These days most corporate networks are directly connected to the internet or exposed to computers that have been. It is commonplace for remote users to VPN in to the corporate network, effectively connecting a remote computer into the internal corporate network. Similarly, users take laptops offsite and connect them to unsecured networks and then bring them back to the corporate network. I won’t even start on BYOD. Let’s face it, the modern corporate network is exposed and difficult to secure. Cyberattacks are on the rise, and can lead to data loss and in extreme cases can cause unrectifiable damage to a business, leading to closure or bankruptcy.
Code Spaces is a hosting company that was recently a victim of cyber-ransom. Code Spaces was utilising Amazon Web Services (AWS) to host client services. On 17 June a hacker accessed Code Spaces’ Amazon EC2 control panel and demanded payment to cease the attack. Code Spaces did regain access but not before the hacker had deleted most of their data and backups. This very quickly put them out of business, and we can only imagine the impact to their customers who lost data.
Cryptolocker ransomware is another cyberattack that is currently active and impacting businesses. This is a piece of malware that once executed on a computer will encrypt local files and those on mapped network shares (eg, a company’s file server). The entry point is commonly an internet-connected PC, where the logged on user has unknowingly downloaded it from a malicious website. Once the files are encrypted there is no way to decrypt then without paying a ransom to the attacker, even then there is no guarantee the attacker will send you the decryption keys. Most companies resort to recovering from backups with basic anti-virus protection, sometimes not detecting the malware before it has encrypted critical files. This is just one piece of malware. When is the next variant or big attack coming?How do you protect your company and minimise the risk of attack? It’s not rocket science but does require work and the adoption of policies and the following of processes. There are many security best practices that reduce your attack surface and greatly minimise risk. As a start you should review user accounts, systems and points of entry to the network.Let’s get back to basics:
- Account management: Are policies in place and are they followed? These include disabling accounts of ex-employees, forcing complex password, forcing regular password changes, minimising account privileges. Do you provide the lowest level of privileges required for someone to do their job?
- Remote access: Who has it? What can they access? Do remote users need a token or some second factor of authentication? Can the Domain Administrator log in to the network from any remote location with just the password?
- Servers/PCs/network devices: Are they patched for security vulnerabilities and do they have malware protection? Can users (perhaps maliciously) install any application on a company PC. Are there any restrictions?
- Monitoring: If the network was breached would you have any way of knowing? How would you track down the source of a breach?
It is important to have regular network security reviews. These give you a snapshot of where you are at, and recommendations on how to move to a more secure position.
As it stands today, how secure is your network? You can read more about Professional Advantage and infrastructure optimisation here.
