10 tips for protecting businesses from an Anthem-style breach
With the way cyberattacks are going, pretty soon we might all have free identity theft monitoring. Like millions of other Anthem health-care customers, I recently signed up for 24 months of monitoring following the data breach involving Anthem customer records.
The incident is another reminder to businesses of the importance of protecting networks and data. Unlike Home Depot, Target, and other recent giant cyberattacks, this attack appears to have been an Advanced Persistent Threat, or APT.
So what is an APT attack, and how do you help protect your business against it?
APT attacks usually start with malware delivered by email or an infected website. These attacks are normally targeted at specific employees or roles. For example, the criminals send an email with the subject line “compensation analysis spread sheet” to an HR employee from a known contact. The HR employee thinks the message is legitimate and opens it.
The goal initially is to gain control of a machine on the network, and use that compromised user’s password and username to log into other devices and applications on the network in a process known as “lateral movement.” The hackers search for vulnerable servers with “administrator” privileges and servers that contain data. Once they have access to the data, they begin to transfer it out of the network.
Here are 10 things business owners should consider to protect against APT attacks:
- Install anti-virus protection on each computer and device on your network.
- Filter emails at the server, and be particularly suspicious of e-mail containing hyper-links.
- Filter Web browsing with a subscription service that will continuously categorize websites and filter dangerous and suspect sites and can also be configured to filter “uncategorized” sites for added protection.
- Train employees to recognize, avoid, and respond appropriately to phishing attempts.
- Monitor outbound connections for sensitive data.
- Block encrypted connections to unknown sites and to suspected or known malicious sites.
- Block access to personal email, file-transfer, and data storage sites, including cloud backup.
- Monitor your company’s databases and servers for unusual activity.
- Enforce a policy of “least-privilege.” Users on your company’s network should have access to no more applications than their job requires.
- Enforce two-factor authentication for administrative access to critical servers.
Have a question about security and protecting your business? Send us a comment below.