In the world of self-care and dealing with stresses and anxiety, one of the mantras for mitigation of stresses is to focus on controlling what you can control. We have seen this a lot over the last year and a half during the pandemic, and the increased anxiety level of many people during that time. Because of the lack of control over lives and actions, there was much more anxiety in the lives of people than they have ever noticed. People are told to work from home, told to wear masks, told where and when and how they can move about society. This lack of control over actions became a stress factor for many people. The psychology of survival also teaches to focus down, and control what you can control, and work within those parameters.
Control what you can control is also a successful management tip that encourages focusing on the areas of business decisions where there can be direct control over the outcomes. It is also referenced in business circles and control management or change management. Controlling a situation is establishing a standard, measuring towards the standard, and then if there is a deviation, corrective action to reach the standard. Within that process there is a causal relationship that maintains the standard, and that factor can be controlled to maintain the standard. To maintain operational efficiencies, this standard is imperative.
Then there are other items for which you have no control. These may be decisions from higher up the chain of command, forces from outside the sphere of influence or control, and they are items that cannot be manipulated or addressed directly but must compensated for within the process. With these factors, there has to be the mindset that, while you can't control those events, what you can control is your response to those events.
Control what you can control is a great management tool for life and work. But is also an excellent attitude for specific issues that arise in the world of technology, like malware and ransomware. Technology departments control the safety and security of their environments so there is a standard operating procedure from which all can work. This continuity of service allows for organizational efficiency and allows the flow to be controlled. But when it comes to bad actors and malware/ransomware, you can only control what you can control. Any feeling that the system is impenetrable or secure from ransomware is foolish. All technology teams can do is set best practices to maintain the standard, implement procedures that may impede ransomware or access, but also balance the ability to allow workers to utilize the systems effectively. This balance in security is the essence of control what you can control and control your response to that which you cannot control.
Control what you can control implies best practices for defense against intrusions. There are several ways to establish roadblocks for network vulnerabilities.
Passwords- First and foremost, establishing a secure password is essential. Passwords are the first line of defense, even though not the most secure line of defense. Passwords can be required for extreme security with phrases and character requirements, but eventually this hits a law of diminishing returns where users begin to feel frustrated at the requirements, and then security begins to diminish due to cheats, work arounds, and use of the same password for multiple sites.
Passwordless- Through multifactor authentication (MFA), compliance policies, and conditional access policies, authentication is based on role and activities. Multifactor authentication sends an authentication notice to a known verified location like text, email, app, or biometric to verify identiy. More about passwordless here.
Antivirus- Software on the device that scans for threats to prohibit the actions of the malicious programs to affect the device. These scans check against known definitions to maintain a workstation that is secure.
Hardened hardware- Different operating systems have features that harden the device against any changes that may impact files and folders, causing them to be unusable, such as in a ransomware attack. While not perfect, it is still another line in the defense. Windows 10 and 11 have settings for protecting the device from ransomware, with details here.
vLAN- (Virtual LAN) Method of routing traffic on the network, so that certain devices or traffic is kept from interacting with other traffic on the network. This way, if a printer becomes infected, having it on its own virtual LAN allows it not to have access to phones or certain servers, as a manner of segregating away from other devices, so as not to spread to other critical areas.
Firewall- A device that will block forms of incoming and outgoing traffic from an organization as a means to protect what is inside or prevent something infected inside from spreading outside.
Most important, awareness education about tactics, process, and outcomes. Educating users on the importance of security, the variety of practices to access, and what impacts those vulnerabilities cause will allow the end users better understandings to be able to question items that may (or may not) be access attempts.
These are controllable items that technology departments can use to help minimize the uncontrolled access to network resources. Again, it is foolish to believe that these will keep a bad actor out. But through the use of multi-layered protective actions, this can minimize the chances of ransomware or malware.
So while we control what we can control, we also have to manage our reaction to that which we cannot control. Our response to unverified access is just as important as the defenses that are assembled. There are many resources that can mitigate the situation after a breach.
Backups- The use of backups for data and services allows for the ability to recover more quickly after an infection or attack. Best practices is to backup sensitive to 3 locations: 2 onsite and 1 offsite. This practice helps maximize the ability to have a backup that is accurate and can maintain business practices.
Restore from backup- Having a backup is the first step but having the ability to efficiently recover that data to a usable state is just as important. Frequent practice attempts with a verified procedure to recover various backups will clean up the procedures required for quickly restoring that data for business continuity.
Mitigate losses- once a breach is discovered, sealing that off as quickly and effectively as possible will minimize the effected footprint. That may include locking down systems or potential reloads.
Intrusion inspection- Learning from evaluation of the intrusion, and the methods used to gain access will help prepare new defenses to secure the new vulnerability.
Transparent communications- Complete protection from a ransomware or malware attempt is vain to consider. Humility in understanding that everything is vulnerable will aid the tailoring of communications should a breach occur. A communications plan that details the situation and steps being used to mitigate the situation provides trust in the ability to manage the situation.
When you control what you can control, you focus your energy appropriately. Stress over every scenario is unsustainable, as intrusion methods adjust real-time to defenses. Controlling what can be controlled mitigates opportunities, helps to establish a hard target, and lessens the opportunity cost of attack. Controlling the response to what cannot be controlled establishes a course of action to regain trust and operational efficiencies. Together, this preparation level will maintain focus on the tools and services to protect business practices.
