Simple steps your small organization can take to defend itself against cyberattacks

Security News ThreatsCybercrime Uncategorized

Respected security researcher Dan Wallach from Rice University has published a short (18 page) guide to securing small organizations against three kinds of cyberattack: Untargeted, ​remote ​(spammers, ​phishers, ​ransomware ​griefers, ​etc.); Targeted, ​remote ​(spear ​phishers); and Targeted, ​in ​person ​(immigration ​agents, ​police, ​criminal ​trespass).

It’s an essential guide for an increasingly overmatched nonprofit and small business sector who have to contend with adversaries who can avail themselves of sophisticated attack tools, even when they, themselves are not particularly sophisticated.

If ​there’s ​one ​thing ​we ​learned ​from ​the ​leaks ​of ​the ​DNC ​emails ​during ​the ​2016 ​presidential ​campaign it’s ​this: cyber-security ​matters. ​Whether ​or ​not ​you ​believe ​that ​the ​release ​of ​private ​campaign ​emails cost ​Clinton ​the ​election, ​they ​certainly ​influenced ​the ​process ​to ​the ​extent ​that ​any ​political ​campaign, any ​small ​non-profit, ​and ​any ​advocacy ​group ​has ​to ​now ​consider ​the ​possible ​impacts ​of ​cyber-attacks against ​their ​organizations. ​These ​could ​involve espionage ​(i.e., ​internal ​secrets ​being ​leaked) ​or sabotage (i.e., ​internal ​data ​being ​corrupted ​or ​destroyed). ​And ​your ​adversaries ​might ​be ​criminal ​hackers ​or foreign ​nation-state ​governments.

If ​you ​were ​a ​large ​multinational ​corporation, ​you’d ​have ​a ​dedicated ​team ​of ​security ​specialists ​to manage ​your ​organization. ​Unfortunately, ​you’re ​not ​and ​you ​can’t ​afford ​such ​a ​team. ​To ​help ​you, ​this document ​summarizes ​low-cost ​tactics ​you ​can ​take ​to ​reduce ​your ​vulnerabilities ​using ​simple techniques ​like ​two-factor ​authentication, ​so ​a ​stolen ​password ​isn’t ​enough ​for ​an ​attacker ​to ​log ​into your ​account. ​This ​document ​also ​recommends ​particular ​software ​and ​hardware ​configurations ​that ​move your ​organization ​“into ​the ​cloud” ​where ​providers ​like ​Google ​or ​Microsoft ​have ​security ​professionals who ​do ​much ​of ​the ​hard ​work ​on ​your ​behalf.

HOWTO: ​Protect ​your ​small ​organization ​against electronic ​adversaries [Dan Wallach/Rice University]