As people across the country are getting ready for a holiday, cybercriminals are also gearing up for the long weekend. Holidays can be an ideal time for hackers, as many organizations have reduced IT staff – or even no security team on premises – during a long weekend, making it easier to execute attacks without being noticed. This environment can be open season for ransomware, which recently cost the City of Baltimore over $18-million in damages and lost revenue. So, how can your organization rest easy over the holidays?
How prepared are you for cyberattacks?
Before you fire up the BBQ this long weekend, you’ll want to test your security posture. Here are three ways to do so:
- Risk Assessments: Risk assessments can be performed on any application, function or process in your organization. You’ll want to take this opportunity to identify threats, determine risk levels and impact, analyze your environment and determine the likelihood and severity of any risk to your business.
- Vulnerability Assessments: A vulnerability assessment identifies, classifies and ranks the vulnerabilities in systems, applications and network infrastructure to provide your organization with the necessary knowledge, awareness and risk background to understand the threats to your environment. CDW can help make sure your security technologies are properly implemented and integrated to effectively guard against all threats.
- Penetration Testing: Penetration testing provides an organization with a view of what it’s like to be targeted by hackers, showcases how the attack is performed and offers takeaways to prevent it from happening “for real.” To avoid costly cyberattacks, consider engaging a security partner, such as CDW, to conduct a penetration test against your infrastructure.
How robust are your security alerts?
Not only do you need to prepare your systems for a cyberattack, but you’ll want to make sure, if an attack does occur, that you are getting the alerts that you need. Evaluate your security software to ensure you receive the proper alerts, and make sure you are confident with your triage process if an alert does occur. It’s especially important to avoid alert fatigue and not ignore alerts during high-risk periods…such as the long weekend. You will need to increase your thresholds for alerting so that someone can keep an eye on those.
Have you considered fully or partially managed services?
Arguably, the best way for you to enjoy your long weekend, knowing that your systems are secure, is to have someone else look after them. By engaging a managed services provider, you’ll have a dedicated team of security analysts in a Security Operations Centre (SOC) who watch your logs and alerts, and either report or take action on critical events. For smaller businesses, or those without an SOC, partially managed services could be a great option, especially during high-risk, low-activity times such as long weekends.
4 long weekend security tips, from the expert
We asked Owen Dykstra, Security Inside Solution Architect at CDW Canada, for some additional tips on preparing your organization for the long weekend:
- Have good Incident Response, Business Continuity and Disaster Recovery plans in place and make sure to have them tested.
- Consider having an Incident Response retainer, so that if a breach does occur you are prepared to respond quickly.
- Security Awareness training can educate staff about social engineering and phishing attacks, which will likely increase before the holidays.
- Consider restricting admin functions during these high-risk windows and utilize multifactor authentication (MFA) on all admin accounts.
To learn more about CDW’s security solutions for your business, please visit CDW.ca/security