With current world events, the threat of cyberattack has never been more top of mind, both internationally and here at home. The risk of a ransomware attack is a reality for broadcasters, whether local or national, radio or TV, individual stations, station groups, or broadcast networks. Several high-profile incidents, combined with recent events in Eastern Europe, have once again pushed cybersecurity to the forefront for media organizations.
A single ransomware attack can be extremely expensive, both in terms of lost revenue and the expense involved in restoring/replacing compromised hardware and software. As NEXTGEN TV moves the industry closer to IP delivery, digital content protection takes on even added urgency. Cybersecurity for broadcast networks and local stations alike has never been more important.
While nothing can eliminate risk completely, there are several things you can do to help reduce your vulnerability to attack. Below are10 relatively easy and cost-effective steps you can take right now to help protect yourself.
1. Install Antivirus Software on All Servers
It’s surprising how often antivirus software is overlooked. There is a cost involved in purchasing such software but it’s money well spent. And once the software is installed, it’s extremely important to keep it up to date. All reputable software will issue updates regularly to address newly identified threats – threats you will be susceptible to if you don’t install the updates.
2. Whitelist Network Traffic on Critical Servers
Whitelisting is the process of allowing only traffic across your network that is approved by your network administrator. This could be allowing access for a specific application between offices and trusting only the specific port across which the traffic travels. Alternatively, you could specify that only communication from a specific IP address or range or IPs is allowed.
Establish a routine for creating regular backups. Real-time backups are ideal, if possible, but if they’re not, think about the maximum age you’d want your backup files to be if you went off the air right now. That’s how frequently you should be creating backup files. You should also follow the 3-2-1 standard – 3 copies of every backup, stored in 2 locations, at least 1 off-site.
4. Air Gap Your Backups
Air gapping means making sure at least one copy of an up-to-date backup is stored in a secure location that is offline, completely isolated from both the internet and your internal LAN. A backup file that has no connection cannot be remotely accessed, and therefore cannot be hacked.
5. Create a Disaster Recovery Plan
Identify your critical applications and create a defined process for restoring them. Having a plan in place before you need one will save you time – and money – should the unthinkable ever happen.
6. Patch Management
Make sure all systems and software are up to date, running the latest versions, and that all patches and security updates are installed. Keeping everything up to date will help keep you protected as new vulnerability exploits are identified.
7. Perform Annual or Semi-Annual Penetration Tests and Intrusion Detection Scans
A penetration test is an intentional attempt to actively exploit weaknesses in a system, to determine the ease (or difficulty) a hacker might face when trying to do the same. An intrusion detection scan is a test of your system’s ability to identify a potential intrusion and appropriately log the event, as well as alert you, when something suspicious is found.
8. Deploy Single Sign-On and Multi-Factor Authentication
Single sign-on is the process by which employees access multiple systems and applications by signing on once, with a single username and password. This improves security by allowing those credentials to be stored in a single database, rather than in a separate database for each application, each with varying degrees of security. Single sign-on also reduces the risk of lost, stolen, and even just weak passwords.
Multi-factor authentication is a process requiring additional verification factors beyond the typical username and password combination. A common example is a password used in combination with a verification code sent to a mobile device. Multi-factor authentication significantly improves security because access is granted only if the user provides or has access to at least two of the following: something only the user possesses (i.e. an external token generator or mobile phone); something only the user knows (i.e. a password or a PIN); something only the user is (i.e. biometrics such as a fingerprint or iris scan); and/or somewhere the user is (i.e. connected to a specific network or in a specific GPS location).
9. Implement and Enforce Strict Password Requirements
A strong password is one that is more than 12-14 characters long, contains a combination of numbers, special characters, both upper and lowercase letters, and includes no real words (not even one with a $ substituted for an s). You can avoid an office full of passwords-on-post-it-notes by employing a good password manager.
10. Train Employees on Cybersecurity
It’s important not to overlook one of the most easily exploited vulnerabilities in any organization: your people. All employees, in all roles, should be thoroughly trained on cybersecurity. They should be instructed on how to recognize a phishing email, how to recognize and avoid clicking suspicious links, and the risks associated with writing down passwords, client credit card or bank account numbers, or other sensitive information.
Your staff should also be trained on how to recognize and avoid falling prey to social engineering tactics such as pretexting (creating a credible but false pretext, either virtually or in-person, to build trust and obtain confidential information), tailgating (following an authorized person through a controlled entrance to gain access to a secured facility), or quid pro quo (a tactic often employed at networking events or conferences, involving a trade of information – innocuous at first, but becoming increasingly sensitive – for a promised benefit or service).
WideOrbit Offers More Secure Infrastructure for Our Products
WideOrbit offers fully hosted network services that provide a secure environment for your WideOrbit software, without the operational maintenance costs of managing it yourself.
Note: WideOrbit makes these suggestions as a courtesy for our clients. All suggestions are provided “as is”. These suggestions are not, and are not a substitute for, professional advice based on your specific system and environment. WideOrbit has no control over customer-owned infrastructure, and we are not responsible for any future infections that may occur even if all these suggestions are followed.