Usually summer means vacation and relaxation. But as we’ve seen in recent history, summer plans can be brutally disrupted when cyber threats strike. Just two years ago, the headquarters of A.P. Møller-Maersk, shipping conglomerate in Copenhagen, was virtually destroyed due to infectious malware called NotPetya. On the eve of a national holiday, employees were preparing for vacation and the company was preparing for a software reboot for 80,000 employees, when devices began falling victim to destructive malware in droves.
The silver lining is that many lessons were learned after this very costly cybersecurity attack. But each summer, the scars of what happened with NotPetya remind us to keep our systems in check. Developing and maintaining a security protection framework will allow you to control your environment and data even while you’re on vacation.
This framework can serve as a model to build a set of protections that will travel with your data no matter where it is located. Curious how to develop an effective cybersecurity protection framework? Here are three standards to live by this summer:
Out of Office: Educate Employees on Remote Policies
With employees out on PTO or working remotely, it’s important for them to follow safety guidelines when connecting to the network. Even if it’s just to check an email, make sure employees aren’t unknowingly creating entry points for potential threat actors by accessing your network or confidential files from public or unsecured WiFi networks.
Hardware encryption, remote wiping capabilities, GPS tracking, user management and travel protocol are just a few considerations to consider when developing a remote work policy. Another simple precaution is to encourage your employees to create a separate guest network at their home. For those neighborhood BBQs or summer kick-off parties, keeping your visitors on a guest network helps mitigate risks for your private network that may house confidential information.
Don’t Get Lax About Your System & Security Updates
Even if your employees forget to take these steps to avoid potential cybersecurity incidents, there are other ways to protect your organization. For instance, by making it a policy to validate every device and endpoint, unknown devices will be unable to access your organization’s network and cause harm. You can install security controls that are easy to manage and administer.
As was the case with A.P. Møller-Maersk, you may be planning a system update during the lull of summer. Though they encountered an unfortunate snag in their plan, you can learn from their mistakes and make sure your system is secure by keeping it up to date.
The reality is this: the breaches that make the headlines are more often due to failure to patch and update systems or follow basic security best practices than they are attributed to a new zero day exploit. For instance, Microsoft recently issued a patch to address a vulnerability in millions of devices with older versions of Windows and stressed that the flaw could be “wormable,” meaning it could spread without user interaction across the internet. Almost two months passed between the patch release for the EternalBlue vulnerability and when ransomware attacks began. Despite having nearly 60 days to patch their systems, many customers had not taken the necessary steps and fell victim to attacks. Bottom line: staying on top of updates will lower your risk for exploits.
Never Trust, Always Verify: Adopt a Zero Trust Model
In today’s cyber climate, it is critical to adopt a zero trust security model which follows a “never trust, always verify” policy. With network perimeters constantly shifting and new endpoints being introduced, you must assume all traffic is potential threat traffic until proven otherwise. Make this the new norm for your organization. Prioritize multi-factor authentication and implement identity-based access for all employees.
Informing employees on cybersecurity expectations, monitoring your network and always verifying traffic are three ways you can protect your organization from threat actors. And in the worst case scenario, detect an incident early, remediate it quickly and prevent future exploits from happening. And what better travel insurance for a relaxing vacation than a strong security framework? Read our ebook to learn more about building a zero trust security architecture.
TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE