Issue link: http://psai.uberflip.com/i/1280285
ASSOCIATIONINSIGHT Portable Sanitation Association International News BIWEEKLY EDITION AUGUST 19, 2020 Page 14 Cyber Security Issues Continue…Continued from page 13 We had already planned a newer and better architecture for our network, much of which had already been laid out but we hadn't implemented for a number of reasons. After the attack ABC immediately re-purposed a large storage array for the new "infrastructure" network. All physical servers were to become a part of this network. These new hypervisors (physical servers that run virtual servers) would become members of their own domain and network completely isolated from the customer-facing network. After the event, we also discovered that despite previous testing, many backups that had completed successfully were not viable in recovery. Now, ABC approaches backups from a new angle. New software is taking hypervisor-based snapshots of running virtual servers and storing them on this separate network, rather than running client- side agents. Any future outbreak on the customer-facing network will not be able to affect physical servers nor access backup data, making recovery much more straightforward. ABC has also moved certain services from on-premises servers to cloud services. Due to the poor protection and limited feature sets of their previous anti-virus software, ABC selected a behavior-based anti-virus product that includes managed threat response, meaning a team of the vendor's engineers monitors endpoints on the network, and in aggregate worldwide, for potentially malicious actions and has the ability to lock systems down were an outbreak to be detected. ABC Co also implemented a new and updated security awareness training program for all employees and an internal phishing campaign to regularly inform and test all employees' ability to thwart attempts to compromise their systems. What Your Company Can Learn from A-Throne and ABC Both A-Throne and ABC Company thought they were protected. They had done a lot of things right. Yet the "bad guys" found their vulnerabilities and cost them precious time and money. Here are some take-aways that apply to any portable sanitation company: 1. Don't think it can't happen to you. It can. 2. Make sure you have updated virus protection and other tools in place to protect against malware. 3. Check your backups. Can you actually restore your data? Are they really backing up all the systems as often as you think they are? If you haven't actually tried to open the files and restore data, you really don't know. 4. If you are using web-based applications and your vendors are supposed to be doing backups, how sure are you that they are being done and that the data can be restored? 5. Have you trained your staff to recognize malware and phishing scams? If not, find a training program to implement. It is much less expensive than finding your way out of a ransomware attack. Google "phishing awareness training" to learn more. 6. Check on your insurance coverage. It is possible to get coverage for cyber attacks, but you don't want to find out your coverage wasn't adequate when it is too late. Learn More about Cyber Security and Other Scams Targeting Small Businesses On Wednesday, July 22, 2020, FEMA held a webinar session with the Federal Trade Commission discussing the types of cyber security scams that target small businesses and how to avoid them. Click here to access the recorded session. v