The SolarWinds hack may be the largest and most damaging cybersecurity incident in history. SolarWinds is an IT management software company whose software is used by thousands of customers.
Hackers, suspected to be Russian, used SolarWinds as a gateway to access hundreds of other companies and government agencies, including the U.S. State Department, Department of Homeland Security, the Commerce Department, as well as tech heavyweights Cisco Systems and Intel.
This is a perfect example of why supply chain cybersecurity is so critical. SolarWinds was not the ultimate target. It was systematically used as a gateway to access high-value targets. The lesson for SMEs: Never think you don’t need to worry about cybersecurity! Never think you’re safe because your enterprise is too small, or you don’t have anything hackers would want.
To re-state what should be obvious: In today’s inter-connected digital world, every organization of any size is a potential target. Hackers seek the path of least resistance and will go through you to get at your bank or your payroll company or your customers or suppliers.
Here are some basic things you should immediately do to protect yourself. Share these tips with your employees and with any company in your business network. We need to work together to improve cybersecurity for all.
- Passphrases: immediately change your passwords to 15-character passphrases. It has been reported that some employees at SolarWinds were using “solarwinds123” as their password. Don’t make it easy for hackers to crack your passwords.
- Multi-factor authentication: use it any time it is offered. If it is not offered, consider switching to a software or service that does offer it.
- Phishing: Do re-fresher training for employees on how to spot a phishing email or text. The email may even look like it is coming from another person in your company. Reinforce the message to never open an attachment or link if at all suspicious. Contact the person through alternative channels to verify it is real.
- Devices: Review what devices your employees are using to connect to your network. If they are using personal devices, make sure they follow your rules about passphrases and software updates.
It is urgent for all companies to develop a culture of cybersecurity. Start today by building awareness among your employees. Push them to develop good cyber habits. It is critical to your company and to every person and company you touch. Change behavior – Be Cyber Ready
Craig is director of content and tool development for the Cyber Readiness Institute.