CYBERSECURITY IT’S EVERYBODY’S BUSINESSYour Cybersecurity Toolkit

THE BASICS

WHAT’S AT RISK FOR SMALL BUSINESSES?

WHAT IS A DATA BREACH?

A data breach is: any event in which information, electronic or paper, pertaining to an individual or company is potentially at risk for theft. This information can range from simply a name or phone number to more sensitive data such as medical records, financial accounts, and social security number.

What causes a data breach?

A Malicious or Criminal Attack

A System Glitch

Human Error

Malicious or criminal attacks are the leading cause of data breaches representing approximately 47% of incidents. Therefore,

developing effective systems for defending against cyber-attacks is essential to maintain secure data systems. However, the combined prevalence rates of systems glitches, 25% of incidents, and human errors, 28% of

incidents, constitute the majority of incidents. Businesses must address the possibility of unintentional insider threats including employee negligence and IT process failures when implementing cybersecurity protocols.

While large-scale attacks targeting companies with a trove of consumer data such as Target, Marriott and Equifax make headlines, the frequency of cyber-attacks on small businesses have increased dramatically over the lastseveral years. More than 60% of small businesses have experienced a cyber-attack in just the past 12 months.

Malicious emails are the most common method of cyberattack. The weapon of choice is an attachment containing malware designed to grant the attacker access to the company’s network. The average small business receives nine malicious emails each month per number of users on the network. Even a company with only ten employees receives an average of 90 malware-infected emails each month.

What are cybercriminals hoping to gain from small businesses? Here are a few examples:

Infection of the company’s system, bringing the company’s operations to a halt so that ransom may be extracted.

Infiltration of the company’s email system to learn the means to extract payment through phony invoices.

Redirection of routine vendor payments.

Access to important data, including payroll records where employee’s personal information is available.

To prevent infection from the virus the company’s network must have a powerful firewall, sophisticated email filtering, and discerning employees. All it takes to jeopardize the company and compromise customer information is one wrong click on a single email by any employee on the network.

Employees must undergo training to ensure they understand cybersecurity threats. ILMA’s employee training video (available at www.ilma.org) is a first step in developing a culture of awareness.In addition, employers should consider using IT consultants to conduct regular employee breach methods testing, or to recommend a company to conduct such testing.

There are significant financial consequences to being unprepared for potential cyber-attacks. The average annual cost of malware-related damages for small businesses is just over $1 million- not including costs associated with business disruption.

Only 21% of small businesses rate their ability to manage data vulnerabilities and defend against cyber-attacks as highly effective. Fortunately, small businesses don’t need to break the bank investing in cybersecurity infrastructure and hiring IT security professionals. There are a number of incremental steps that can be taken to improve your cybersecurity including implementing basic tools and programs for your business.

While most of the steps in this toolkit are designed to be carried out by an IT professional, here are five simple no-cost steps that will help keep your system secure.

YOUR CYBERSECURITY TOOLKIT01

58% OF MALWARE ATTACKS TARGET SMALL BUSINESSES.

ADDITIONAL CYBERSECURITY REQUIREMENTS

FIVE SIMPLE STEPS TO SAFEGUARD YOUR COMPANY

Maintaining effective cybersecurity defenses requires companies to have access to the relevant tools. The basic technologies, programs and applications necessary for effective cybersecurity include:

Spam/Virus/Malware Filtering

Link Filtering and Censoring

External Email Identification

Routine System Updates

Ransomware Protection

Mobile Device Management Programs

Data Loss Prevention Solutions

Detecting and defending against potential data breaches due to employee negligence

or intentional insider threats require the implementation of specialized policies, procedures, and training within a company including:

Initial and recurring background checks

Limiting unnecessary data access

Ensuring of non-employees

Secure passwords that are changed regularly

Security awareness training for employees including promotion of good IT habits. ILMA’s 15-minute training video is a great way to raise awareness of your employees. It is available at www.ilma.org.

1. EMPLOYEE CYBERSECURITY AWARENESS TRAINING As previously mentioned, ILMA’s 15-minute training video can be required viewing for all employees with access to computers. To access the video, go to www.ilma.org.

2. IT SECURITY AMBASSADOR Appoint a trusted member of your team to stay abreast of email and internet scams and to regularly share that information with other employees. The FBI website offers a subscription to a regular update that will create awareness of threats. This can be found at www.fbi.gov/e-mail-updates.

3. QUARTERLY UPDATE OF ALL PASSWORDS with assurance that passwords being utilized are strong (at least 8 characters, a mix of numbers, letters and symbols).

4. INSTITUTE A COMPANY POLICY that prohibits personal web-browsing and personal email access on company computers. Some websites could result in malware and spyware infecting your system.

5. ENSURE ALL SOFTWARE IS UP TO DATE and make sure all staff log off when leaving their workstations.

YOUR CYBERSECURITY TOOLKIT 02

INTRODUCTION TO THE CYBERSECURITY TOOLKIT

This Cybersecurity Toolkit contains a basic set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. By implementing the following steps you can reduce your company’s overall risk of experiencing a cyber-attack by 85%.

The toolkit recommends some management tools to utilize. However, your IT consultant may have alternative or additional recommendations.

Although steps in this toolkit are basic enough to be implemented without the assistance of an IT professional, it is highly recommended that companies with a significant investment in hardware, consider hiring a professional to ensure that adequate security is in place, as well as troubleshoot routine issues when they occur.

YOUR CYBERSECURITY TOOLKIT03

IDENTIFYING VULNERABILITIES

STEP #1 Take an Inventory of all Authorized and Unauthorized Devices

Identify all of your devices (including desktops, laptops, smartphones and printers) so you can take the steps to secure them. Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access. Keep this list updated as you add or remove devices.

Relevant Tools:

Open-AudIT (page 06) Spiceworks Inventory (page 06)

STEP #2 Take an Inventory of all Authorized and Unauthorized Software

Identify all of your applications (e.g., email, software, web browsers, websites) so you can take the steps to secure them. Actively manage (inventory, track, and correct) all software on the network so that only authorized software is installed and can execute, and unauthorized and unmanaged software is found and prevented from installation or execution. Keep this list updated as you add or remove applications.

Relevant Tools:

Manage Engine - Desktop Central (page 06)

Open-AudIT (page 06)

Spiceworks Inventory (page 06)

STEP #3 Configure Devices and Applications to Automatically Update

You boost your digital immunity against threats such as viruses, spyware and more when you keep your systems updated. Most devices and applications can be configured to automatically update. See the inventory list you created to go through each device and application you have to configure it for automatic updates.

Relevant Tools:

Auto-Updates (page 05)

Android

iOS (iPhone or iPad)

Mac OSX

Microsoft Windows

PROTECTING DATA

STEP #4 Secure Configurations for Hardware and Software

Establish, implement, and actively manage (track, report on, and correct) the security configuration of laptops, servers, and workstations using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings.

Relevant Tools:

CIS Benchmarks (page 05)

Browsers: Google Chrome or Safari

iOS (iPhone or iPad)

Mac OSX

Microsoft Windows

STEP #5 Control Use of Administrative Privileges

Track, control, prevent, and correct the use, assignment, and configuration of administrative privileges on computers, networks, and applications. Ensure that all users with administrative account access use a dedicated or secondary account for elevated activities. This account should only be used for administrative activities and not internet browsing, email, or similar activities. Configure systems to issue a log entry and alert when an account is added to or removed from any group assigned administrative privileges.

STEP #6 Install Email and Web Browser Protections

Minimize the attack surface and the opportunities for attackers to manipulate human behavior though their interaction with web browsers and email systems. Ensure that only fully supported web browsers and email clients are allowed to execute in the organization, using the latest version of the browsers and email clients provided by the vendor.

Relevant Tools:

DMARC (page 06)

STEP #7 Install Malware Defenses

Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and corrective action. Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization’s workstations and servers.

Relevant Tools:

Avast (page 05)

AVG (page 05)

STEP #8 Limitation and Control of Network Ports, Protocols, and Services

Manage (track, control, and correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers.

Relevant Tools:

Quad9 (page 06)

STEP #9 Control Wireless Access Based on the Need to Know

Track, control, prevent, correct, and secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification. Segment the network based on the label or classification level of

YOUR CYBERSECURITY TOOLKIT 04

the information stored on the servers, locate all sensitive information on separated Virtual Local Area Networks (VLANs). Encrypt all sensitive information in transit. Create a separate wireless network for personal or untrusted devices. Enterprise access from this network should be treated as untrusted and filtered and audited accordingly.

Relevant Tools:

Turn It On (page 06)

STEP #10 Security Skills Assessment and Appropriate Training to Fill Gaps

Identify the specific knowledge, skills, and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify and remediate gaps, through policy, organizational planning, training, and awareness programs for all functional roles in the organization.

RESPONDING TO EVENTS

STEP #11 Incident Response and Management

Cyber incidents are now just part of our way of life. Even large, well-funded, and technically

sophisticated enterprises struggle to keep up with the frequency and complexity of attacks. The question of a successful cyber-attack against an enterprise is not “if” but “when.” When an incident occurs, it is too late to develop the right procedures, reporting, data collection, management responsibility, legal protocols, and communications strategy that will allow the enterprise to successfully understand, manage, and recover. Without an incident response plan, an organization may not discover an attack in the first place, or, if the attack is detected, the organization may not follow good procedures to contain damage, eradicate the attacker’s presence, and recover in a secure fashion. Thus, the attacker may have a far greater impact, causing more damage, infecting more systems, and possibly exfiltrate more sensitive data than would otherwise be possible were an effective incident response plan in place. Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight). Ensure that there are written incident response plans that define roles of personnel as well as phases of incident

handling/management. Assemble and maintain information on third-party contact information to be used to report a security incident, such as law enforcement, relevant government departments, vendors, and ISAC partners.

RECOVERING FROM ATTACKS

STEP #12 Data Recovery Capability

When attackers compromise machines, they often make significant changes to configurations and software. Sometimes attackers also make subtle alterations of data stored on compromised machines, potentially jeopardizing organizational effectiveness with polluted information. When the attackers are discovered, it can be extremely difficult for organizations without a trustworthy data recovery capability to remove all aspects of the attacker’s presence on the machine. Properly back up critical information with a proven methodology for timely recovery.

Relevant Tools:

OSX Time Machine (page 06)

Windows Auto-Backup (page 06)

AUTO-UPDATE DEVICES

Android https://support.google.com/googleplay/answer/113412?hl=en

iOS (iPhone or iPad) https://support.apple.com/en-us/HT202180

Mac OSX https://support.apple.com/en-us/HT201541

Windows https://support.microsoft.com/en-us/help/12373/windows-update-faq

Updating your device ensures you are running the most updated software, which improves the security and efficiency of the device and reduces your risk for getting compromised. These tools will update your devices.

AVAST

https://www.avast.com/en-us/free-antivirus-download

Packed with the largest threat-detection network, machine-learning virus protection, easy password management and home network security that won’t slow down your device. Avast Free Antivirus scans for security and performance issues and tells you how to fix things instantly. It protects you in real-time by analyzing unknown files before they get to you.

AVG

https://www.avg.com/en-us/free-antivirus-download

This free antivirus software just got even better. It now includes real-time security updates, scans for both malware and performance issues, and even catches malicious downloads before they reach your device. It’s also got an all-new, refreshingly simple design that shows you exactly how you’re protected. All of this, and it still won’t slow you down!

CIS BENCHMARKS

Android https://gcatoolkit.org/wp-content/uploads/2019/02/CIS_Google_Android_ Benchmark_v1.2.0.pdf

Browser (Google Chrome) https://gcatoolkit.org/wp-content/uploads/2019/02/CIS_ Google_Chrome_Benchmark_v1.3.0.pdf

Browser (Safari) https://gcatoolkit.org/wp-content/uploads/2019/02/CIS_macOS_ Safari_Benchmark_v2.0.0.pdf

iOS (iPhone or iPad) https://gcatoolkit.org/wp-content/uploads/2019/02/CIS_Apple_ iOS_12_Benchmark_v1.0.0.pdf

RELEVANT CYBERSECURITY TOOLS

YOUR CYBERSECURITY TOOLKIT05

Mac OSX https://gcatoolkit.org/wp-content/uploads/2019/02/CIS_Apple_macOS_ 10.13_Benchmark_v1.0.0.pdf

Windows https://gcatoolkit.org/wp-content/uploads/2019/02/CIS_Microsoft_Windows _10_Enterprise_Release_1709_Benchmark_v1.4.0.pdf

Your hardware and software include various security controls that can be turned on to stop attackers from compromising it. Center for Internet Security has worked with industry experts to develop step-by-step instructions on how to securely configure your them. Choose the guide that is applicable to your hardware or software you are using and securely configure it now.

DMARC

https://dmarcguide.globalcyberalliance.org/#/

DMARC – Domain-based Message Authentication, Reporting & Conformance -is an email authentication standard that helps users protect their email domains from spoofers, spammers and phishing attacks. A DMARC policy allows a sender to indicate that their messages are protected and tells a receiver what to do if one of the authentication methods passes or fails – such as send the message or reject the message. This tool will guide your organization through the process of creating or setting up a DMARC policy, as well as additional protections so that your organization will have a stronger email authentication mechanism in place to help protect the brand.

MANAGE ENGINE - DESKTOP CENTRAL

https://www.manageengine.com/products/desktop-central/

Desktop Central is a unified endpoint management solution that helps in managing servers, laptops, desktops, smartphones, and tablets from a central location. Automate your regular desktop management routines like installing patches, distributing software, imaging and deploying OS, managing your IT Assets, managing software licenses, monitoring software usage statistics, managing USB device usage, taking control of remote desktops, and more. It supports managing Windows, Mac and Linux operating systems. Manage your mobile devices to deploy profiles and policies, configure devices for Wi-Fi, VPN, email accounts, etc., apply restrictions on using camera, browser, etc., and to secure your devices like enabling passcode, remote lock/wipe, etc. Manage all your iOS, Android and Windows smartphones and tablets.

OPEN-AUDIT

https://www.open-audit.org

Open-AudIT is an application to tell you exactly what is on your network, how it is configured and when it changes. Open-AudIT will run on Windows and Linux systems. Essentially, Open-AudIT is a database of information, that can be queried via a web interface. Data about the network is inserted via a Bash Script (Linux) or VBScript (Windows). The entire application is written in php, bash and vbscript. These are all ‘scripting’ languages - no compiling and human readable source code. Making changes and customizations is both quick and easy. Open-AudIT can be configured to scan your network and devices automatically. A daily scan is recommended for systems, with network scans every couple of hours. That way, you can be assured of being notified if something changes on a PC or if something “new” appears on your network.

OSX TIME MACHINE BACKUP

https://support.apple.com/en-us/HT201250

Backups are copies of data that are stored separately from your computer or device. Backups are critical so that you have access to your information in case it is lost, stolen or held “ransom” by an attacker. This tool provides automatic backups of Mac operating systems.

QUAD9

https://quad9.net

Every website lives at a numerical IP address. Your Domain Name Server, or DNS, translates these numerical IP addresses into readable domain names we all know and remember. If your DNS settings are not working correctly, or you’re still using defaults, you may be at risk for cybercrime and performance issues. Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system’s performance, plus, it preserves and protects your privacy. It’s like an immunization for your computer. Quad9 routes your DNS queries through a secure network of servers around the globe. The system uses threat intelligence from more than a dozen of the industry’s leading cyber security companies to give a real-time perspective on what websites are safe and what sites are known to include malware or other threats. If the system detects that the site you want to reach is known to be infected, you’ll automatically be blocked from entry – keeping your data and computer safe.

SPICEWORKS INVENTORY

https://www.spiceworks.com/free-pc-network-inventory-software/

One spot to manage all your devices. All your IT, all in one place. Automatically discover detailed device information to help you troubleshoot user issues, stay ahead of potential device problems, and be ready for budget and audit talks about your devices. Stay in the know and breathe a sigh of relief knowing everything’s as it should be. It’s easy to setup. Run your first scan and collect the details you need on your devices in minutes. Insight at your fingertips. Need a quick run-down on all the printers in the office or serial numbers of all your PCs and Macs? Need to get the last user logged in to your end-user workstations? You can generate fully customizable reports and exports in no time at all.

TURN IT ON

https://www.telesign.com/turnon2fa/tutorials/

Two factor authentication (2FA) refers to an additional layer of security so that someone trying to access an online account has to prove they are who they say they are by providing two pieces of information—generally, a password, plus something else, such as a PIN. Provides an explanation of 2FA and how it protects online accounts from compromise as well as a directory of step-by-step tutorials on enabling the security feature on 100s of top websites.

WINDOWS AUTO-BACKUP

https://support.microsoft.com/en-us/help/4027408/windows-10-backup-and-restore

Backups are copies of data that are stored separately from your computer or device. Backups are critical so that you have access to your information in case it is lost, stolen or held “ransom” by an attacker. This tool provides automatic backups of Windows 10 operating systems.

YOUR CYBERSECURITY TOOLKIT 06

675 N. Washington Street, Suite 275 Alexandria, VA 22314

p 703.684.5574

f 703.350.4919

e ilma@ilma.org