Watch: Cybersecurity Hygiene: Strategies for Securing Your Business

Date February 23, 2022

Highlights of the February issue of the monthly HBK Risk advisory Services Webinar Series, February 23, 2022, hosted by Bill Heaven, CPA, CISA, CITP, CSCP, Senior Director IT Development


Changes to the IT Footprint: IT footprints have been changing due to:

  • COVID-19: people went from working in an office to working from home
  • Migration to the cloud: 88 percent of organizations use the cloud in some form or other
  • Work from home five days a week grew from 17 to 44 percent during 2020
  • Shadow IT: IT solutions that your IT group does not know about and you haven’t involved them in your IT decisions; people bringing solutions into your environment that haven’t been cleared through IT
  • Insider Threats:

  • Conscious: via attrition, people leaving your organization; disgruntled employees; people to be removed from access to systems as quickly as possible
  • Unconscious: social engineering, security awareness, mistakes like clicking on emails they shouldn’t
  • Security awareness training: 32 percent of breaches involve phishing; 85 percent of ransomware attacks use phishing to get in
  • Email is prime path for attackers sending malware; controversial subject lines like “stricter facemask policies beginning next week” will get employees to click on those links
  • Increased Credential Theft

  • Social engineering: access through user IDs and passwords; beyond email, also “vishing” via voicemail, and “smishing” via text messaging
  • Possible incursion by outside service personnel looking for employee passwords
  • Employees using weak passwords and repeating passwords
  • Infrastructure Oversights

  • Legacy applications left up and running, often because old data wasn’t yet moved to a new system, or data moved to the cloud with unremoved obsolete data
  • Misplaced authority/responsibilities: restrict admin access and assign responsibilities, like for patching when data is moved to the cloud
  • Preventing Business Interruption<

  • Business continuity or disaster recovery plan: 60 percent of small businesses go out of business after a cyber attack ; 67 percent of companies with less than 1,000 employees have experienced some form of cyber attack; 22 percent of businesses that are victims of ransomware have gone out of business
  • Backups: think of backups as a safety net
  • The Risks

    Changes to the IT Footprint

  • Increased size of IT footprint has made it more difficult to protect data: work from home and cloud; plus third-party access to the environment, and shadow IT
  • Strange work hours: work from home changes work hours from previous patterns
  • Hard to determine who’s accessing your network and when
  • Confusion on security responsibilities: understand who will be responsible for implementing security processes
  • Insider Threats

  • Espionage: people inside the company or have recently left; have to keep in touch with employees because they could be inclined to steal data or provide access; attackers hiring ex-employees enticing them with substantial offers
  • Increased Credential Theft

  • Colonial Pipeline initiation of breach was through ex-employee, using a weak password to get access; Colonial did not use multi-factor identification; should have at least two-factor identification to prevent easy access
  • Infrastructure Oversight

  • Legacy applications: hackers’ access to old data, so know which systems need to be de-commissioned
  • Limit number of admin rights to systems; hackers with admin can move laterally to broaden access and move around your systems
  • Responsibilities: 33 percent of breaches were the result of unpatched vulnerabilities

    Preventing Business Interruption

  • Big risk on backups: ransomware can get to your backups and ruin them; have to check regularly to ensure they are operating appropriately
  • Suggestions (best practices, controls, suggestions)

    Changes to the IT Footprint

  • Know where your data is stored: in the Cloud; any shadow IT?
  • Perform risk assessment on your vendors and their access to your data
  • Insider Threats

  • When employees leave, take away their system access ASAP, including remote access
  • Link identity access to your HR systems, so access rights are removed when an employee leaves
  • Monitor abnormal work hour traffic to gain baseline knowledge of patterns
  • Ensure you run regular vulnerability scans and patching is up to date
  • Increased Credential Threat

  • Do sample phishing campaigns to train employees not to click on suspect emails
  • Employ more complex passwords; hackers can crack any password; use password mangers; implement multi-factor or adaptive multi-factor identification Infrastructure oversights
  • Decommission software and know who has access
  • Ensure data is encrypted that is not coming through a legit path
  • Ensure vulnerabilities are addressed through patching: operations, applications, hardware, and firmware
  • Use complex passwords; get rid of built-in passwords
  • Keep track of number of privileged users
  • Preventing Business Interruption

  • Business continuity/incident reporting planning: have a continuity plan including communications, such as who is able to talk to media
  • Have a written, trusted, and updated continuity plan, and have multiple copies stored in various locations
  • Backups: hackers are finding backups and trashing the data; strategy include “3-2-1”: three copes of data, two on different media, one always off-site; air-gapping or offline is not connected to the internet
  • If you pay a ransom, understand how long it will take to get operational after you pay
  • Speak to one of our professionals about your organizational needs

    "*" indicates required fields needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.