For some, this will be heart felt from revisiting the hell that they went through. Those involved, directly or indirectly understand this more than any, yet they never wish this to happen to anyone. Here are a few tips to help YOU from a future breach, and it’s not IF it will happen, it’s WHEN!
Backups, encryption, MFA, 2FA, multiple tools, and password encryptions. Covered correct?
Well, in short the answer ended up being NO.
Backups: Any type of direct connection between onsite and offsite = possible encryption. Make sure there are no direct connections, and the credentials are separate from any type of domain structure. Restore keys, are there offline copies available?
Disk encryption: Disks are still able to be cypto encrypted. Do you have keys stored offline?
Passwords: Most use some form of password storage. These systems are encrypted for obvious reasons. Are there offline copies available?
Cloud services can be awesome for anywhere access, but if databases become unavailable, local databases become encrypted, how will you be able to access any system?
Most commercial grade password and document management systems allow for a “run book” or exporting of information. Take a look at options, develop an internal policy with strict guidelines in handling. Export on a consistent basis with it being documented. Don’t forget to document the destruction as well.
CompTIA, an non-profit industry trade association and considered one of the IT industry’s top trade associations.
Press release CompTIA issued during the attack, an example of how CompTIA helps the community. Read Press Release.
While I originally wrote this before the Log4j vulnerability became known, I would be remiss not to address it here. Log4j has all the makings of the next drop of the hat. This is a widespread vulnerability that impacts nearly everyone and everything. I’m sure you are all well aware of the issue and its impact. Here again, I’d like to direct you to the CompTIA ISAO as an excellent resource for anyone in the IT Channel, especially MSPs and your customers. As they did during the Kaseya attack, the CompTIA ISAO is making their threat intelligence and active discussions on the issue available to everyone, as service to the industry for the greater good. Head over to http://forum.comptiaisao.org and click on the link to access these important resources, which are being continually updated as more details come to light. The warnings have been out there for a very long time. The timing of the release of this vulnerability is no coincidence. This might not be the quiet relaxing holiday season we all hoped for, but it’s imperative we remain on heightened alert and readiness in the face of hackers determined to harm our businesses. Stay safe this holiday season!
Regards,
MJ
MJ Shoer | SVP, Executive Director, CompTIA ISAO
Office: 630.678.8556 | connect.CompTIA.org
Get the latest IT business and career advice from CompTIA.
Advancing the Cybersecurity Resilience of the Tech Industry. Become a member today