This December, make sure no cyber attackers are sneaking down your business’s chimney

5 cyber prevention measures to ensure that not even Santa has access to your company’s ‘naughty and nice’ data lists.

Most of us won’t be sorry to say goodbye to 2021, but with year-end parties finally on the go again, holiday plans not coming soon enough and general productivity in decline, it can be easy to forget about the cyber security risks that the year-end shutdown can mean for your business.

Here are 5 ways to prepare for the holidays so that you can enjoy some much-deserved peace of mind over the festive period:

  1. Ensure your back-ups are up-to-date (and offline and encrypted)

Companies lose data for a number of reasons, including data being stolen by cyber criminals, corruption or deletion. December is a particularly dangerous period because cyber criminals know that employee defenses are relaxed. Laptops are taken on holiday and there’s a higher chance of employees connecting to unsecure public WiFi hotspots. There’s also a higher chance of physical devices being stolen while employees are traveling. Finally, it’s a period when skeleton staff don’t always immediately notice if files have been corrupted or stolen and IT contractors are unavailable if something does go wrong.

The problem is that losing data doesn’t just ruin holidays, it cripples businesses, particularly because it’s becoming a gold mine for hackers: Over the past two years, bit coin price (BTC) has increased from $9 200 to $46 000. In 2019, the typical ransom demand we experienced in South Africa was below 3 BTC (R400 000). In 2021, the highest ransom demand we received was for 88 BTC (R78 million at that point in time). The average BTC demand that we are now seeing is in the region of R20 million. It’s worth protecting your organisation’s data.

The solution? Back-up your data to a secure cloud server or offline (air-gapped) location and have a data recovery plan in place that works with a service provider to recover data lost due to device or software failures, data corruption, accidental deletion, accidental or incorrect partitioning/ formatting, virus and hack attacks, and even actions of disgruntled employees.

  1. Update passwords and implement multi-factor authentication

Most of us don’t choose random, long strings of passwords that are difficult to remember because they’re just that – difficult to remember. Hackers love simple passwords that are repeated across different sites and that are never changed. You’re practically inviting them into your system, and once one device is breached, the entire network can be accessed without the right security settings in place. That’s why year-end is the perfect time to require all employees to update their passwords using best-practice guidelines. In the attacks that Cyanre has responded to over the past two years, in 43,5% of cases we found large occurrences of easily guessable passwords, even though clients had enforced complex password policies. This allowed extensive and easy lateral movement by the threat actors.

The solution: A strong password contains at least 10 characters and includes symbols, numbers, lowercase and capital letters. It can even be a short sentence or phrase. If employees complain about changing and remembering all of their passwords, advise them to download a password manager.

It’s also a good idea to require multi-factor authentication when an employee is trying to  access sensitive network areas, particularly if public WiFi and the beach are in their devices’ near future. This adds an additional layer of protection by asking them to take at least one extra step — such as providing a temporary code that is sent to their smartphones — to log in.

  1. Audit or assess your systems

Unused accounts are often used as a backdoor into a network by hackers and disgruntled employees. December shut-down periods are quiet, which means an attacker can gain access to your network and data without anyone immediately noticing. A full audit of your system will remove any unused accounts and pinpoint of there has been unusual activity associated with those accounts. An added bonus is that there are often monetary savings associated with removing duplicate and unnecessary accounts.

The solution: Any organisation should have a security assessment program. It is advisable to have a rolling program throughout the year rather than only relying on a once-off test every few years. The following assessments should form part of such a rolling program:

  • Vulnerability assessments
  • Compromise assessments
  • Security policy review
  • Cyber insurance readiness
  • IR plan and procedure assessments
  • Penetration testing:
    • External penetration test
    • Internal penetration test
    • Wireless penetration test
    • Web application penetration test
    • Testing the human firewall
  1. Have a clear incident response plan in place

Incident response is a set of policies and procedures that IT teams use to identify, contain, and eliminate cyberattacks. The goal of incident response is to quickly detect and terminate cyberattacks, minimising damage and preventing future attacks. There are typically six steps to incident response: Preparation of systems and procedures; Identification of incidents (when they occur); Containment of attacks; Eradication of both attackers and re-entry routes; Recovery from incidents, including the restoration of systems; and lessons learned that can strengthen the organisation’s cybersecurity and future responses.

The problem over the December period is that even if an organisation has an incident response protocol in place, the offline team does not necessarily know what it is and because the business isn’t fully operational, the focus on cybersecurity slips.

The solution: Put cybersecurity at the forefront of your December shutdown processes, beginning with incident response protocols. Remember, just because most of South Africa takes leave over December doesn’t mean hackers are doing the same – if anything, they’re waiting for the usual cybersecurity measures to relax. Your organisation’s data is just as valuable in December.

  1. Work with a service provider who can support your business

One of the biggest challenges organisations face during a cybersecurity crisis is not having a service provider already in place who is only a phone call away. This means that in the middle of a crisis situation, service terms are being negotiated and SLAs drafted, which is a waste of time when every second counts.

Having a service provider in place ensures that you have a team of experts actively monitoring your network who can immediately address a breach. It’s also important to ensure that your team knows who they should contact in the case of an emergency, whether they’re sitting in Mauritius or Balito.

The solution: It is highly advisable to have an independent and reputable service provider within the DFIR environment. Using your local IT service provider might be putting the wolf in sheep’s clothes.  Our in-depth digital forensic, legal and security knowledge allow us to manage security breaches from detection through to investigation, finally resulting in prosecution if needed, while maintaining forensically sound data collection processes and chain of custody.

Our Level 4 Incident Response services include:

  • Rapid response
  • Incident validation and initial analysis
  • Contained
  • Eradication
  • Forensic deep-dive
  • Remediation and recovery
  • Communication strategy
  • Ransom Negotiation and Crypto payment process
  • Data Subject Access Request (DSAR)
  • Data subject notification services