5 Ways Cincinnati Businesses Can Boost Their Cybersecurity During The Russia-Ukraine Cyber War
As Russian troops invade and attack key targets in Ukraine, a simultaneous war is taking place in cyberspace.
The Russia-Ukraine war has led to a sharp increase in cybercrime activities, both between those two nations and throughout the western world as well. Given that the United States is indirectly involved in the conflict through numerous sanctions imposed on Russia, it’s important for Americans to understand the risks they now face.
Cincinnati business owners need to ensure they’re covering their bases when it comes to cybersecurity. Check out this quick video to discover how you should be protecting your organization:
5 CISA Cybersecurity Recommendations For Cincinnati Businesses
The Cybersecurity Infrastructure & Security Agency has issued a series of defensive recommendations as a part of their Shields Up program:
- MFA: Multi-factor authentication (MFA) is a great way to add an extra layer of protection to the existing system and account logins. By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re able to make sure that the person using the login credentials is actually who they say they are. Make sure you have MFA enabled on every possible account—remote users, email, VPNs, password managers, etc.
- Patch & Update Your Systems: Patch management is a simple yet critical part of effective cybersecurity. If a software provider releases a security patch, it’s not something owners and managers can wait to address—it needs to be installed right away to ensure systems aren’t vulnerable to a cybercrime attack. Make sure to apply patches to your operating systems, web browsers, line of business apps, and anywhere else they may be available.
- Manage Strong Passwords: Don’t let a simple password be the reason your Cincinnati business gets hacked. Keep the following in mind
- Password Strength: It’s common that passwords are required to include uppercase letters, lowercase letters, numbers, and special characters. Consider using a passphrase—which is when you combine multiple words into one long string of characters—instead of a password. The extra length of a passphrase makes it harder to crack.
- Password Managers: These programs store all of your passwords in one place, which is sometimes called a vault. Some programs can even make strong passwords for you and keep track of them all in one location, so then the only password or passphrase you have to remember is the one for your vault.
- Train Your Employees: You can’t expect a firewall and antivirus solution to keep you 100% secure. Nation-state hackers know that the user is the gap in a business’ cyber armor—that’s where they’re going to aim. That’s why cybersecurity awareness training is such a worthwhile investment. It turns your most dangerous weakness into a key strength. A security awareness training program helps your employees learn how to recognize and avoid being victimized by phishing emails and scam websites.
- Verify Your IT Company’s Security Capabilities: IT support and cybersecurity are not the same things. You may have an IT partner you’re happy with that is responsive and helpful, but that doesn’t mean they’re cybersecurity experts too. Make sure your IT company is secure and can keep you secure as well. Ask them the hard questions about how they secure their systems and yours before it’s too late.
Test Your Cincinnati Business’ Cybersecurity Before It’s Too Late
No matter how much you’ve invested in your cybersecurity, you can’t just assume it’s effective enough to protect you against cybercriminals, especially during the Russia-Ukraine war. A key best practice for cybersecurity is to regularly test your measures to make sure they hold up in the event of an attack, and to identify any unseen vulnerabilities that are putting you at risk.
The best way to do so is to have an expert third party (like 4BIS.COM) assess your cybersecurity for you. As a part of our cybersecurity services, we will take an unbiased look at your systems to determine where they may be vulnerable to external threats.
The key objective of this assessment is to find any vulnerabilities that can compromise the overall security, privacy, and operations of the network. Our team can comprehensively test and evaluate your IT network to provide you with a clear roadmap to leading-edge cybersecurity protocols.
You Don’t Have To Start From Scratch To Defend Your Cincinnati Business
Your cybersecurity posture doesn’t have to be something you figure out on your own. You should start following an accepted cybersecurity framework sooner rather than later. One potential framework to consider is NIST 800-171.
The National Institute of Standards and Technology (NIST) was founded in 1901 by Congress to remove obstacles in US manufacturing competition. It intersects with business cybersecurity when it comes to NIST Special Publication 800 – 171 “Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations.”
In 2016, NIST released NIST 800 – 171 to provide a cybersecurity framework that protects data not covered under a “Classified” label, but which still could prove dangerous for American interests should it be obtained by an adversary.
The minimum cybersecurity standards are described in NIST Special Publication 800-171 and broken down into fourteen areas:
- Access Control: You must limit system access to authorized users.
- Awareness & Training: You are required to promote awareness of the security risks associated with users’ activities, train them on applicable policies, standards and procedures, and ensure they are trained to carry out their duties.
- Audit & Accountability: You must create, protect, retain and review all system logs.
- Configuration Management: You are required to create baseline configurations and utilize change management processes.
- Identification & Authentication: You must authenticate information systems, users, and devices.
- Incident Response: You’re required to develop operations to prepare for, detect, analyze, contain, recover from, and respond to incidents.
- Maintenance: You must perform timely maintenance of your information systems.
- Media Protection: You must protect, sanitize and destroy media containing CUI.
- Personnel Security: You’re required to screen individuals before authorizing their access to information systems, and ensure these systems remain secure upon the termination or transfer of individuals.
- Physical Protection: You must limit physical access to and protect and monitor your physical facility and support infrastructure that houses your information systems.
- Risk Assessment: You are required to assess the operational risk associated with processing, storage, and transmission of CUI.
- Security Assessment: You must periodically assess, monitor and correct deficiencies and reduce or eliminate vulnerabilities in your organizational information systems.
- System & Communications Protections: You must monitor, control and protect data at the boundaries of your system, employ architectural designs, software development techniques and system engineering principles that promote effective information security.
- Protection System & Information Integrity: You’re required to identify, report and correct information and any flaws in your information in a timely manner. You must also protect your information systems from malicious code at appropriate locations, and monitor information security alerts and advisories so you can take appropriate actions.
By following this framework, you can mitigate a vast majority of the threats your business faces.
Don’t Let Russia Hackers Penetrate Your Cincinnati Business
Given how complicated cybersecurity is, the last thing a business owner should do is try to handle it independently, especially right now.
Unless you have the resources necessary to invest in proven cybersecurity expertise on your staff, you won’t be able to effectively defend business data from modern cybercrime methodologies.
We can help Cincinnati business leaders develop a resilient cybersecurity posture for their organizations. Get in touch with the 4BIS.COM team for support in improving cybersecurity.
4BIS.COM, Inc is a complete IT Support and Managed IT Services Provider, Computer Reseller, Network Integrator & IT Consultant located in Cincinnati, Ohio focusing on customer satisfaction and corporate productivity. Our mission is to develop long-term partnerships with our customers and ensure they stay up-to-date with the evolution of business processes and information technology.