaval<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10598,15496,23583,24444,25143,11738,3924,10502,25205,21797,25206,251,3985,17224,25207,12321,10606,8642,25208],"class_list":["post-18442","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-2fa","tag-awareness","tag-cisa","tag-covid-19","tag-covid-19-scams","tag-multi-factor-authentication","tag-phishing","tag-phishing-scam","tag-privileges","tag-rdp-access","tag-rdp-ports","tag-russia","tag-scam","tag-shields-up","tag-small-and-medium-sized-business","tag-smb","tag-two-factor-authentication","tag-ukraine","tag-us-cybersecurity-and-infrastructure-security-agency"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18442","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18442"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18442\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18442"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18442"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18442"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}