CybeReady: Top recommendations for security during time of war
CybeReady has presented five must-do actions for organisations concerned about the potential fallout of cyber warfare taking place in the world right now.
The provided recommendations come as businesses and employees globally become unwilling participants in ongoing conflict.
Outside of physical warfare, both Russia and Ukraine have been involved in a dedicated program of cyberwarfare. Those involved in the conflict have launched cyber attacks on each other, with entities supportive of Russia involved in data-wiping malware and taking websites offline with DoS attacks to prevent their use.
Additionally, there have been malicious phishing-borne ransomware attacks and a range of other threats casting a sinister shadow that threatens every organisation.
Since cyber strikes between warring entities are not always contained, they often infect devices and websites that are on the periphery of the conflict, CybeReady states. This includes both business and personal devices of individuals working onsite or remotely.
Employee social media accounts are also at risk of being hacked for the purpose of distributing false information or malware.
With the conflict surging, these attacks are expected to intensify with nearly everyone at risk of suffering the consequences of a sudden attack, the company states.
According to CybeReady, during such turbulent times, one should regard all emails with extra caution and double-check the sender’s address carefully.
Beware of requests that ask for technical assistance such as running software or helping to take down websites. These might not only be illegal but may also be used to hack systems on the corporate network.
Try to remember that during times of crisis, there is an increase in phishing attempts of all kinds as hackers take advantage of the situation. In this circumstance, employees need to stay updated from both a news and computing perspective.
To be proactive in the defence of computing environments, our security experts recommend:
1. Personal computer and phones: Install the latest operating system and security updates.
2. Implement 2FA/MFA: Use a phone number or authentication app as the second factor of authentication to all important applications, social media accounts (Facebook/Meta, Linkedin, Twitter, etc.), and personal email accounts. Backup email and ensure it is recoverable.
3. Change passwords: If you are reusing a password in sites that hold your personal information, it is a good time to change your passwords.
4. Support a culture of security: Train your employees continuously, advise friends and family to do the same, and take an active role in creating a safer internet.
5. Defend work from home environments: Install the operating system and security updates. If these are available you should see a notification on your computer or phone.
Especially important to business continuity in these times of uncertainty is the need for automated cybersecurity training that adapts to employee educational needs and accelerates the learning process.
A more touchless approach not only speeds training, but also supports the IT team by reducing oversight requirements to ensure an empowering educational experience for employees, the company states.
CybeReady co-founder CSO Mike Polatsek says, “Building a culture of security throughout an organisation is especially critical in situations where the volume of malicious cyber activity is at record levels.
"Deploying a security awareness program that provides training value fast and builds employee readiness with no IT effort whatsoever, can make a true difference for enterprises.”