Don't let your business become the next Colonial Pipeline.

If your inbox looks anything like ours it is full of news about the recent cyber attack which ransacked the Colonial Pipeline. In case you did not hear about it (in which case you live under a rock) here's a little recap of what occurred:

A U.S. drinking water treatment facility's cybersecurity was challenged when an unidentified cyber actor that gained access to the facility's supervisory control and data acquisition system. The actors were most likely accessed by finding soft spots in the treatment plants security system, such as weak password security and an outdated operating system.  Several government organizations, including the FBI, Cybersecurity and Infrastructure Security Agency (CISA), Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), have seen first-hand the cybersecurity criminals targeting and exploiting computer software on operating systems with end-of-life status to gain access to systems that they're not authorized to use. Click here to learn more about how you can protect your business from these criminals. 

Here are our top ten security recommendations so you can ensure that your business doesn’t become the next victim:

  1. - Use multiple-factor authentication.
  2. - Update to the latest version of the operating system (e.g., Windows 10).
  3. - Use strong passwords to protect Remote Desktop Protocol (RDP) credentials.
  4. - Ensure anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.
  5. - Audit network configurations and isolate computer systems that cannot be updated.
  6. - Audit your network for systems using RDP, closing unused RDP ports, applying multiple-factor authentication wherever possible, and logging RDP login attempts.
  7. - Audit logs for all remote connection protocols.
  8. - Train users to identify and report attempts at social engineering.
  9. - Identify and suspend access of users exhibiting unusual activity.
  10. - Utilize the ‘Block and Allow’ list which enables a user to control which other organizational users of TeamViewer may request access to the system.
  11.  

Check out our Cybersecurity Awareness Training Webinar for more info.

*Source: https://us-cert.cisa.gov/ncas/alerts/aa21-042a

Popular posts from this blog

Microsoft is Raising Prices for the First Time In a Long Time: Here’s Why

Microsoft is raising the price of its Office 365 and Microsoft 365 services for the first time in a decade. This new pricing reflects the improved value they’ve provided over the last decade. Let's look at some of the breakthroughs they've made in three major areas over the last decade: communications and collaboration, security and compliance, and AI and automation, as well as the addition of audio conferencing capabilities.

Client Interview: Sammy Esquenazi

Many businesses are using this time to re-evaluate their business needs and consider their costs and objectives. For some, that means pivoting their business strategy in the wake of the COVID-19 pandemic. One such company is Josmo Shoes; an international wholesaler for men’s and women’s footwear. Josmo’s actions mirror that of millions of companies around the world who have also taken action to revise their IT strategy to fit the needs of their new business model and infrastructure.