In any business, the security of each computer is intimately connected to the security of every other computer. Interconnectedness allows attackers to turn a breach, a fault, or an oversight on one machine into access on all the machines its connected to. That means any attack on any computer is a potential jumping off point for an attack on the entire business.
Trojans like Emotet and Agent Tesla can infiltrate deep into your organization, silently stealing sensitive information, while ransomware like LockBit can bring your entire business to a sudden, grinding halt.
To defend against them, organizations need to think about the tools and practices that will pay dividends throughout their network. To help, we’ve compiled five essential security tips for SMBs.
1. Have a plan for patching
Criminals often break into computers by exploiting known flaws in the software they’re running (you can think of this like jimmying a broken lock). Security updates remove those flaws, which fixes the broken locks and shuts out the criminals.
Be warned: Patching an organization isn’t like keeping your laptop up to date, and many underestimate the time and planning required to do it properly. Like any complex, ongoing process it requires commitment, planning and prioritization.
Organizations need to know what computers they own, what software they’re running, what updates that software needs, how urgently it needs to happen, who is responsible for applying updates, what schedule they’re working to, and what the rollback plan is if something goes wrong. While it's technically possible to do this process manually, using an automated patch management platform will make your life infinitely easier.
Some choose to do this themselves, but, for obvious reasons, many prefer to let an experienced managed service provider (MSP) do it for them.
2. Use multi-factor authentication
Getting on top of your patching closes a lot of doors on cybercriminals, but not all of them. There is no need for criminals to jimmy a lock if they can steal a key, and the keys to your kingdom are your users’ passwords.
In theory, putting those keys out of reach is easy: You just need all your users to choose strong, unique passwords for every account they use, all the time. In practice, this is an enormous uphill task that unnecessarily, and unfairly, transfers the responsibility for a key area of security from your IT specialists to your staff.
That’s where multi-factor authentication (MFA) comes in. There are many different ways to do MFA, but the most common form is asking users to type a one-time code from an app or SMS message next to their password. MFA is armour for your users’ passwords. It is hugely effective: It can protect you from stolen passwords and credential stuffing, shut out online and offline brute-force guessing attacks, and some forms of MFA will even stop phishing attempts.
The gold standard is MFA based on the FIDO2 standard, so we recommend you start there.
3. Turn off RDP wherever you can
Of course, you don’t have to worry about criminals jimmying locks or stealing keys if you can simply block up the doorway. In most cases that’s not possible, but in one very important place it often is: Remote Desktop Protocol (RDP).
Cybercriminals love RDP and for many years guessing RDP passwords was the number one method of entry for ransomware gangs. No wonder: A stolen RDP session gives a criminal on the other side of the world the same access to your network as they’d get if they strolled into your office, pulled up a chair, and logged on to one of your Windows terminals.
All RDP connections accessible from the Internet are found within hours of going live, and spend their lives being probed relentlessly by multiple malicious computer programs looking to guess their passwords.
Strong passwords can keep you safe, brute-force protection can too, and MFA is very effective, but none of these work quite as well as simply turning off RDP altogher.
RDP was a lifeline during Covid, but do you still need it everywhere it’s turned on? Turn it off wherever you don’t need it and harden what’s left.
4. Reserve admin logins for admin tasks
Every criminal or piece of malware that finds a way on to one of your computers is constrained by a set of rights. They inherit these rights from whatever legitimate program they’ve exploited or whichever user they’re impersonating. If they don’t have the rights they need they’ll try to get them, perhaps by using a tool like Mimikatz to steal the password of a passing admin. The harder they have to work to get the rights they need, the more likely you are to spot them before they do any real damage.
Standard users are heavily constrained, Local Administrators are powerful on one computer, and Domain Administrators are powerful everywhere. The question you must answer is: When a malicious actor ends up on your network, what type of user would you wish them to be? The more administrator accounts you have, and the more frequently they are used, the easier it for criminals to hijack one.
Admin accounts are designed for changing the way that computers and networks work, not for doing work on computers and networks. Use and assign admin rights as sparingly as you can.
5. Make offsite, offline backups
Now, some hard truth: Even if you do your best to stop criminals breaking into your organization, and your best to detect and evict any that succeed, the worst can still happen.
We hope that you never find yourself locked out of your own network by ransomware, and steps like the ones above will make it much less likely that you are. However, the potential severity of a successful attack demands you are never complacent. Ransomware affects organizations, not computers. It is an existential threat to your business on the same level as fires, floods, and other disasters.
If you are affected by a ransomware attack your aim should be to recover your critical systems as quickly as possible. You will need a plan (one that isn’t stored on a computer) that outlines who does what, and which systems you need to restore in what order. To make this possible you’ll need comprehensive, recently tested, backups that are both offline and offsite, beyond the reach of your attackers.
A muli-layered approach to cyber attack prevention
An organizations ideal approach to cybersecurity can be aptly summed up in the maxim, "Prevent what you can, mitigate what you cannot."
In this post, we've outlined a few best practices for your business to consider to lessen the likelyhood of an attack (as well as mitigate the fallout from one!). Now, all of these things sound great—but specifically what technologies are available to us to help bring these tips to fruition?
Our article on 5 technologies that help prevent cyberattacks for SMBs is a great start. Multi-vector Endpoint Protection (EP) is all but necessary to have as a first-layer of defense, and Endpoint Detection and Response is integral for detecting and responding to threats that do make it through.
Check out the resources below to learn more about what options are available for SMBs to fight and recover from cyber attacks.