The managers of large businesses are aware of the cybersecurity risks as they have an IT department with engineers who are managing cybersecurity and they plan a budget for the IT requirements to protect the business.
Small and medium businesses use outsourced IT services or use managed service providers. These providers are generally reactive rather than proactive and provide the services that the business owner requests. It is the responsibility of the business owner to be aware of the risks and ensure that the IT service provider delivers the business and technical solutions that will protect the business. The IT services provider must have staff who are skilled and qualified to work with cybersecurity issues. The business owner should be aware that a comprehensive cybersecurity plan has components that are not part of the IT service business deliverables, such as staff cybercrime awareness training. It would be wise for the business owner to seek the services of a cybersecurity provider who can deliver a comprehensive cybersecurity solution.
Lets start by answering some of the questions that business owners should be asking.
What do the cybercriminals want?
What do cybercriminals expect to get?
Who are the preferred victims of cybercriminals?
What should businesses do immediately after the business data is locked with ransomware?
What are the popular cyber attack methods?
What is the most frequently used method of a cyber attack?
What are the most important parts of a business cybersecurity protection plan?
The technology of computer networks can be confusing with many competing products available. The protection of the business data from cyber criminals adds more confusion, as there are competing cybersecurity technologies and products. Cybersecurity does not have one method of stopping cybercriminals; rather cybersecurity is a collection of methods, products and software that act together to protect different parts of the business network from attack. The most important cybersecurity attack prevention methods are listed below and described in detail. Each item in this list complements the other items and they are deployed collectively to provide strong cybersecurity protection.
The following sections elaborate each of these points in greater detail.
A business must establish a policy for the computers that are connected to the business network. The purpose of the policy is to minimize the risk of a user computer becoming infected with a Trojan virus. When a Trojan virus is installed on a user computer it will give the cybercriminal access to the computer and any other system on the network, without the computer user knowing that the cybercriminal is sharing the computer.
The four points of computer use policy described below are very important to minimize the possibility of a cyber attack.
Cybercriminals and security professionals are constantly finding weak points with software and hardware products that can be used as a method to attack the business network data. Cybercriminals call these weak points “exploits” because they can be exploited to gain access. All software manufacturers, like Microsoft, publish frequent updates with security patches that are designed to block access to the weak point that was discovered. Network equipment such as routers have firmware that also requires updates with security patches. Every business needs vigilant IT staff or IT service provider who can identify and install updates for each software and hardware product in the business network. If the patches are not installed then a cybercriminal will use one of the software or hardware weak points to gain access to the business data. Many software products like Windows can be configured to update automatically. Products like routers do not have automatic firmware updates. All businesses should contract a security expert who frequently updates software and firmware with security patches.
Many cybercriminals will try a direct attack to the business network using the public IP address. Most network routers are easily hacked because the firmware has not been updated and the exploits or firmware weaknesses are well known within the cybercriminal community. If the cybercriminal is able to pass the router then the next step is to attack the network server and install ransomware.
The installation of a firewall between the ISP router and the business network will block any attempt to access the network when the firewall is properly configured. It is necessary to have the firewall configured by an expert so that it is effective in blocking cybercriminals. Many different types of firewall are available, and they vary in features and performance. The business owner will need to guidance of a cybersecurity professional to select the correct firewall for the business.
It may be necessary to allow access from the Internet for some reason, such as staff connecting to the network remotely. In this case the firewall can open a specific encrypted port to allow remote access. All remote connections should be made using a VPN with strong encryption.
The next figure shows the installation of the firewall in the network.
The network data is at risk if users are able to connect any computer or mobile device to the network. Such devices might have been connected to the Internet at other locations and compromised with a Trojan virus. The business owner should ensure that only approved devices are connected to the network, and this should be a device that is never connected to other networks. Authentication can be done with the device MAC address, or for extra security verify other parameters, for example the MAC address plus OS type plus browser type. Some products require an encryption key to be installed in the device that will authenticate the device onto the network. Applying strict device access controls adds security to the network.
The next diagram illustrates device authentication using an end-point firewall product.
Small and medium business networks allow any user to connect and then have passwords for specific applications. Unfortunately this will not stop a cybercriminal who has planted a Trojan virus onto the user computer. Once the computer is connected to the network the criminal has free access to the server.
Large business networks such as those installed by banks and large e-commerce firms have end point-security, which authenticates users onto the network. Large businesses also install multi-factor-authentication (MFA), which requires a password plus a code. Password only network access is not effective as a security measure because a password can be stolen and used by the criminal to get access to the network data.
MFA combines something that the user knows (a password) with something that the user has (a mobile phone). The user enters the password then receives a one-time-password (OTP) text message on the mobile phone, which is usually a six-digit numerical code. The user then enters the OTP after the password to gain access to the network.
MFA is the single most effective measure to prevent cybercriminals getting access to the business network.
Device and user authentication to access the network is called zero-trust verification. No device or user is trusted until that device or user is authenticated, and the devices and users have to be authenticated each time that they connect to the network.
The access control rules that can be configured with the end-point security might include the following.
The next figure shows how the end-point security firewall is installed in the network. End-point security does not replace the Internet access firewall, it complements it to increase the security of the network.
Multi-factor-authentication can have several authentication steps. The popular implementation is 2-factor authentication, which combines a password with an OTP code. 2FA is a good deterrent; when most cyber-criminals see the network has 2FA they give up and move on to the next victim.
The steps for 2-factor authentication are shown in the next diagram.
“99.9% of user accounts that are compromised don’t have MFA authorized. Multi-factor authentication is one of the most basic defenses against identity attacks today.”Microsoft’s VP of identity security, Alex Weinert
Most successful cybercriminal attacks are made using phishing emails. These emails impersonate a legitimate business, such as a bank or a large company like Amazon, and include a link or an attachment that the person is urged to click immediately to solve some problem. Unfortunately when the link is clicked a Trojan virus is installed on the computer, which then gives the cyber criminal access to the network and business data.
Staff email addresses are easy to find. Many are published on company websites and the cybercriminal can also get email addresses from social media sites such as LinkedIn. The business has to implement three steps to prevent a phishing attack.
Access to personal emails can be blocked with the business Internet firewall or with the end-point security product.
The following diagram illustrates the network configuration with email server and website blocking.
Many businesses have staff that travel or work from home part time. The business therefore provides a remote access facility for staff to connect to business systems so that they can work remotely. The remote access port is one of the targets for cybercriminals who can use the port to get access to the network servers and to the business data.
The remote access port is opened in the Internet firewall however the port requires two security measures to ensure that cybercriminals do not get access.
With the zero-trust procedure, the remote user has to be authenticated each time that the user connects to the network.
The next diagram illustrates the remote access network configuration.
Many businesses provide a WiFi Internet service for guests and visitors.
The guest connects to one or more wireless access points that are connected to an ISP service, the business computers may be connected to the same ISP. A cybercriminal can connect to the guest WiFi and then get access the business network computers. The cybercriminal does not have to be physically present to access the business network. There is a probability that guest computers or mobile devices have a Trojan virus installed and so the cyber criminal is waiting for the user computer to connect to a network.
A firewall must be installed between the guest WiFi and the business network in order to block any attempt to access the business network.
If the business network has a point of sale (PoS) terminal then the card companies require that the PoS is isolated from any public access network. The merchant has to comply with the Payment Card Industry Data Security Standard (PCI DSS) and either connect the public WiFi to an ISP different from the business ISP, or else isolate the public network with a firewall.
Some Hotspot controllers that businesses can install to manage the guest WiFi also have a firewall that is compliant with PCI DSS.
Many data protection methods can be included in a network to minimize the probability of an attack, however it is impossible to prevent an attack from determined cybercriminals. The reason is that cyber criminals continuously develop and share new techniques of attack, and look for weaknesses in software such as Windows. When hackers find a weakness it might be a week before Microsoft issues an upgrade patch. Businesses that don’t install security patches are at risk from a successful attack. Cybercriminals work quickly to take advantage of any opportunity.
All businesses must have a recovery plan in case that a cyber attack is successful and the business data is locked with ransomware. The purpose of the recovery plan is to restore the business data after a ransomware attack and avoid paying the ransom. The recovery plan has the following steps.
The recovery process may take from a few hours to a few days depending on the configuration of the business IT systems. During this time the business may not be able to function. The business owner should request the IT service provider who is implementing the recovery to explain the occurrence to staff at the first opportunity and explain the recovery process.
It will be necessary for the IT service provider to review and update security procedures to prevent a similar occurrence.
The next diagram illustrates the offsite backup storage data connection.
Move application programs from servers within the business to a cloud storage vendor where possible. There are several popular cloud vendors that include Microsoft Azure and Amazon AWS. There are several advantages of having the applications software in the cloud, the important reasons are listed below.
Some popular software applications like QuickBooks have a cloud version and the transition from the desktop version to the cloud version may take less than 1 hour. Custom software applications developed for or by the business will require effort to migrate to a cloud service. The business owner should contract with a specialist service provider who has expertise with the chosen cloud service vendor and can provide references for successful software migration services.
The next diagram shows the network with cloud-based business applications.
End-point security firewall tools provide a means of monitoring all accesses to the business network, including both successful and failed access attempts. User access should require 2-factor authentication. It is important to monitor failed access attempts as this might be a cybercriminal attempting to access the network. It should be possible to alert the network administrator when a failed attempt to access the network occurs. The end-point security firewall should log all access to the network with a time and duration stamp, and provide a report on request. When the end-point security firewall has cloud management then the IT service provider can monitor and manage the business network remotely.
The next figure illustrates the use of an end-point security firewall to monitor access to the network.
One method of attacking the business network that cyber criminals may attempt is access to an IoT (Internet of Things) device that is connected to the network and has Internet access. IoT (Internet of things) is a broad category that includes all types of computer equipment that operates unattended. Often businesses are not aware that IoT equipment is communicating over the Internet and may provide a point of access for cybercriminals. A few types of Internet and network connected IoT devices are listed below.
IoT devices share some common characteristics.
Business owners should note that many business attacks are made via an attack to a supplier or customer of the business, and through the network connection are able to attack the owners business. Therefore an attack may be made following an attack to a supplier business that maintains the A/C service for example. Business owners may be surprised that an attack can be made via an A/C system, however many hotels and businesses have network connected A/C that permits an app to control the A/C and will switch off the A/C of a room that is not occupied.
The business owner should request the IT service provider to document IoT devices that are connected to the business network. This can be tracked through IP addresses of network-connected devices.
IoT devices should connect to the network through the end-point security firewall so that the IoT accesses are logged and the units can be monitored.
The connection of IoT devices to the business network is illustrated in the next figure.
There are several points that summarize this document:
Cybersecurity changes all the time to keep pace with the cyber criminals. Updating a business computer installation is an on-going process.
Readers are invited to share this information with others. If any reader has a question regarding this information please contact us via our contact page.
Protect your business from an expensive ransomware attack. Unfortunately ransomware attacks have become a ...
Cybercriminals are attacking business IT infrastructure to steal and sell information, and for extortion using ...
Authonet products protect your business against cyber attacks with a simple and affordable fully-managed system that shields the business data from criminals and provides fast threat alerts.