The White House Memo on Cybersecurity: An Overview

The White House Memo on Cybersecurity: An Overview

On June 2, the White House sent out a cybersecurity memo about the threat ransomware is posing to every industry. The JBS meat plant, the largest meat producer in the world, was hit with ransomware. The Colonial Pipeline was shut down. Now, the White House is calling on business owners, including small business owners, across the country to step up and provide the more robust security protections needed to not only protect individual businesses but to maintain industry functionality and prevent the kinds of challenges the American people experienced in the aftermath of attacks like the JBS meat plant or the Colonial Pipeline attack.

The White House memo called out five key areas in which businesses need to become more conscious of their security measures and protections.

Backups

In addition to simple data, it’s critical to have images and configurations backed up as well as the essential data that keeps your business running at peak efficiency. It’s not just about ensuring that you have basic-level backups–or worse, backups that are stored on the same internal system as your existing data, which could make it easy for hackers to lock down the backups along with the rest of your data. Instead, your business needs fully functional data backups that can get you back up and running again in the event of a disaster.

Software Updates

Many businesses are using software that has never been updated. Software updates may feel like a time-consuming proposition, especially when you’re already overloaded with other tasks within your IT department. Those software updates, however, can prove essential to your overall business functionality.

Updates don’t just help keep the software running more smoothly or address potential problems with its functions. Often, software updates address potential security holes that could pose an immense challenge for your business. If you don’t have a plan in place that installs and tests those updates regularly, you could find yourself extremely vulnerable to hackers.

Testing Your Security Response Plan

You may have a robust security response plan, but if you don’t test it, you may not know whether your disaster response plan will really offer the support your business needs in an emergency. It’s like running a fire drill: you don’t know the effectiveness of your plan until you actually try it out and see how your people respond.

During a fire drill, you have a chance to test every element of your plan. You can find out how well your current solution notifies everyone of a potential fire, how well your evacuation plans work, and even how well your employees can check in once they’ve evacuated the building. Your security response drills serve the same purpose: they allow you to see and address any potential problems with your current security solutions in a low-stress environment. You can test how well your data backups are actually working, determine whether you actually have the information you need to get your business back online quickly, and even get a better idea of exactly what elements you might need to add to your disaster response plan. Furthermore, those drills can prepare your team for a real threat, which means that when one arises, they will be more likely to respond exactly as you need them to.

Outside Audits

You have outside audits for a lot of things, including your books–and your cybersecurity defenses should be no exception. You can have the best internal cybersecurity team in the world, but chances are, they don’t know everything about every element of cybersecurity. Furthermore, familiarity with your network can leave your team feeling very secure in your overall level of protection while they mistakenly look over a potential threat that could cause immense problems within your network.

An external cybersecurity audit can provide an outside perspective on your existing cybersecurity measures and, in many cases, help you find ways to close those holes and create better, more effective defenses. Often, an external provider can give you a better idea of how you can practically and inexpensively solve problems that you may not even have noted in the past. Cybersecurity testing companies typically focus on exactly that–cybersecurity–which means they’re also highly familiar with the latest challenges, threats, and tools in the industry, so they can provide you with a higher degree of protection than your internal team may have the means to offer.

Segmenting Your Network

When hackers gain access to your network from a single point, they can often use that point to spread throughout your network, steadily increasing their access until they can access the data they’re really looking for or cause more serious problems for your organization as a whole. Make sure that an attack on one side of your network cannot get to the other! By segmenting your network, you can close off potential avenues of attack and decrease the damage done to your network as a whole.

Network segmentation may be as simple as separating different departments and areas within your company, or it might mean a more extensive segmentation effort: keeping your essential data separate from the data used by your employees on a regular basis, for example. You should also segment the guest network away from the one used by your organization, since you don’t want someone plugging into the guest network and inadvertently creating a serious security breach. The degree of segmentation you need may depend on the number of people who access your network on a regular basis and the amount of data that moves through it.

As cybersecurity threats increase across the nation, even the White House is acknowledging the importance of maintaining those high levels of security for your business. Whether you simply need an IT provider who will help you manage more of your technology and keep your business running smoothly or you’re looking for a better cybersecurity solution that will help you meet these increasing standards, we can help. Contact us today to learn more about our cybersecurity options and how we can help you protect your vital network–and continue to provide the services your customers need.