Important Security Best Practices for Spring and Beyond

Jeffrey Crystal

Ben Nowacky

It’s reported that hackers attack every 39 seconds, which averages 2,244 times a day. Based on this, you have either already been attacked, are being attacked right now or you’re about to be attacked.

If that’s not enough to get your attention, consider these statistics:

• Forty-three percent of breach victims are small businesses; about 30% of phishing emails are opened by users, and 12% of those users click on the infected link or attachment. (Verizon)
• Smaller organizations (1–250 employees) have the highest targeted malicious email rate at 1 in 323. (Symantec)
• Every day, around 230,000 malware samples are created by hackers. (Panda Security)
• Cyberattacks are the primary reason that around 60% of small companies to go out of business. (Small Business Trends)
• Around 94% of targeted emails use malicious file attachments as the payload or infection source, while 91% of cyberattacks begin with a “spear phishing” email. (KnowBe4)
• Only 5% of company folders are properly protected, on average. (Varonis)
• Financial and manufacturing services have the highest percent of exposed sensitive files at 21%. (Varonis)
• The average cost of a ransomware attack on businesses is $133,000. (SafeAtLast)

Clearly, the frequency and severity of cyberattacks are on the rise. Of particular concern is the increasing number of attacks directly targeted at managed service providers (MSPs) and their customers. What’s worse, the attackers often leverage MSPs’ own automation and remote-control tools to directly access and compromise their customers.

Security is a shared responsibility between vendors and partners, and it is imperative that partners also exercise best practices in securing their platforms, tools and devices to minimize risk to themselves and their customers.

Critical Security Practices

In this article, we highlight some critical security practices that should be incorporated into your standard operating procedure (SOP) checklists. This list shouldn’t be considered comprehensive, but instead suggest mitigations for the risks and threat vectors we see most often.

Ensuring password security: Increasingly bad actors are leveraging network monitoring and key-logging software to observe their intended victims for some time, capturing critical administrative passwords and familiarizing themselves with the target environment ahead of their attacks. Due to the skilled and patient nature of these attacks, it’s no longer enough to rely simply on strong passwords. Reusing a single password across multiple customers or environments is particularly dangerous, as once compromised, you’re potentially exposing multiple customers.

A common vulnerability in all too many environments is the presence of default passwords left in place on firewalls, IPMI interfaces and other areas. Default passwords allow attackers to gain dangerous access and privileges within the network. Always make sure default passwords have been replaced to deny this avenue of attack against your systems.

Mitigating ransomware and data destruction: By far the most common attacks involve the use of ransomware (e.g., CryptoLocker) software against your servers and workstations. Once encrypted, your data and systems are held hostage by a ransom demand, and paying the attackers provides no guarantee of recovery. In fact, even if payment results in the release of your systems, it’s almost certain the attackers have left root kits, back doors, and even time bombs, so they can strike again in the future. Only a …