With less than two weeks left in 2021, many of us are taking some much-deserved time off. Whether you’re celebrating with friends and family, challenging yourself to meet a year-end goal, or simply resting and recharging, remember to safeguard your business and your information—especially if you’re going to sign off for a few days.
This extra precaution is even more important in the wake of several recent cyber incidents and vulnerabilities. In early December, a ransomware attack knocked out Kronos, a popular timekeeping and payroll application used by more than 2,000 major companies around the globe. A few days later, cybersecurity experts identified a zero-day vulnerability in Log4j, an open-source, Java-based web protocol used across common servers and applications like Microsoft Office, Adobe Creative Cloud, and Amazon Web Services.
These two major incidents, along with handfuls of smaller ones, could potentially impact hundreds of millions of consumers across North America. Some companies using Kronos weren’t able to issue regular paychecks to staff members. Meanwhile, computers impacted by the Log4j vulnerability could see desktops, laptops, mobile devices, and even company servers completely taken over by automated malware or data encryption scripts that steal business information.
What Should You Do to Stay Cyber Safe?
CMIT Solutions has collected the following strategies to protect individuals and businesses from the specific cyber incidents outlined above—and the general threats that pop up every holiday season.
- Turn off computers, network drives, and on-premise servers that won’t be used over the holidays. Yes, this recommendation comes out of an abundance of caution—perhaps even an overabundance. But an unattended device makes an easy target for hackers, so make sure you log out of applications and power down any machine that won’t be in use for more than a day. Of course, this critical step isn’t an option for every business. But if you and your employees are taking time off before the new year, make sure you don’t leave anything on, which could leave a back door open for bad actors.
- Work with a trusted IT provider to scan for vulnerabilities and patch any necessary software. It’s critical to assess the state of your systems and mitigate any identified vulnerabilities. But this important task isn’t easy, either. That’s why it’s so important to work with a trusted IT or managed services provider who can run system scans to discover any problems, activate anti-virus software, deploy endpoint detection tools, and respond to anything that could pose a threat to your company. A reliable business partner can also help you automatically install security updates and software patches and then run remote maintenance and monitoring tools that keep a 24/7 watch on your IT ecosystem. This proactive approach prevents intrusions before they happen and runs in the background so that day-to-day productivity isn’t impacted.
- If any hardware or software remains unprotected, work to isolate it. Many companies rely on older computers or legacy applications to run critical operations. Often, these outdated machines and tools can’t be easily patched or updated but need to remain in use. If that’s the case, you can disconnect these workstations from servers, company networks, and, if possible, even the Internet. Any older programs can then run on these isolated machines. That mitigates the impact of a potential cybersecurity attack and preserves the safety of better-protected hardware and software, along with the data and digital identities that matter the most to you and your employees.
- Use caution with unknown emails and do not open any unexpected attachments. The Kronos ransomware attack mentioned at the beginning of this blog has been attributed to a careless click on a malicious link in a spam email. These no longer look as obvious as they have in the past; instead of typos and blatant misspellings, hackers are getting more sophisticated with their illicit messages, fake links, and malicious attachments. Inspect even normal-looking emails for accurate sender names, correctly spelled email domains, and familiar subject lines. If anything looks off—even if it purports to be from a co-worker or company executive—verify the authenticity of the email and attachment face to face or via a virtual call if you can. All it takes is one click on one of these infected files or dangerous links to wreak widespread havoc on your computer and any other systems it is connected to.
- Make sure all data is backed up securely. Regular, remote, and redundant data backup is important. Just backing up your data isn’t enough, though — having easy access to those backups is also important in case a cyberattack does strike your business. At CMIT Solutions, we securely store our clients’ backups in a variety of physical and cloud-based locations to mitigate the risk of total data loss. In addition, we integrate robust data recovery procedures with all data backup plans, helping companies retrieve their impacted information as efficiently as possible to support a return to day-to-day business operations.
Yes, the holidays are the perfect time for taking a break, savoring time with friends and family and recharging before the new year. But that doesn’t mean we can neglect the safety and security of our technology, our information, and our digital identities. At CMIT Solutions, we remain vigilant about protecting our clients, even when business operations may take a holiday break.
If you need help patching machines, scanning for vulnerabilities, protecting against ransomware, or otherwise securing your IT infrastructure before holiday time off, contact us today. Be well, stay safe, and let’s talk soon.