Skip to Main Content Skip to Footer

Cyber Security:
The Ultimate Guide for Businesses

This easy-to-follow guide outlines current issues and provides actionable solutions to help you keep cyber criminals out of your business.

In this guide, you’ll learn about emerging cyber threats, prevention best practices, and how to react during a worst case scenario.

Let’s get started.
Physical and digital versions of Cyber Security The Ultimate Guide for Businesses
 

Cyber Security 101

What exactly is cyber security?

 

Cyber Security is an ongoing, multi-tiered process of shielding computer systems, people, networks, and software from cyber attacks.

 

Business cyber security is no longer an exclusive concern for IT staff. In the foreseeable future, cyber security crosses all boundaries within an organization: IT, financial, operations, HR, legal, and C-suite execs.
This guide will run through cyber security musts for your business to stay secure.

 
 

Types of cyber security

Cloud Security

Cloud security refers to the technologies, policies, controls, and services that protect cloud data, SaaS applications, and infrastructure from threats.

Network Firewall Security

Network firewalls are security devices used to stop or mitigate unauthorized access to private networks connected to the Internet.

Computer Endpoint Security

Endpoint security or endpoint protection is an approach to protecting computer networks remotely bridged to client devices.

Mobile Device Security

Cyber attacks using phones are on the rise. Compromised apps can trick you into assigning them admin privileges to grab login credentials, bank information, social media profiles, etc.

 

Helpful Terms You Should Know

Cyber security is top of mind for businesses in 2022. Engaging in necessary discussions with your staff, vendors, and service providers isn’t tricky if you have a solid working vocabulary.

As with any industry, the cyber world has its jargon—a framework of terms that outline problems and describe solutions.

First, the good

  • Cryptocurrency: Virtual or digital money. Bitcoin is the most recognizable, though there are dozens of others. It’s not inherently good or bad but is often associated with criminal payments because of its anonymity and lack of traceability.
  • Data Encryption: A positive, proactive action that businesses can take to render closely-held information unreadable by those attempting to steal that data. Once the data is encrypted, the bad guys may access it but can’t collect it in a readable format.
  • Vendor Risk Management (VRM): The process of measuring and mitigating the risk that your 3rd-party vendor relationships pose to your information, network, and organization.
  • Cyber Attribution: The process of tracking and identifying the perpetrator of a specific cyber attack. There are severe consequences for businesses regarding public relations, privacy, compliance, reputation, and finances.
  • Patching Cadence: Refers to how often an organization reviews systems, networks, and applications for updates to remediate security vulnerabilities.
  • Off-site Backups: Storage that is separate from your day-to-day systems used for saving critical business data. If you fall victim to an encryption ransomware event, viable cloud-based backups may be your only lifeline to regain control of your business operations.
  • Cyber Security as a Service (CSaaS): The average small- to mid-market business (SMB) doesn’t have the internal resources to battle cyber crime. You can now outsource cyber security to specialized IT services providers to stand watch with you.
  • Ransomware Incident Response Plan: A must-have in 2021 and beyond. Having a vetted plan in place before a breach occurs gives you the best shot at post-breach business continuity. Here’s a great way to get started on your business’ incident response plan.

Second, the bad

  • Monetization: In the cyber world, monetization is about cyber criminals’ creative ways to convert your stolen data into money.
  • Malware: Malicious software purposely designed to infiltrate computer systems. Virus, worm, and trojan horse are malware terms you may already know. This is different than ransomware.
  • Killware: A new kind of malware, different from other forms of malware in that the perpetrator(s) are not financially motivated but rather seem intent upon harming or killing people.
  • Vendor Email Compromise (VEC): An email cyber-attack strategy targeting companies doing business in today’s global supply chain management measured in the tens of billions of dollars a year and growing.
  • Vulnerability: A system or network that is more susceptible to attacks for one reason or another. Here’s a real world example from late 2020.
  • Exploit: Known software vulnerabilities that hackers continue to take advantage of to establish a toehold in your systems. Exploits are often associated with older software that no longer receives ongoing security update patches from the manufacturer.
  • Distributed Denial-of-Service (DDoS): An attack vector that generates an avalanche of traffic requests on websites to undermine them for a time. DDoS is not an easy cyber attack to monetize but can negatively affect any company’s online reputation. Recently a massive DDoS attack on 200 government websites shut down most of an entire country’s internet infrastructure. Make sure you follow our tips for improving your web security to avoid this happening to you).
  • Botnets: Automated networks of hijacked computers used to carry out various scams and cyber mischief.
  • Drive-by Download: The unintentional download of malware from a compromised website onto a computer or mobile device without a user’s knowledge or consent.
  • Social Engineering: A multi-level process of psychological manipulation by bad actors to trick users into making security blunders or giving away sensitive information. It’s a critical component of successful phishing attacks.
  • Shadow IT: Systems and applications that are used without explicit knowledge and permission by your IT department. Click here to view our Shadow IT infographic.

Third, the UGLY

  • Phishing: When a bad actor uses email, social media, or texting to impersonate a legitimate or trusted corporation that directs the recipient to take immediate action. This action would then give the “phisher” an access point to critical data or information. Variations include spear-phishing and whale fishing.
  • Data Breach: Refers to when cyber criminals steal confidential business data and personally identifiable information (PII) like medical records, social security numbers, birthdates, phone numbers, etc.
  • Data Exfiltration: The process of downloading monetizable data once a breach occurs. Most large ransomware attacks in 2021 involve data exfil.
  • File Encryption: The first phase of a ransomware event, rendering your computer files unusable, bringing business operations to a halt. By the time you recognize it’s happened, it’s too late.
  • WebShell: A script running on a web server that enables unauthorized remote admin access. It’s a platform often used for ongoing cyber attack schemes to delete backup volumes.
  • Exploit Kits: Pre-packaged collections of proven malware made available for purchase on the dark web. These are relatively inexpensive, all-in-one tools that make it super simple for entry-level hackers to use exploits without much technical knowledge.
  • Advanced Persistent Threat (APT): Established groups that receive guidance and overwatch support from nation-states like Iran, North Korea, the Russian government, and China. Cyber security leader, FireEye, tells us that while most cyber attacks are hit-and-run, APT attackers stalk their high-value targets over months, even years.
 

Examples of Cyber Attacks

All successful cyber security attacks share a common goal—a financial jackpot of ill-gotten gains.

Attackers want money. It can be cash deposited into a Bitcoin wallet. It could also be theft of customer data or proprietary business information converted to currency at sinister auction sites on the deep or dark web.

There’s been exponential growth in the number and sophistication of tools, tactics, and strategies for today’s cyber attacks.

The two primary attack vectors in 2021 are ransomware and phishing.

What is a phishing attack?

Phishing attacks use digital media—email, mobile SMS texts, even voice calls, and robocalls—to compromise business email systems to obtain confidential information. Attackers disguise these messages as coming from trustworthy entities like banks or package delivery tracking services from Amazon, FEDX, etc.

 

There is built-in urgency into the message designed to play on an individual’s financial or emotional well-being. These attacks trick unaware recipients into clicking on a fake link which launches the next phase of the attack campaign.

 

One particular scam involves displaying a warning that your company’s website is copyrighted material “owned by” the sender and they’re threatening legal action.

 

Targeted phishing campaigns

Phishing attacks, aka Business Email Compromise, have been evolving over the years, as well-financed criminal organizations are taking a more dominant role. The majority of pre-2020 attacks cast a wide net, using automated systems to send messages to millions of harvested email addresses.

 

Today we see a shift from an automated process to targeted, highly creative phishing attack strategies that use social engineering and psychological manipulation to land bigger fish and a monster payday.

 

Spear-Phishing Attacks

Spear-phishing targets a business’s department-level staff, often HR or Accounting. A typical payoff here is funds transfer fraud, tricking an employee into wiring money to a hijacked vendor bank account to the tune of millions.

 

Whale Phishing Attacks

Whale phishing points squarely at business owners and C-suite executives. These are longer-term scams that begin with deep research into an executive’s business and personal life.

 

Nothing in a CEO’s private world is sacred or off-limits: family, personal email accounts, social media profiles, pet names, religious practices, hobbies, doctors, home contractors, community interests, politics, golf handicap, charities, writing style—anything to glean enough information to impersonate an executive online successfully.

 

CEOs are very busy people and don’t want to spend extra time on complicated security practices. Without knowing, owners of small- to mid-market businesses can make significant cyber security mistakes. The good news is that these are preventable.

 

What is ransomware?

Ransomware is a form of targeted malware that downloads onto your system, quickly encrypting all files and any backups, rendering them unusable—scorched earth.

 

Ransomware is hugely lucrative because large corporations continue to pay exorbitant ransom demands, chalking it up as a “cost of doing business.”

 

The FBI says financial setbacks due to weak cyber security will reach $6 trillion by 2021.

 

Common types of ransomware

Systemic ransomware impacts multiple organizations in a single blast attack and usually doesn’t rely on hands-on action by threat actors. It’s highly automated malware with names like NotPetya or WannaCry. These scattershot attacks are typically broad in scope and geography.

 

Targeted ransomware focuses on individual organizations or entire industries. These attacks often involve data exfiltration of classified, personal information that the attacker threatens to release into the wild unless a company pays up. Stolen data can be auctioned off to the highest bidder, even if the company pays the initial ransom.

 

How does ransomware work?

An encryption ransomware attack happens to your business when a staff member clicks a bogus email link or visits a compromised website (ensure you have an SSL to help prevent this). In the blink of an eye, all files and data backups are encrypted and become unusable by you. Attackers demand a cash ransom to purchase a “decryption key” to restore the integrity of corrupted files and resume normal business operations.

 

Ransom demands vary, from a few hundred dollars to millions of dollars. Whatever the market will bear, payable in Bitcoin or other untraceable cryptocurrencies. Colonial Pipeline recently paid a roughly $5 million ransom to the DarkSide ransomware group.

 

If you don’t pay, the only other option would be to start from scratch and try to restore your entire technology infrastructure from off-site backups, assuming you have those. Even if you have viable cloud backups, it could take weeks or even months of business downtime to restore network servers and reimage all workstations.

 

How to Identify Risks and Respond

People’s actions are inherently unpredictable.

All cyber attacks have a human component—a person’s unfortunate decision to click a suspect link or open a document from an unknown person or organization.

We can’t predict individual cyber attacks any more than we can know in advance the exact epicenter and magnitude of earthquakes.

But as with earthquakes, we know that cyber attacks are a reality and prepare for them as best we can.

Identifying cyber security risks

Cyber crime activity is a moving target. Attackers change up attack patterns, tools, and tactics as the security industry catches up.  As a user of everyday technology, you unknowingly expose yourself to cyber security threats on a daily basis.

 

A pre-breach vulnerability assessment is one of the best tools businesses can use to solidify breach defense. Many legacy systems still in use today are no longer being patched for security flaws.

 

Phase one of a vulnerability assessment is a one-time, fixed-cost project with observations and recommendations for additional security measures to prevent or mitigate damage from an attack. As a follow-up, ongoing quarterly reassessments can help keep you ahead of shifting cyber attack strategies.

 

What is an incident response playbook?

A cyber security incident response playbook is a set of rules and actions for a planned systems recovery before a cyber attack cripples an organization. The first 24 – 48 hours is crunch time for any attack on your IT systems. Know what to do, when to do it, and who’s in charge of it.

 

Six stages of cyber security incident response

  1. 1. Preparation
  2. 2. Identification
  3. 3. Containment
  4. 4. Eradication
  5. 5. Recovery
  6. 6. Lessons Learned

 

Having these stages and assigned roles in place ahead of the attack can lessen the severity and improve the eventual outcome.

 

A ransomware attack happened. Now what?

Most likely, you’ll be dealing with career criminals looking for an easy score. These large groups are professional, well organized, well funded, and well versed in cyber operational security (OpSec).

 

Ransomware attackers research how much your business can reasonably afford to pay and whether you have cyber security insurance coverage to defray the ransom cost.

 

If you decide to pay, you’ll receive a decryption key to rescue your files. Instead, you might choose to restore your information systems from backups. Depending on the size of your IT infrastructure, that could take days, weeks, or even months of lost productivity.

 

See also, “Ransomware Wars: To Pay Or Not To Pay” for a detailed discussion of this very important topic.

 

When ransom attacks go wrong

Ransomware as a Service (RaaS) and the abundance of exploit kits available on the dark web has introduced a new layer of disarray into an already chaotic situation. 2021’s cyber attack landscape is like the wild west, and standard “rules” no longer apply.

 

Even if your organization agrees to pay the ransom, newbie hackers with eyes on a big payoff can complicate the process in many ways. Some, fearing law enforcement, get cold feet and break contact completely.

 

These types often re-negotiate the ransom amount or demand payment in an obscure cryptocurrency—not the standard BitCoin. This back-and-forth can significantly increase lost productivity.

 

Paying the ransom doesn’t guarantee that your files will decrypt correctly. New for 2021, many criminal syndicates offer “helpful customer service” to help with decryption efforts.

 

Double-extortion ransomware

Some companies choose not to pay for a decryption key if they know they can restore systems from backups quickly. Attackers employ double-extortion to increase the likelihood of getting paid.

 

They download sensitive information from the victim’s systems in advance of encrypting their files—intellectual property, customer information, financials, and the like.

 

The threat actor can now make an additional ransom demand to prevent broadcasting sensitive data to the public. More and more often, attackers are seeking payment before agreeing to show what data they exfiltrated.

 

How to Prevent a Cyber Attack

Realistically, it’s almost impossible to 100% prevent a devastating cyber attack from happening—but there are best practices you can put in place to reduce your risk so that a data breach event in your organization wouldn’t be catastrophic.

We put together ten proactive steps you can take now to bulk up your security posture and protect against all forms of cyber attack.

security shield icon

Identifying cyber security risks

    1. 1. Create a written plan.It seems obvious, but most SMBs don’t have a fully-vetted incident response playbook. Know how to respond to a breach event before it happens. Write it down.

 

    1. 2. Lock down your remote connections.Many pandemic work-from-anywhere employees still need to connect with brick-and-mortar office resources. Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) connections hold the number one and number two positions on the list of exploitable entry points.

 

    1. 3. Enforce basic cyber hygiene. Use proven solutions such as multi-factor authentication (MFA) and a passphrase manager. These simple and effective cyber security solutions have been available for years, and in 2021 there’s no good reason to ignore them.
    2. 4. Implement endpoint security with DNS filtering. All user devices like workstations and laptops must have next-gen antivirus and anti-malware installed. Restrict access to known malware sites. These tools don’t protect against every cyber attack but will stop some.

 

    1. 5. Maintain offsite backups.If your files get encrypted in a ransomware attack, viable backups separated from your IT systems may be the only way to recover, even if you agree to pay the ransom.

 

    1. 6. Keep your data encrypted, both at rest and in transit. If attackers steal your data, it will be unreadable, and they can’t use it against you. Your email can also be encrypted. Here’s a list of top secure email services for 2021.

 

    1. 7. Keep ALL system software up-to-date.Regularly patched software offers fewer vulnerabilities to exploit. Software developers make frequent security updates to their products, and so should you.

 

    1. 8. Never use personal computers in a WFH environment.Businesses that plan to continue remote work operations after the pandemic must provide a separate, secure business workstation or laptop.

      You’ll inevitably need video conferencing and you need to make sure you’re safe about it.

    1. 9. Get rid of shadow IT. It’s not OK to use rogue software that isn’t part of your organization’s cyber security-approved list. Don’t install software or give it administrative privileges unless you know precisely what it is, what it does, and who has access to it.

 

  1. 10. Provide employees regular cyber security awareness training. People present the most significant challenge to an organization’s cyber readiness. Take advantage of low-cost, web-based training programs. Knowledge is power!
 

The Future of Cyber Security

Will cyber attacks ever die?

Not anytime soon—but there are hopeful signs. The recent ransomware attack against Colonial Pipeline, a jugular of US energy infrastructure, appears to have crossed a line.

 

According to the responsible party, criminal syndicate DarkSide, the attack was strictly money-motivated. Yet, the real-world blowback came in the form of millions of dry fuel tanks and a spike in energy costs across the board. That single episode demonstrates our society’s vulnerability to cyber terrorism.

 

Seemingly on the heels of that event, the White House responded with an executive order calling for “bold changes” and “significant investments” to a nation’s cyber security posture.

 

The May 12, 2021, Executive Order on Improving the Nation’s Cybersecurity is a long-overdue wakeup call and begins:

 

“The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.

 
The White House document continues on to define its role in the context of non-stop attacks on our business and technology infrastructure:

 

“The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors.”

 
This marks a significant turning point in US policy toward combating international cyber crime.

 

What is the future of cyber warfare?

To end phishing and runaway ransomware attacks (in an ideal world), we, as an international society, would need to find a way to accomplish some or all of these ideals:
  • Make cyber attacks more difficult to carry out. Enforce adoption of solutions like multi-factor authentication, data encryption, and Zero Trust Architecture.
  • Make ransomware attacks unprofitable. As it becomes more costly for criminal organizations to exploit a shrinking pool of vulnerable targets, we’ll reach a tipping point where those organizations will evolve and move on to other, more profitable crimes.
  • Reliably trace cyber attribution. Accurate determination of which threat actors are held accountable for each attack would be a significant step toward criminal prosecution.
  • Make it easier to punish cybercrime. Cyber attacks thrive in the darkness and anonymity afforded by nation-states, international treaties, cryptocurrency, and the Dark Web.
  • Encourage businesses not to pay ransom demands. Paying or not paying is a much-debated question in banking and insurance circles, and raises more questions. What are the roles of Organized Crime, terrorist groups, and money laundering? How do OFAC restrictions affect ransom payments?

What’s next?

 

Until we make measurable progress toward achieving these ideals, each year will continue to bring record losses.
As for your business, you can take action today.

 

What do you plan on doing to improve your security posture this year?

 

Hopefully this guide has provided you with enough direction to begin implementing a robust cyber security plan and the confidence to promote security awareness within your company.

Why blocks? Click to find out!

Let’s build something great together.

Contact us