cybersecurity · Malware · Ransomeware

Malware & Ransomware: SMB Best Practices

petya1-768x426[1]

In the wake of the past several weeks of broad and damaging cyber-attacks, it’s important that we talk about proactive measures the small and medium organizations should consider to protect your environment. Many of my colleagues have articulated the damage and origins of the recent attacks: WannaCry & Petya. I find these insights extremely valuable to understand the root and attributions of the malware itself. These publicized reports provide all sized organizations context to the magnitude of the current and future damages these organized type attacks can deliver.
The small and medium business sector has the largest threat landscape for cyber-attacks. The potential damages to the hundreds of thousands of businesses in the USA is an alarming statistic. The questions that consistently are asked by the small and medium business is; what should I do to protect my company? And, how can I afford the equipment, software and human resources required to truly become cyber prepared? Good news! There are options and practical real-world solutions available.
Many smaller organizations don’t have the internal resources to research both the industry standards and proprietary models to understand what is the best cybersecurity approach. A best practice is to use a methodical standards-based approach to build cyber awareness, develop a plan to improve and implement a proactive monitoring solution as an appropriate start to cyber preparedness. Noted below are strategic and tactical plans the small and medium businesses should implement immediately.

Strategic recommendations:

  • Cybersecurity assessment – understand your current posture to identify vulnerabilities
  • Gap analysis – a comprehensive view of what needs improvement
  • Plan of Action – a detailed, real-world and affordable improvement plan
  • Continuous monitoring – become a proactive cyber aware company to know when changes occur

Tactical recommendations for WannaCry & Petya variants:

  • Ensure systems are patched and all antivirus programs are up to date
  • Implement and determine if backup systems are effectively configured
  • Restore only backups that have been securely managed
  • Isolate any unpatched systems
  • Monitor all networks and device connectivity

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s