The threat of ransomware is a reality for broadcasters, whether local or national, radio or TV, individual stations, station groups, or broadcast networks. With several high-profile incidents making the news over the past year, cybersecurity resources for broadcasters are in high demand. A single attack can be extremely expensive, both in terms of lost revenue and the expense involved in restoring/replacing compromised hardware and software.
And with Next Gen TV moving the industry closer to IP delivery, digital content protection takes on even added urgency. Concerns around cybersecurity for broadcast networks and local stations alike are top-of-mind.
While nothing can guarantee 100% protection, there are several things you can do to help reduce the likelihood of an attack. Below is a list of 10 relatively easy – and (mostly) free – things you can do right now to help better protect yourself.
- Install Antivirus Software on All Servers
This may seem obvious but it’s surprising how often it’s overlooked. There is a cost involved in purchasing antivirus software but it’s money well-spent. And once the software is installed, be sure you keep it up to date. Any reputable software will issue updates regularly to address newly identified threats – threats you will be susceptible to if you don’t install the updates.
- Whitelist Network Traffic on Critical Servers
Whitelisting is the process of allowing only network administrator-approved traffic across your network. This could be allowing access between offices for a specific application and trusting only the specific port across which the traffic travels. Alternatively, you could specify that only communication from a specific IP address or range or IPs is allowed.
Establish a routine for creating regular backups. Real-time backups are ideal, if possible, but if they’re not, think about the maximum age you’d want your backup files to be if you went off the air right now. That’s how frequently you should be creating backup files. You should also follow the 3-2-1 standard – 3 copies of every backup, stored in 2 locations, at least 1 off-site.
- Air Gap Your Backups
This could probably be included under Backups but it’s extremely important, so we’re mentioning it on its own. Air gapping means making sure at least one copy of an up-to-date backup is stored in a secure location that is offline, completely isolated from both the internet and your internal LAN. A backup file that has no connection cannot be remotely accessed, and therefore cannot be hacked.
- Create a Disaster Recovery Plan
Identify your critical applications and create a defined process for restoring them. Having a plan in place before you need one will save you time – and money – should the unthinkable ever happen.
- Patch Management
Make sure all systems and software are up to date, running the latest versions, and that all patches and security updates are installed. Keeping everything up to date will help keep you protected as new vulnerability exploits are identified.
- Perform Annual or Semi-Annual Penetration Tests and Intrusion Detection Scans
A penetration test is an intentional attempt to actively exploit weaknesses in a system, to determine the ease (or difficulty) a hacker might face trying to do the same. An intrusion detection scan is a test of your system’s ability to identify a potential intrusion and appropriately log the event, as well as alert you, when something suspicious is found.
- Deploy Single Sign-On and Multi-Factor Authentication
Single sign-on is the process by which employees access multiple systems and applications by signing on once, with a single username and password. This improves security by allowing those credentials to be stored in a single database, rather than in a separate database for each application, each with varying degrees of security. Single sign-on also reduces the risk of lost, stolen, and even just weak passwords.
Multi-factor authentication is a process requiring additional verification factors beyond the typical username and password combination. A common example is a password used in combination with a verification code sent to a mobile device. Multi-factor authentication significantly improves security because access is granted only if the user provides or has access to at least two of the following: something only the user possesses (i.e. an external token generator or mobile phone); something only the user knows (i.e. a password or a PIN); something only the user is (i.e. biometrics such as a fingerprint or iris scan); and/or somewhere the user is (i.e. connected to a specific network or in a specific GPS location).
- Implement and Enforce Strict Password Requirements
A strong password is one that is more than 12-14 characters long, contains a combination of numbers, special characters, both upper and lowercase letters, and includes no real words (not even one with a $ substituted for an s). You can avoid an office full of passwords-on-post-it-notes by employing a good password manager.
- Train Employees on Cybersecurity
It’s important not to overlook one of the most easily exploited vulnerabilities in any organization: your people. All employees, in all roles, should be thoroughly trained on cybersecurity. They should be instructed on how to recognize a phishing email, how to recognize and avoid clicking suspicious links, and the risks associated with writing down passwords, client credit card or bank account numbers, or other sensitive information.
Your staff should also be trained on how to recognize and avoid falling prey to social engineering, tactics such as pretexting (creating a credible but false pretext, either virtually or in-person, to build trust and obtain confidential information), tailgating (following an authorized person through a controlled entrance to gain access to a secured facility), or quid pro quo (a tactic often employed at networking events or conferences, involving a trade of information – innocuous at first, but becoming increasingly sensitive – for a promised benefit or service).
WideOrbit Offers More Secure Infrastructure for Our Products
WO Cloud is a fully hosted network service providing a secure environment for your WideOrbit software, without the operational maintenance costs of managing it yourself.
Note: WideOrbit makes these suggestions as a courtesy for our clients. All suggestions are provided “as is”. These suggestions are not, and are not a substitute for, professional advice based on your specific system and environment. WideOrbit has no control over customer-owned infrastructure, and we are not responsible for any future infections that may occur even if all these suggestions are followed.