Steps to Improve Your Security in Light of Russian Cyber Threats
As news of Russian forces launching an attack on Ukraine hit the headlines on February 24th, it is vital that you keep security top-of-mind as the risk of cyber attacks and state-sponsored advanced persistent threats (APTs) is increasing substantially. We urge everyone to take steps to improve their security posture and stay extra vigilant.
Here at KiteTech, we persistently monitor new and ongoing cyber security risks like this and develop a plan of action to ensure that our clients’ resources and data are fully protected. Below is a list of recommendations for security services that are vital in protecting your business from cyber threats.
Security Services That Protect Your Business
If we had to make a single recommendation for protecting your online accounts, it would be multi-factor authentication (MFA). Not only confirming this is turned on for your business, but ensuring your personal accounts are protected behind MFA as well.
Security Awareness Training
While industry standard security products are critical to protecting your organization, end users will always be your greatest risk. It’s crucial that you require employees to complete their annual security awareness training.
Antivirus/Endpoint Detection and Response (EDR)
Keeping antivirus signatures up to date is essential to protecting against known malware. Automatic updates should always be enabled for these products.
Restricting access to accounts based on location has proven to be a very successful way of mitigating threats. While there are ways to circumvent these restrictions, its use in protecting against automated attacks is considerable. We encourage adopting this when available.
Cybersecurity Tips for End-Users
Now is the time to build a stronger line of defense against increasingly sophisticated cyber threats. Below are steps that end-users can take to ramp up their security practices.
- Make sure MFA is turned on for all eligible accounts and working properly (can’t emphasize this one enough).
- Keep an eye on your finances. Check for suspicious transactions and set up credit monitoring alerts.
- If you have any backup emails or phone numbers tied to an account for recovery purposes, make sure they are updated with relevant information and MFA if applicable.
- Utilize websites such as haveibeenpwned.com to check for compromised passwords. We have a subscription to ID Agent’s DarkwebID which features a live search function to check for password compromise tied to an email address. If you would like access to that, let me know.
- If you aren’t using a password manager, I highly recommend moving towards the migration. It can be a lot of work, and some may be skeptical having all your passwords in once place, but the security features outweigh the risk. Some examples of password managers are LastPass and Dashlane.
- Be wary of approving logins on the Microsoft Authenticator app. If you didn’t initialize authentication, deny the approval.
- Take your time when reviewing emails with urgent or suspicious requests. Reach out to that person directly to validate. To those who may not be as tech savvy as others, don’t hesitate to ask for help. You’re not a burden for doing so whatsoever.
- Be careful with what apps you allow to have access to what data, and consider only accepting necessary cookies for websites.
- Make sure shared accounts are limited and all passwords for those are complex.
- Be careful with pre-filling passwords, many websites don’t properly encrypt those and they have been common targets for keyloggers.
- Most importantly, be extra cautious. Even with all the security controls out there, you as the end user will always have the keys to the castle.
It is more important than ever to make it a priority to improve your organization’s cybersecurity practices and train your employees to stay conscious of any suspicious activity. If you notice anything questionable, reach out to KiteTech immediately so we can investigate.