Use this button to switch between dark and light mode.

Protect Your Company: Top Ways to Mitigate Rising Cybersecurity Risk

February 24, 2021 (6 min read)

It’s no secret that the cyber threat landscape has intensified since spring 2020, when many businesses switched to remote work in rapid fashion—sometimes delaying safeguards. But now, even if you have some cybersecurity protections in place, heightened uncertainty and sophisticated threat actors can increase your company’s cyber risk.

The uptick in cyber threats to large and small companies has involved email phishing schemes, ransomware attacks with large ransom demands, fraudulent wire transfers and help desk scams. How can you keep threats to your network, data and business in check?

Drawing on insights shared by technical and legal leaders from Kroll and BakerHostetler, this article highlights three ways to help you enhance data protection and mitigate risk.

1. Improve collaboration between security and IT departments.

Your IT department and security team are often at odds. The primary focus for IT may be making sure a technology implementation will work, while security focuses on potential vulnerabilities. Both perspectives are important, and decision‑makers need to manage the dynamic.

  • Take network capabilities and security safeguards into account when expanding infrastructure or changing the way people can legitimately access a network.
  • Build security program strengths in both detecting a cyber threat and ejecting a threat actor from the network.
  • Increase user awareness of cybersecurity risk to help combat phishing attacks, and establish ongoing training inside and outside the IT and security teams.
  • Work with your company’s incident response team to develop and test backup and disaster recovery protocols designed for the volume and rapid response needed—whether you back up to tape and/or use a cloud-based service.
  • Consider going to an outside consultant for cyber risk assessment, penetration testing, vulnerability assessment and advice on mitigation.

2. Focus on security fundamentals.

Layering the following technical controls in your network makes it much harder for an intruder to enter.

 Adhere to patching protocols to ensure you regularly update and fix issues involving edge devices, such as firewalls and VPNs, as well as computers, servers, operating systems and applications. Patching can make it more difficult for an attacker to get in and move quietly around a network. These updates are important, but also may bring some downtime risk, noted Pierson Clair, managing director of cyber risk at Kroll, who recommends that each organization look at its own vulnerability management to determine an approach.
 Set up multifactor or two-factor authentication (2FA) for remote access via VPN, remote desktop protocol and email. What is two-factor authentication? In addition to a username and password, 2FA involves another unique key—perhaps a six-character code that’s texted to your phone or appears on a physical security token. If you require just a username and password, said Clair, an attacker accessing your network can look like a normal user unless someone is watching very closely. Two-factor authentication raises the bar for an attacker trying to gain access.
 Change passwords regularly. Depending on risk factors, password change could be on a 90‑ or 180-day rolling basis, even if you have 2FA in place.
 Carefully assign administrative access—don’t assign rights broadly to reduce help desk calls. With admin rights, someone can inadvertently click a malicious link and install malware, ultimately allowing an attacker into your network.
 Set up advanced endpoint detection and response capability so that once an attacker is in and performing recon for a day, or perhaps a week, you’re in a better position to catch the attacker before data is stolen and a ransomware attack launches. Tied to that is the ability to slow an attacker down by segmenting critical data where it’s harder to access.
 Manage vendors with cybersecurity safeguards in mind, performing due diligence in advance and making sure they use the proper protocols if they are accessing your environment. Why is vendor scrutiny so critical? Sara Goldstein, partner at BakerHostetler, explained, “Many organizations have been impacted because a vendor was attacked, not because they were attacked.” For example, BakerHostetler has seen a number of incidents involving ransomware attacks that spread to multiple organizations through vendors that had access to those organizations’ environments. In addition, BakerHostetler has seen an uptick in the number of incidents where an organization cannot access its data because their vendor experienced a cybersecurity incident that rendered the data unavailable, because either the data is encrypted or it has been taken by threat actors.

Concerned about the possibility of a data breach or ransomware attack, many companies already have at least some of the components listed above in place, but layering them is key to combating today’s threats. Said Andreas Kaltsounis, partner at BakerHostetler, “We’ve been talking about multifactor authentication for years, but now we’re driving home that you’ve got to have multifactor identification on VPN or remote desktop connections to potentially prevent an enterprise-crippling event.”

3. Perform due diligence and contact law enforcement following a ransomware attack.

In a ransomware situation, engage your crisis response team and, if applicable, your cybersecurity consultant. Kaltsounis also said it’s always a good plan to contact law enforcement to find out about potential connections to sanctioned parties.

Companies must perform due diligence in order to really know, or attempt to know, who they are considering paying. If your company doesn’t already have procedures in place for OFAC diligence and clearance, Kaltsounis recommends adopting a robust diligence process now and documenting it so that if questions come up later, you can demonstrate the process you used.

Relevant law enforcement to contact can include the FBI, the Secret Service, the Department of Homeland Security (DHS) or a state law enforcement agency. Kaltsounis noted that not only does the FBI take incident reports, investigate, try to find the people involved and bring charges against them, but they also may be able to share intelligence with victim organizations to help them understand who is attacking, what techniques they are using and possibly what details can help organizations kick the attackers out of the network.

“Over the past decade, the FBI has gotten very good at working with victim organizations in a non-threatening, non-confrontational way,” said Kaltsounis. “Our feeling is that in almost every case, there are far more benefits to engaging with law enforcement than not engaging with them. With the recent OFAC advisory, I think it’s even more important.”

This article is presented by LexisNexis on behalf of the author. The opinions may not represent the opinions of LexisNexis. This document is for educational purposes only and does not guarantee the functionality or features of LexisNexis products identified. LexisNexis does not warrant this document is complete or error-free.

About LexisNexis® Legal & Professional
LexisNexis Legal & Professional is a leading global provider of legal, regulatory and business information and analytics that help customers increase productivity, improve decision-making and outcomes, and advance the rule of law around the world. As a digital pioneer, the company was the first to bring legal and business information online with its Lexis® and Nexis® services. LexisNexis Legal & Professional, which serves customers in more than 150 countries with 10,600 employees worldwide, is part of RELX, a global provider of information-based analytics and decision tools for professional and business customers.