Manage your risk: use layers to protect yourself from cyber terrorism

Due to the overwhelming reaction to some recent news about an unfortunate local cyber attack, we want to address the inevitable concerns that many will face from colleagues and peers.  Unfortunately, we have experience with this type of breach.  We have seen it before and we will inevitably see it again.  Experience has proven though that your risk can be mitigated by the following factors:

1. Border Security – Having a very intelligent and powerful firewall the separates your system from the Internet makes a huge difference.  Many intrusion attempts (as well as many forms of communication in general) can just be blocked by this type of device thus stopping them before they have a chance to reach your internal resources.
2. Internal Anti-Virus & Malware Protection – Having a centrally managed anti-virus and anti-malware software installed on all applicable systems can be a life saver. These kinds of software can be controlled through central management consoles within your organization and can also be directly tied into the eKeeper NMS and alerting systems. This allows eKeeper to have seamless visibility of the behavior, performance and actions of these software systems.
3. SPAM Filter – eKeeper SPAM filters an enormous amount of phishing attempts, viruses and other email-borne threats to the systems we protect.
4. eKeeper NMS – Our monitoring system allows us to actively see many different types of intrusion attempts and anomalous behavior patterns thus giving us the ability to act before an intrusion attempt can succeed.
5. Backups – Daily backups within your environment are critical. It ensures that you can recover from data corruption, loss or data encryption (as is the case with ransomware attacks).  In addition, performing multiple levels of backups helps to ensure the security of your data. Using a local, online backup system within your organization is the first step to making sure that you can very quickly recover from data issues that arise without the need to resort to external, offsite media.  This online backup system should generally be protected from all external threats by making sure it is not accessible from anywhere but your backup server software. Outside of the local, online backup system, your backups should also be duplicated to removable media that is changed out on a daily basis and either taken offsite or stored in a secured location (for example, a safe at your location, a safe deposit box at your bank or another secured location that works for you).  Because this media is changed on a daily basis and disconnected from the system, the backup is naturally protected from tampering or other damage while it is offline.  Finally, eKeeper RBS can help to protect your critically irreplaceable data on a daily or weekly basis (sometimes both) by backing that data up to a remote facility in a secure fashion.
6. Disaster Recovery Testing – eKeeper DR allows us to proactively test backup data, media and your overall recovery strategy to ensure that your system and data are fully recoverable in the event of a disaster.  The regular testing that is performed using your backup media validates your backup strategy and ensures that your system can be recovered from a complete loss of all systems.

Using this strategy, your system can be well protected because there are multiple layers of security, backup and recovery options that are in play.

One point to note however is that no system is 100% secure.  No matter how many systems or procedures are in place, there is always a chance that your system may be compromised.  From a technical standpoint, eKeeper can help you mitigate the potential impact of such an event through the effective use of the technologies listed above. However, things that you can do to further mitigate your potential exposure are:

• Train everyone in your organization how to recognize potential phishing attempts (via email, web, telephone or other means of communication).  People are always your first line of defense when it comes to system security.
• Ensure that you have cybersecurity/terrorism coverage with your insurance provider.
• Have an external penetration test performed on your system and ensure that this is repeated on a regular basis.  Depending on the needs of your organization, this could be repeated every 1, 2 or 3 years…or when your system undergoes significant changes or upgrades. This kind of testing puts your system to the real test by allowing ethical hackers to identify vulnerabilities within your system design and exploit them to identify potential avenues of compromise.

eKeeper can help you with each of these points either directly or through our extensive network of partners.  Please let us know if you would like assistance in any of these areas. 

The systems eKeeper offers, in conjunction with a solid risk management plan (insurance, employee training, recovery policies and procedures, etc.) will ensure that your risk is minimized and the impact on your organization is as small as possible should the unthinkable happen. 

Please feel free to reach out to us with any additional questions or concerns. We are always here to help.