As part of our commitment to supporting our customers, we’re shedding light on the importance of cybersecurity for small businesses. While small businesses often leverage powerful technology tools, this can open them up to material threats from malicious attacks. Now is the time to be vigilant and ensure your business is protected from fraud.
For additional context, cyber-related risks continue to grow – with threats of ransomware up a staggering 1,885% over the last year,¹ and average breach costs rising 10% year over year.² Further, current global events have heightened awareness of looming threats. With recent Russian movement in Ukraine, the world is on even higher alert for cyber-attacks. When Russia last made moves against Ukraine, they launched destructive cyber capabilities that crippled a number of U.S. organizations and critical infrastructure operators. The attacks may have been targeted at Ukraine, but given the open nature of the Internet, those attacks easily spread and caused collateral damage. While posed as ransomware, the malware used in 2017 (named 'NotPetya') was actually destructive in nature, hampering operations of several large enterprises including Maersk Shipping, FedEx, Merck and others. Department of Homeland Security, Federal Bureau of Investigation and National Security Agency have all asked U.S. enterprises to be on high alert. Our teams at Live Oak Bank are regularly attending threat briefings with our government and private sector partners to ensure we are tracking, and evolving appropriate defenses related to the latest activity and threats.
In the meantime, what can you do? Both at home and in the office, ensure you are adhering to good online hygiene:
- Be diligent and suspicious of any e-mails that could be phishing.
- Ensure you are using strong passwords and multi-factor authentication.
- Keep your systems up to date (apply patches as they are released).
- Do not install any unnecessary software.
You may have seen some headlines about incidents at Okta, and Microsoft over the last few weeks. These breaches turned out to be the work of a handful of European teenagers. How did it work, how did a handful of teenagers break into companies that spend a fortune on security, and what can you do about it at your small business?
Both of these attacks managed to access a specific user account and then wreaked havoc based on whatever they could do, or get to, from that account.
Let's step back and look at the key controls to stop this.
1. We want to keep bad guys (or girls) out of our accounts. How do we do this?
- Strong passwords! Even strong, short passwords, are fairly easy for modern systems to “crack.” The longer the password the better. Consider using a pass phrase instead of a password. A passphrase can be a simple sentence that's easy for you to remember, and then add in a special character to meet any password complexity requirements.
- Never re-use passwords! Even the strongest password falls apart if you re-use the same password and one of the places you use it gets compromised. There are dozens of sites across the internet that aggregate prior data breach passwords and accounts, creating collections of passwords associated with usernames and e-mails — we recommend haveibeenpwned.com. Go ahead and plug in your email (this site is safe).
- Multi-factor authentication. Even if your password is compromised, multi-factor authentication provides a second way to verify that it is indeed you connecting.
2. If a user gets into your account, you need to ensure they can do as little damage as possible. If a user account at your organization was compromised, what would it have access to? Internal chat messages, sensitive data, customer data, payment information? In the recent Okta and Microsoft cases, these intrusions would have been far worse if those accounts had more pervasive access across the environment. It’s critical to manage your environment with the concept of least privilege - that your account only has access to the things that you need to get your job down. That way, if for some reason your account is compromised, you minimize any potential damage.
Now, you may be asking yourself, if organizations are doing these things, how does it still happen? Well, unfortunately, cyber criminals are savvy and after they manage to “crack” or guess a password, they are starting to attack the multi-factor authentication processes. These attacks are happening via several methods, but the two most common are:
1. They keep sending you requests or pop-ups to approve an authentication request. If you received a random one, would you approve it? What if you received a couple dozen over an hour? Would you just approve them just to make them go away and get back to work? Remain diligent and only click “Approve” if you know it’s related to a login activity you are currently performing!
2. The other method that attackers are using is called “Sim Swapping.” Here, they either take control of your phone number, or put malicious code on your phone, to intercept
the MFA code that you are sent. Here, using an application on your phone (Microsoft Authenticator, Google Authenticator, Okta, Duo, etc) provides an advantage over a simple code via an SMS-text message. Even if someone were to steal your phone number, they would not have the app set up and associated to your account.
This information is intended to keep you safe both at work and at home. Unfortunately, cybersecurity is a key part of business continuity now and moving forward. It’s wise to remain up-to-speed on the latest tips and trends we’re seeing across the globe. For additional resources and knowledge on the topic, explore these resources below.
Article written by Rich Friedberg, Chief Information Security Officer (CISO), Live Oak Bank.