Two-Factor/Multi-Factor Authentication is a Power Security Measure
Did you know there are more than 12,000,000,000 accounts available on the public internet for hackers to review when trying to break into your company. Cybersecurity experts multiple that by 2-4x for credentials floating around hacker forums on the dark web. Hackers seek companies who haven’t adopted two-factor authentication on their email accounts so they can exploit the users whose credentials are available online. This leads to Business Email Compromise or BEC for short. In the best case, the hacker sends invoices to every contact in the email address that’s been hacked into via BEC. In the worst case, they execute Wire Transfer Fraud and receive hundreds of thousands of dollars from your company via a Wire that cannot be recovered.
If this sounds bad or unusual, know this: the FBI has quoted BEC and Wire fraud as costing businesses world wide more than $26 billion in 2019 alone. It has only gotten worse since then. One of the best measures of protection is to prevent the most common forms of attack by enabling Multi-factor authentication on your email. There are other measures and best practices outlined below every business must adopt before they are breached. Stop procrastinating, schedule a meeting with CyberHoot today.
CyberHoot Best practices:
- Train your employees on the common attacks that are out there. From weak passwords and password managers, to the importance of multi-factor authentication and how to spot phishing attacks. Awareness is the key to defending your business.
- Govern you employees with cybersecurity policies including Acceptable Use, Password, Information Handling and a Written Information Security Policy.
- Establish cybersecurity best practice processes such as a Vulnerability Alert Management Process (VAMP) and a Cybersecurity Incident Management Process (CIMP) to guide and require action in the face of an emergency. Then move on onboarding and offboarding processes, SaaS management processes, and 3rd party risk management.
- Establish strong technical protections including: a Firewall, antivirus, anti-malware, anti-spam, multi-factor authentication on all critical accounts, Enable full disk encryption, manage the keys carefully, and most importantly, adopt, train on and require all employees to use a Password Manager.
- Test employees on how to spot and avoid phishing attacks. CyberHoot has released a disruptive method of Phish Testing the fills in gaps in your employees knowledge without punishing them for failure. Instead we reward them for success. More info is available here.
- Backup your data by following our 3-2-1 Backup methodology to ensure you can recover your business from a cybersecurity event.
- In the modern Work-from-Home era, make sure you’re managing personal devices connecting to your network by validating their security (patching, antivirus, DNS protections) or prohibiting their use entirely.
- If you haven’t had a risk assessment by a 3rd party in the last 2 years, you should have one now. Establishing a risk management framework in your organization is critical to addressing your most egregious risks with your finite time and money.
- Buy Cyber-Insurance to protect you in a catastrophic failure situation. Cyber-Insurance is no different than Car, Fire, Flood, or Life insurance. It’s there when you need it most.
CyberHoot believes that for many small to medium sized businesses and MSPs, you can greatly improve your defenses and chances of not becoming another victim of cyberattack if you follow the advice above.
Additional Reading and resources:
FBI Overview of Business Email Compromise and What to Do to Protect Yourself