At the beginning of March this year, hackers attempted to break into the email accounts of World Health Organisation staff members. Around the same time, the Department of Health and Human Services (HHS) faced a security breach.
It goes without saying that COVID-19 pandemic has upended every aspect of our daily lives- from work and financial security to mental health and leisure. And Builders, unfortunately it doesn’t end there. At this time of heightened vulnerability, business institutions across the globe have also been witnessing an alarming rise in cyber-attacks.
At the beginning of March this year, hackers attempted to break into the email accounts of World Health Organisation staff members. Around the same time, the Department of Health and Human Services (HHS) faced a security breach. After picking up on the increase in activity, security employees monitored and fought the breach for several hours.
In case you missed it, recently the National Cyber Security Centre (NCSC) and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory against government-backed hackers attacking healthcare and research institutions during COVID-19. “CISA and NCSC continue to see indications that advanced persistent threat (APT) groups are exploiting the Coronavirus Disease 2019 (COVID-19) pandemic as part of their cyber operations,” the agencies said in a statement.
But there is enough evidence to prove that the interest of attackers goes beyond just these institutional giants. If you ask us, every business irrespective of the industry, from finance, law, nonprofits to fashion and education, both big and small, are equally at risk.
So, that brings us to the big question:
Since cybercriminals continue to get more innovative and find new ways to breach, the ideal practice is to keep your business’ cyber security policies up to the minute. Smart businesses recognise threats and eliminate risks early to keep their data safe and avoid any breaches. Don’t worry; we are here to help you get started. Be warned; this may get technical. We hope you have your tech dictionaries open, Builders.
Here are our 3 fundamental best practices for enterprise security in 2020:
Every industry and business within comes with its own set of specific hidden risks, and therefore, meeting standard regulations isn’t entirely enough. We recommend regular risk assessment wherein you identify all valuable assets and the efficacy of the current cyber security set up, and the new strategy required to counter any new threats. This simple practice will help you avoid fines for failing to comply with regulations, remediation costs for potential breaches, and the losses from missing or inefficient processes.
Ever since ransomware got introduced into our lives, having a full and current backup of all data has become almost a standard practice in information security and deserves a mention here. Just to give you a clearer picture, here are some of our data back and retention policies at Builder.ai:
· We have enabled EC2 server backup through AWS Lifecycle Manager and set a cloud watch event for that function, which runs at every midnight taking backup of EC2 server by making an AMI of that EC2 server.
· And the second option is that we have scripts for taking backup of EC2 server, for this we have launched a minimum configuration server and have that script on that server, which runs every midnight and makes AMI of that particular server.
· We have set the retention period to delete the AMI after 7 days of creation and for that we have configured lambda function and cloud watch event for that. The second option is the script for deleting 7 days old AMI. And for our RDS we have enabled Automatic backup of RDS DB servers.
Critically evaluate and determine stakeholders that absolutely require privileged access to sensitive data and restrict access wherever possible. The opposite scenario, where all new employees are granted privileges by default increases the probability of data compromise by giving away sensitive data as soon as any of the employee accounts is hacked. For instance, here are our authority, access and data security policies at Builder.ai:
AWS Console and API Access
Remote Access to client servers by Builder.ai resources
Direct Access
Sign up to our newsletter to get monthly updates on new posts, discounted tickets for our events and possibly some candies, too.