How to Prepare for a Cybersecurity Incident

A recent report by research firm, CyberEdge Group, found that 85.7% of Canadian organizations experienced at least one cyberattack within a 12-month period in 2021. The reality of this statistic is that for most organizations, no matter their size, it is only a matter of time before an incident impacts their business. The best strategy to have, as an organization, is to be prepared for an incident.   

As IT Service Providers, here are some of the areas that MicroAge recommends our clients implement to prepare their organization for defence against cybersecurity attacks. 

1. Patching

Having a consistent and effective patching process is an important part of mitigating the risk of a cyber-incident. Patching remediates vulnerabilities in operating systems and applications. Additionally, organizations should be aware that older technology may be a security risk when it is no longer supported by the developer or manufacturer. Since the technology is no longer supported, no patches to remediate any bugs or vulnerabilities are released. Bad actors will find and exploit these open doors.   

2. Configuration and Management

Many of the attacks that have taken place in the recent past have been the result of misconfigured firewalls or mismanagement of the technology on a network’s edge. It is important to ensure that organizations have the right technology that is properly configured, monitored, and managed to ensure that they continue to be updated, properly configured and secure.  

3. Protect Email

Phishing is still one of the leading causes of system breaches. Ensuring that the right technology such as, email spam and malware filtering, blocking of nefarious websites, employee cyber awareness training and testing programs as well as other solutions and services, are put in place as they are crucial to the security of organizations.  

4. Endpoint Protection and Monitoring

It is important to have an endpoint protection and response solution to watch for abnormal behaviours and responding to events. Just as important is monitoring the endpoints to make sure that malicious events are taken care of quickly and effectively.

5. Website Usage

As pointed out earlier, a solution is needed to block nefarious websites as well as websites that are known to be infectious such as gambling or adult entertainment sites. However, extending that to putting in policies internally so that local administration accounts cannot surf the internet in addition to good patching hygiene must also be put in place. 

6. Password Policies

Requiring complex and minimum length passwords is important to a good password management policy but remember that as the sophistication of bad actors increases, these requirements change. Staying up to date on these requirements is important. You can also invest in a secure password management solution. Adding multifactor authentication (MFA), and least privilege solutions and policies make it even harder for cybercriminals to gain access to systems and applications. All these policies and solutions must also apply to any remote desktops (RDP) or virtual desktops. Do not leave them vulnerable.  

7. Restrict Traffic

Do not allow unrestricted traffic through your virtual private network (VPN). It is very dangerous and a big security risk to have VPN accesses without multifactor authentication, access controls, segmentation of the VPN and zero trust policies. 

8. Segmentation

Whenever and wherever possible segment networks, specific machines, and processes to protect your environment and avoid widespread infection to critical systems, applications, and processes.  

9. Limit what your own people can do

If your internal people are given accesses to all of your systems, then, if a cybercriminal gains control of their account, they will have access to all of your environment and can cause widespread damage. Limiting accesses internally can limit the damage done by cybercriminals.  

These are but a few of the tips to ensure your business minimize the risks of a cyber incident. There are other services, solutions, and policies such as documentation and log preservation, that can help in preparing for an incident.

Call MicroAge today to learn more about how we can help you.