In light of increased ransomware and cyberattacks, the U.S. Government has released recommended best practices to reduce cyber risk. The top five actions President Biden proposed in his “Improving the Nation’s Cybersecurity” Executive Order are as follows.
- Backup data, system images and configurations. Regularly test them and keep backups offline. Ensuring that backups are regularly tested and not connected to the business network is critical, as many ransomware attacks attempt to encrypt or delete accessible backups. Storing backups offline allows an organization to restore its systems, even when networks are encrypted with ransomware.
- Update and patch systems promptly. Include operating systems, applications and firmware in the timely updating of security patches. Consider a centralized patch management system and use a risk-based assessment strategy to drive patch management.
- Test incident response plans. Testing is critical to identify security gaps. Run through core questions and use answers to build a response plan. Good questions to ask include: Can business operations be sustained without access to certain systems? For how long? Would manufacturing operations be turned off if business systems such as billing were offline?
- Check security team work. Use a third party pen tester to test the security of systems and ability to defend against a sophisticated attack.
- Segment networks. Ransomware attacks have shifted from stealing data to disrupting operations. It is critical to separate corporate business functions and manufacturing production operations. Filter and limit access to operational networks, identifying links between those networks and developing workarounds or manual controls to ensure networks can be isolated and continue to operate if the corporate network is compromised.
Additional resources from the Cybersecurity & Infrastructure Security Agency (CISA) can be accessed online:
For additional information, contact an EPIC broker.
Sign up for our Emergency Response Alerts
With this subscription, you’ll receive important updates from our team as we continue to cover global outbreaks and natural disasters impacting the business community, both locally and abroad.