The Five Things Your Must Do To Protect Your Business From Cyber Attacks

DAVIN: I am, thank you so much, Kindsey. We’re coming up on 2:01. I know some more people are flooding in, but we have a lot to talk about, and I’m really excited to talk about the 5 things you must do to protect your business from cyberattacks here in 2022 and going forward.

This is a deeper dive series. This is our last episode. To everyone who’s seen all the other episodes the past few weeks, I appreciate you coming. I hope you’ve been able to learn a lot. Today’s episode is basically a blueprint: 5 things, exactly what you need to do to protect your organization.

Before we start, I did learn a new word today, and that is infotaining. This webinar, I am going to try to make it as infotaining as possible, which means I’m going to deliver some valuable information, tell you exactly what you need, but hopefully it’s entertaining and we have a good time.

First, we’ll start with only one question today, but just for my curiosity: What do you currently have in place to protect your business, your organization, your law firms, from cyberattacks? There’s a few tools listed, but I’d love to see if you have some, none. Don’t be afraid to answer. Your name won’t pop up or anything. Just for my curiosity.

There’s a few answering. 64% have antivirus. 27% have EDR. If you don’t know what EDR is, we’re going to talk about that today. Skilled security team, 45%. I am very intrigued by that. Interested to see what you consider a skilled security team. Password management. Backups, of course, yes, very important. We did a webinar last week on backups. If you missed that, you can go back and see that. Awesome. None of the above, 9%. Well, today hopefully you’ll know exactly what you need regarding securing your organization, but overall when we do this deeper dive again down the road, hopefully you’ll be able to answer that with “All of the above.”

What are we here for? We’re here for the 5 key things you need to protect your organization. What you see here is a letter from Anne Neuberger. Who is that? She’s currently the acting National Security Advisor. Basically, she works in the White House and advises the president on all things cyber. With everything going on in the world, cyber and cyberattacks and cybersecurity has been a huge topic. So she has been very, very busy. You may have seen her on TV a few times. Anne is a very smart lady, a very smart individual.

What you see here is basically in 2021, President Biden issued an executive order to all federal agencies telling them, “You need to do this by this date” and all kinds of deadlines. It really was about a 30- to 40-page book – you could call it a book – telling these federal agencies what they need to do. Ms. Neuberger narrowed it down to about three to four pages, and she directed it to CEOs, business owners, lawyers, critical infrastructure organizations, with the subject – you can see it in there – it’s very simple: “What we urge you to do to protect from the threat of ransomware.”

We narrowed it down to the 5 key practices. The reason this letter is important is because the White House isn’t saying, “We’ve got this cybersecurity, we’re going to take care of it for y’all, don’t worry.” They’re recognizing that it is everyone’s responsibility to secure your organization – not only your organization, but to take care of your clients, their valuable information; from a medical standpoint, you have all kinds of confidential information regarding your clients and your employees and your patients. So it’s your responsibility to protect that information and protect your organization.

The timing of this letter was important, last year, June 2021, because the increase in cyberattacks has been dramatic. It’s been exploding. It’s not just the past year, the past couple years; it’s been growing exponentially the past five years. Cybersecurity is extremely important here in 2022. Just in 2021, attacks rose – insane. You could probably go down the street and find someone that experienced a cyberattack. With the increase of attacks, security is important, so we have the 5 best practices, the 5 things you need to do to secure your organization, to have the best foot forward to combat a cyberattack.

You see deploy EDR (endpoint detect and response); use MFA (multi-factor authentication); storage encryption; new threat info; and a skilled security team. We’re going to deeper dive into every single one of these, but if you have a notebook, real quick, note these down so you can go back to your skilled security team. Or if you’re looking for a skilled security team such as us at IronTech, you have this list like “I need these 5 things,” and they should be able to give you them.

But first, what is an EDR? What do you mean by “deploy EDR”? This is one of the most important security controls, security tools that you can have within your organization. EDR stands for endpoint detect and response. Basically, it is the substitute, the bigger and better version of an antivirus. We’ve been relying on antiviruses for years. That’s all we’ve known. They say you need it? “Okay, let’s go get Norton, let’s go get McAfee, I’ll be fine.”

Well, the ways to protect our businesses, the ways to protect our servers, our workstations, our laptops, antivirus is old. I’ll break it down real quick. How antivirus works is it utilizes known virus signatures. It’s looking for already known threats. For it to be known, the threats have to be about three to six months old, and they’ve had to have successful attacks, been whitelisted, shared across antiviruses, and now they’re looking for that known threat.

We don’t need something that can monitor and detect something three to six months old. We need something to stop and detect threats in real time. So that’s where the EDR comes in. That’s where we found a replacement. The way EDR works, it is behavior-based. It uses AI and machine learning, and it monitors the behavior of your workstation, of the user. For example, we’ll briefly walk through a ransomware storyline.

A user gets an email and it has a file attachment. Maybe it’s a Word doc. You click on the email, and the EDR is continuously monitoring that computer activity, but it doesn’t see anything malicious or out of the ordinary, like an anomaly or something. Everything seems normal. You click on the email and it’s a phishing email. You don’t know because you haven’t had continuous cybersecurity training – which we’ll get to – you open the Word doc, and the activity behind that, there’s specific activity that’s supposed to happen every single time you open a Word document.

The EDR sees the specific activity happening, but then you click on that Word document and it tries to open a file in the background. From the user’s standpoint, you wouldn’t see that. You’re just going about your business. But the EDR sees that as activity that shouldn’t happen. It’s anomalous, it’s out of the blue. That’s not normal. So it stops the activity, isolates that possible threat while you’re still continuing to work – not slowing you down. But then it’s able to freeze that process, analyze it, and if it is a threat, kill it and get rid of it immediately. As well as that’s when you have a team behind the whole process that can find out exactly what happened, how it happened, and make sure it doesn’t happen again.

An amazing tool, can do crazy things, but that’s just the bare minimum. That’s one thing that you need. What’s special about the EDR is it doesn’t rely on virus signatures. Not all ransomware has virus signatures. That’s where that behavior-based technology comes in. It’s able to moitor and stop threats in real time, which is what you have to have now. It’s the bare minimum.

And what you should expect from an EDR is you should only expect the best of breed, the best of the best technology security tools out there. Real quick, the EDR that we use – I don’t give the name out for security purposes, but on April 1st, actually, last Friday, out of 30 other EDR vendors, they put together a whole test; they make amazing controlled cyberattacks, and they test them on the EDRs. The EDR that we use achieved 100% prevention, 100% detection, the highest analytical coverage, 108 out of 109, zero detection delays, and it really demonstrated its ability to stop the most sophisticated threat actors they could come out with.

So when you go to your security team or you come to us at IronTech and you say, “I need an EDR; I want the best of the best,” when you come to us, that’s what you’re going to get: the best security tool in the world possible for your single law firm, your 10-workstation dental office, your water association out in Kansas. All businesses, small to medium to large size, are going to get the best of the best security tools and the best of the best EDR when you’re working with IronTech Security.

The next is use MFA (multi-factor authentication). You’re probably seeing this everywhere, and we advise using it everywhere you can. Multi-factor authentication is that third party authentication. You have your specific username, you have your password that hopefully is 10 to 15 characters or more long. We’ve done a webinar on good password policies and the importance of password management and strong pass phrases. If you have a username and password, the next step is having MFA set up.

For us personally, for any of our clients, if you have remote access to anything, then MFA is required. There’s no ifs, ands, or buts. It needs to be done because say you have your username and you have a simple password, or even you have a good password but it’s been compromised. You have remote access and you remote into your desktop at the office, which has access to everything. If those credentials are compromised and the cyber attacker has your login and password, they’re able to remote into your desktop with your credentials, and they have the keys to the kingdom. They’re able to access everything. And that’s a hard cyberattack to stop if they look like you, if we think it’s you.

That’s where the MFA comes in. They have your username, they have your password, they try to log in – well, oh crap, MFA pops up. They need an 8-digit code. What they’ll have to do next is reach in my pocket. Without me knowing, they’re going to have to reach in my pocket and grab my phone and get that 4-digit code to log in to your server, to your workstation, whatever they’re trying to access. It’s that extra layer of security that’s needed and that’s essential.

It also helps with human error. Of course, phishing emails, we deal with them every single day. If you have training in place, that’s a good way to combat that. But sometimes human error is inevitable. MFA helps with that. Say you run into a phishing email that asks for your credentials. You’re having an off day, you just type them in, and now they try to log in to something that those credentials are used for. Maybe Facebook. If you have MFA set up, when they try to log in, you’ll get a notification. One, you’ll be aware that you didn’t log in, so something’s going on. That MFA is keeping them from accessing whatever it is they’re trying to.

So MFA, an amazing tool. If you have remote access to anything, any workers remote from home or remoting into a server, MFA should be a necessity, bottom line.

Next is use encryption. Turn on disk encryption and make sure it’s required for all portable devices. Encryption is, for lack of better words, jumbling up all the information you have so if it is hacked or breached, when they access that data, basically it doesn’t make sense to them. They don’t have that decryption key to decrypt the information and make sense out of it. Basically, if they have access to your laptop, or say you threw away your old server – you were using it to the end of its life, trying to get as much out of it as possible, which happens, and that’s okay, and then you throw it away – well, data stays on that hard drive a little bit longer than you’d expect. So a way that some cybercriminals make money is they’ll take those old devices, take those old hard drives, and get the information from them and sell them on the black market.

Of course, if there’s encryption in place, the information is useless. But if not, now your confidential information that you expected was thrown away and useless, now money’s being made off of it, just because a simple step of turning on encryption was ignored.

It overall decreases those attack vectors. It adds that layer of security. When we talk about layers of security, you can think of an onion. An onion has layers; there are more layers of security that you have to go through to have a successful attack. So if one layer fails, you have another security layer right behind it to stop that attack. Encryption is that extra layer decreasing those attack vectors, making the information useless if something does happen.

Next, you have continuous defensive improvements. This is extremely important, and this is also where that infosec team comes in. You have to understand how threats are changing, where they’re coming from, and adapt with them. Cyberthreats are changing every single day. As you’ve seen, we’re changing as well; we had antivirus, now we’re going to EDR. We have to adapt with the changes with the different attacks.

But you also have to think about these cyberthreats aren’t going away. They’re only going to continue getting better and better, so you have to adjust your defense as needed, as you have to. I like to think of it like this. I’m a sports guy. I love football, but it really can go for any sport. Think of a head coach as your infosec team. A head coach is trying to win the football game. You hear a lot “defense wins championships,” so we’ll think of it this way. First half of the game, going back and forth; the offense you’re playing against is throwing things at you that you’ve never seen before. You have to make quick adjustments.

At halftime, you evaluate, you analyze, and you make the necessary defensive adjustments to keep them out of the endzone, to keep them from scoring, because you don’t score, you don’t win. At the end, the defense adjustments that you make, the security changes that you make to defend your organization to keep a successful ransomware attack from happening, affecting your organization, are critical to overall protecting your business, protecting your clients, protecting your employees.

Not everything is going to be the same bottom line for every organization. You have to make adjustments. That’s where the security team comes in, and that’s where those improvements – not just adjustments, those defensive improvements – are critical.

When you talk about updates and security patches, those are very important subjects that, from an IT perspective, may just be ignored or skipped. When I say that, there is a difference between IT and infosec. They have different objectives. IT is about production, keeping everything running, and infosec is a security-first organization. They’re always thinking about security first. Security over convenience. When you think about installing security patches, from an IT perspective, they may assume “This update could be a little buggy, so it might slow some things down; we’ll get back to it later when the bugs are fixed.”

Well, from an information security standpoint, those updates could contain security patches that are critical to whatever software you’re using or critical to your operations. Infosec, of course, have studied the update; they understand what bugs to expect and prepare accordingly for that. But no matter what, they do not put convenience over security because one simple ransomware attack can put you out of business. We’d prefer not to take that chance and have the preventative measures, those defensive controls, put in place and updated to make sure nothing slips through. There’s no gaps in our security.

Talking about intel, there’s a bunch of different resources that you can utilize. There’s CISA, FBI, Dark Reading, as well as us. You can go to our website; we have great resources that can keep you up to date with what’s going on, new threat actors, new defense methods, things like that. A great resource if you’re interested in some of that extra intel, that extra information.

Next, I said EDR is the most important, but this is number one because if you get a skilled security team, then you’re going to get the EDR. A skilled security team, a team of information security specialists, or an MSSP, is vital for all of this to make sure your business has a security posture that it needs to be at. By utilizing a skilled security team, an MSSP – and when I say MSSP, that stands for managed security service provider. You may hear MSSP, MSP, managed service provider, like a managed IT organization, but that’s what that means.

A skilled security team is vital because these 5 things, like I said, you should expect from your security team. If you simply have a team of infosec specialists, all 5 of these things are included no matter what. This is what they’re doing, this is what they should be doing.

A skilled security team keeps up with changes in geopolitical dynamics. At the beginning of the year, no one planned for the event overseas that’s currently going on. When that did happen, we had to make certain adjustments because Russia is known for ransomware attacks, and they have insane cybercriminals and cyber teams. So we had to prepare for an influx of activity from that region of the world. We prepared correctly; the activity and attempted attacks increased just like we had planned for. By us keeping up with those changes in geopolitical dynamics, we were prepared.

Like I said, also those continuous defensive improvements – this is what we do here at IronTech Security. This is what your team of information security specialists does day in and day out. This is their profession. They’re the best. You should expect the best of the best out of your infosec team because they know the new threat technologies such as the EDR that we use. We know it’s number one in the world, so that’s why we use it because that’s what our clients should get. We should not settle, because of costs or anything, for a second best or a third best.

It only takes one cyberattack or one ransomware attack to not only put your organization out of business, ruin your reputation, affect your clients, their safety is at risk – so a skilled security team, by only accepting the best of the best, is keeping all of that in mind to protect everyone.

What comes with a skilled security team is that 24/7 monitoring, investigating, responding, orchestration. When I say orchestration, the way we approach a new IronTech client is, one, you have to understand the scenario that you’re going in, what you’re actually protecting, what needs to be protected. Find your vulnerabilities. Then, once you understand what’s going on – the review of the story, basically – you can plan and orchestrate to put controls in place to fill those security gaps that your organization may have. Understand that, “Okay, we can only have three days of downtime if everything goes wrong.” Well, you need a specific backup in place to allow that. Or “If that does happen, we need to have a backup server in place to get things up and running as soon as possible.”

If it’s vital to your operations, to your clients, you need to, one, understand exactly what you have, what you don’t have, what you’re protecting, and then develop a plan to address all of those. And that’s what your skilled security team will do for you.

Overall, a skilled security team of infosec specialists, IronTech Security is needed because information security is not do it yourself anymore. You need professionals. You need a team behind you to, one, help you sleep better at night because this is something serious. You’re seeing that all over the world, all different organizations – small, medium, and large. Cyber attackers don’t just pinpoint one small organization in Missouri. No, they’re shooting their attacks, those phishing emails, out in hundreds of thousands, reaching for everyone and anyone that will bite. So it’s not a sniper shot; it’s like a shotgun blast. They’re going for anyone and everybody. Cybersecurity is serious, so you need someone serious behind you, partnering with you, to make sure you have everything in place that you need.

Some other recommendations – those are the top 5, of course. Some other recommendations to think about and consider depending on how your organization operates.

One is company-owned equipment for remote access, so basically keeping it separate between personal equipment for work and company-owned equipment for work. Of course, when you’re using company-owned equipment, your security tools are on that and it’s a controlled environment. But when you mix a personal device into that environment, onto your network or remoting in to something, we don’t have our security controls on there. So now, any active threats or malware that’s on that workstation can either overflow into your network or access your server or wherever you’re remoting in. It’s just not a controlled environment, and with an uncontrolled environment comes risk. So there’s some recommendations you can consider depending on how your organization operates.

Of course, password manager. Real quick, password vaults and password managers are extremely important. The health and strength of your credentials are extremely important. We believe in zero trust, so that means not one person should have access to everything because if you are in that situation and your credentials can access anything and everything on your network, in your business, then if those become compromised, they have the keys to the kingdom. They can do whatever at will.

So a password manager helps with, one, the strength of your passwords. It can create them for you; you don’t have to memorize it. It comes with autofill. But it also can show you your overall password security strength, which I think is amazing. You hop on, you might start at 15% security strength, and then by the end of the week you’re at 90% because you changed your passwords and might’ve moved to pass phrases. There’s a whole lot of different things you can do. But a password manager helps you make sure your credentials are to the security level they need to be.

Managed and secure website. This is another attack vector for malware and different types of cyberattacks.

Continuous security awareness training – extremely important because your employees, that’s your first line of defense. Phishing emails, sharing passwords, weak credentials all start with your employees. Human error. Like I said, human error is inevitable. It just happens. We could be tired, having an off day, don’t even think about it, click on a link, and now your business is at risk. It’s not their fault, but there’s something you can do about it. Train your employees. It says “continuous.” Threats change, so the training will change and adapt as well. But you need to equip your first line of defense, your employees, with the proper tools and training so that they can keep the company’s best interest in mind when going about their operations and not fall victim to a cyberattack.

The last one is setting the tone at the top – creating a security-first culture, starting from the CEO all the way down to the bottom or from the owner all the way down to the bottom. Everyone has to keep cybersecurity in mind, in the front of their heads. You deal with it and you interact with cyberattacks, cybersecurity, every single day, and like Anne Neuberger said, it’s not just the White House’s objective. It’s not just their responsibility. It’s not just IT’s responsibility. It’s not just the infosec team’s responsibility. Well, that is their main responsibility, but it’s everyone’s.

So by creating that cybersecurity-first culture, it adds that extra layer of security that you need. It’s putting the responsibility, sharing the responsibility, across the whole organization, as it should be.

Right at the bottom, you see a quick link. Kindsey will throw that into the chat box. This is just signing up for threat intel. It’s not any marketing emails or a marketing list. It’s just keeping you up with day-to-day threats and what’s going on around the world in the cybersecurity world.

Those are the key 5 things that you need to protect your organization, plain and simple. Very easy steps, and it can start by talking with infosec specialists, talking with me. Like I said, there’s a whole process to understanding what your organization needs, how to secure them. Every organization is different, so bring in a specialist first to understand what those threats are, what you need to protect, and then orchestrate that plan to put the security controls in place to fill those gaps, create those layers of security that are needed so if one fails, you have a backup. If that backup fails, you have another backup.

Having those security layers in place, no matter what, you know that you’re protected, your clients are protected, your patients are protected, and your employees don’t have to wake up in the morning and see that (blank-blank-blank) in New York fell victim to a ransomware attack.

There is meeting.irontechsecurity.com. That’ll be in the chat box if you’re looking to schedule a quick meeting. You can also email us at sales@irontechsecurity.com. But also, my personal line is up there. Give me a call. I definitely want to speak to you, understand what’s going on, answer any questions you have.

Speaking of questions, there’s Q&A. You can leave them in the chat. Let me see if we have any questions. Hey, K.

KINDSEY: Davin, we do have a question. “I keep hearing the term ‘brute force attack.’ What is it?”

DAVIN: That is a good question. There’s different types of cyberattacks that can happen, but regarding brute force, we talked about credentials and password strength; brute force is basically just trial and error. It’s attempting to log in or guess that password over and over again until you get it right. That’s a brute force attack.

But it touches on the importance of password strength and good password policies. If you sit at your desk every single day and your username is already logged in but you have your password written on a sticky note right on your computer, it’s very easy for that brute force attack to work because they’ve only got to try once. Or if your password is the same as your username, it’d probably be my second guess, maybe my first. That’d be a very easy brute force attack.

Also, simply sharing credentials – if you use one password for everything, that’s not good because if they find out one, of course they’re going to try it for other accounts, for other admin accesses or things like that. It comes back to the strength of your credentials. That might’ve been a longer answer than expected, but a brute force is trial and error, trying to guess or find that login by testing one and moving on. That’s what a brute force attack would be.

KINDSEY: We do have another question. “If the below is part of an email a client received regarding an information breach, what should they do?” And then it says “The purpose of this email is to help protect you from becoming a target of phishing attacks and alert you to the type of information that is compromised.” Then it says their first/last name, email, and phone number have been compromised, and then it says “Phishing attacks may not be limited to these categories alone, so we recommend being extra vigilant for suspicious activity or contact.”

DAVIN: That’s a good question. How would I address that? That’s a lot of information at once. To me, taking out the pinpoints, talking about phishing emails and what should we do, making you aware to be on the lookout for things like that – to me, this comes back to cybersecurity training. We can just stop on phishing emails real fast. One thing that we do at IronTech Security, of course we have training programs, continuous, once a month, very quick, short and easy, to the point training for all employees.

But we also have simulated custom phishing emails that we send out from IronTech. For example, it could look like it’s coming from Facebook and say, “Hey, you need to change your password. Type in your credentials,” something like that. At the top of the email it says it’s coming from Facebook, and you click on it and it may say “Orange123@gmail” or something like that. If you don’t look at that and you actually click on the link ,”Yeah, I’m ready to type in my credentials,” a pop-up, “Hey, you’ve been phished by IronTech Security. This is how we got you. This is what to look out for. This is what you should’ve done. This is how attacks are happening right now around the U.S. These are the types of phishing emails that are going out.”

When they run into that situation in the real world, they have the proper training and they know what to look for, so they wouldn’t fall victim to the situation that you were talking about regarding your question. But it all comes back to training because when your employees know what to look for, they are properly trained so they won’t fall victim to being scammed or they won’t just click on a link immediately when they get it or open a document immediately when they get it. They’re being aware. They have that security-first culture. Things at risk like this, you don’t really have to worry about them as much. You can sleep a little bit better at night because you know your front line of defense, your employees, are ready for a potential cyberattack. They know what to do; they have the training in place.

Another long answer, but I hope that answered the question.

KINDSEY: That’s all we have on the questions. I just want to thank everybody for joining us this afternoon. I know we went a little bit over. There will be a follow-up email that goes out, so you will have a copy of this recording. Do with it what you will. We’re going to start doing the webinars monthly. They’ll be at the end of the month every month, and Davin will be doing those. So we’ll be switching from every week to every month, and we hope that you can make it.

DAVIN: Definitely. It was great speaking to everyone. Over these past few weeks, I hope we were able to learn a lot, and I hope this webinar was infotaining – had some valuable information and was entertaining. Hopefully we’ll keep that once a month. I look forward to seeing you. Once again, the meeting link and the threat intel link is in the chat box. But also, feel free to shoot me an email, and I look forward to getting calls from y’all here soon.

KINDSEY: Thanks, everybody. Bye.