What companies can do to stay safe

1. Use proven security solutions

  • Centrally manage software updates and patches. To prioritize update plans correctly, the most pressing security threats must be taken into account.
  • Install antivirus software with a sandbox for dynamically scanning files and the ability to detect and block threats in the corporate email system, such as malicious email attachments, before they are opened by employees. Ideally, antivirus software should simultaneously support solutions from multiple vendors and have the ability to detect signs of hidden or obfuscated malware, as well as block malicious activity across diverse data streams: email, web traffic, network traffic, file storage, and web portals. Whatever solution you select, it should be able to check files both in real time and retrospectively, by automatically re-scanning files when signature databases are updated to detect previously unknown threats.
  • We also recommend using SIEM solutions for timely detection and effective response to information security incidents. This will help identify suspicious activity, prevent infrastructure hacking, detect attackers' presence, and enable prompt measures to neutralize threats.
  • Automated tools for analyzing security and identifying software vulnerabilities.
  • Deploy web application firewalls as a preventive measure.
  • Detect sophisticated targeted attacks in real time and in saved traffic with deep traffic analysis. Using such solutions will allow you to detect previously unnoticed attacks and monitor network attacks in real time, including use of malware and hacking tools, exploitation of software vulnerabilities, and attacks on the domain controller. Such an approach quickly identifies attacker presence in the infrastructure, minimizes the risk of loss of critical data and disruption to business systems, and decreases the financial damage caused by attackers.
  • Employ specialized anti-DDoS services.

2. Protect your data

  • Encrypt all sensitive information. Do not store sensitive information where it can be publicly accessed.
  • Perform regular backups and keep them on dedicated servers that are isolated from the network segments used for day-to-day operations.
  • Minimize the privileges of users and services as much as possible.
  • Use a different username and password for each site or service.
  • Use two-factor authentication where possible, especially for privileged accounts.

3. Do not allow weak passwords

  • Enforce a password policy with strict length and complexity requirements.
  • Require password changes every 90 days.
  • Replace all default passwords with stronger ones that are unique and meet strict password policy requirements.

4. Monitor the security situation

  • Keep software up to date. Do not delay installing patches.
  • Test and educate employees regarding information security.
  • Make sure that insecure resources do not appear on the network perimeter. Regularly take an inventory of Internet-accessible resources, check their security, and remediate any vulnerabilities found. It is a good idea to monitor the news for any new vulnerabilities: this gives a head start in identifying affected resources and taking necessary measures.
  • Filter traffic to minimize the number of network service interfaces accessible to an external attacker. Pay special attention to interfaces for remote management of servers and network equipment.
  • Regularly perform penetration testing to identify new vectors for attacking internal infrastructure and evaluate the effectiveness of current measures.
  • Regularly audit the security of web applications, including source-code analysis, to identify and eliminate vulnerabilities that put application systems and clients at risk of attack.
  • Keep an eye on the number of requests per second received by resources. Configure servers and network devices to withstand typical attack scenarios (such as TCP/UDP flooding or high numbers of database requests).

5. Help clients to stay safe

  • Improve security awareness among clients.
  • Regularly remind clients how to stay safe online from the most common attacks.
  • Urge clients to not enter their credentials on suspicious websites and to not give out such information by email or over the phone.
  • Explain what clients should do if they suspect fraud.
  • Inform clients about security-related events.

How vendors can secure their products:

  • All the measures described for organizations, plus:
  • Implement a secure development lifecycle (SDL).
  • Regularly audit the security of software and web applications, including source-code analysis.
  • Keep web servers and database management systems up to date.
  • Do not use libraries or frameworks with known vulnerabilities.

How users can avoid falling victim

1. Do not skimp on security

  • Use only licensed software.
  • Maintain effective antivirus protection on all devices.
  • Keep software up to date. Do not delay installing patches.

2. Protect your data

  • Back up critical files. In addition to storing them on your hard drive, keep a copy on a USB drive, external disk, or a backup service in the cloud.
  • Use an account without administrator privileges for everyday tasks.
  • Use two-factor authentication where possible, such as for email accounts.

3. Do not use trivial passwords

  • Use complex passwords consisting of at least eight hard-to-guess letters, numbers, and special characters. Consider using a password manager (secure storage with password generation feature) to create and store passwords securely.
  • Do not re-use passwords. Set a unique password for each site, email account, and system that you use.
  • Change all passwords at least once every six months, or even better, every two to three months.

4. Be vigilant

  • Scan all email attachments with antivirus software.
  • Be mindful of sites with invalid certificates. Remember that data entered on such sites could be intercepted by criminals.
  • Pay close attention when entering passwords or making payments online.
  • Do not click links to unknown suspicious sites, especially if a security warning appears.
  • Do not click links in pop-up windows, even if you know the company or product being advertised.
  • Do not download files from suspicious sites or unknown sources.