PKT Hosted Cybersecurity Q&A for Small Business Leaders
On March 3, Pearson-Kelly Technology and Springfield Tech Council hosted a Cybersecurity Q&A for Small Business leaders with speakers Jay Ryerse of ConnectWise and Tyler Stilley of Pearson-Kelly Technology. The event brought in 75 individuals from businesses across Springfield and the surrounding cities to discuss the business ramifications of the Russia-Ukraine conflict and walk through four scenarios small businesses are likely to experience.
Watch the Recording
What Can I Do Now to Prepare for a Cyberattack
There are strategies and tactics businesses can implement relatively quickly to bolster their cybersecurity practices, but the first step should be to assess and understand their current environment. Without a baseline understanding of where the business sits, it’s nearly impossible to prioritize what should happen and when. Some things businesses can do are:
- Verify software patches and updates are installed on all devices.
- Enable Multi-Factor Authentication (2FA)
- Change passwords for network devices and require 2FA.
- Remove internet-facing management consoles.
- Upgrade end-of-service software or hardware.
- Document and train on the process for reporting suspicious activity
- Implement SIEM
- Test backups and take at least one version offline every month.
- Review policies and procedures, especially incident response plans.
- Perform a cybersecurity assessment.
Two Changes Impacting the Cybersecurity Industry
The ground beneath the feet of cybersecurity experts was shaken twice in the last month. First, when hacker groups started taking sides in the Russia-Ukraine conflict. Then again, when the Senate passed legislation requiring businesses to report hacks on March 3.
Industry experts across the globe are preparing for a Cyber World War in the wake of the Russia-Ukraine conflict. They see reports of hackers and other threat groups readying themselves for cyber conflict. No one has launched an attack, though many have stated they will once sanctions are imposed on Russia. When those attacks come, these groups will go after critical infrastructure like transportation, financial services, oil pipelines, and power grids. No one is sure of the targets, but experts are gearing up now for an attack like we’ve never seen before.
In a stroke of unbelievable timing, the United States Senate unanimously passed legislation on March 1 called The Strengthening American Cybersecurity Act, which comprises three bills intended to increase public and private sector security. It expands rules for companies across 16 sectors of critical infrastructure. This act requires covered businesses to report designated breaches to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours and any ransomware payments within 24 hours. The 16 critical infrastructure sectors identified in the Act are chemical; commercial facilities; communications; critical manufacturing; dams; defense industrial base; emergency services; energy; financial services; food and agriculture; government facilities; health care and public health; information technology; nuclear reactors; materials and waste; transportation systems; and water and wastewater systems.