Cybersecurity presents a unique set of challenges for small organizations. Due to their limited size and budget, they often cannot afford a dedicated security team, and therefore tend to rely on just one person for their cybersecurity needs. This individual often struggles to manage all the recommended or necessary tasks due to time constraints or resource limitations, which can lead to cascading consequences where security issues are handled as they arise which, more often than not, is too late to prevent severe impacts.

Additionally, the water sector has been targeted by robust threat actors, such as nation-state APTs, adding additional risk to small utilities. Malwarebytes shares some strategies that small utilities can incorporate which will help alleviate some of this risk. While these strategies are great for smaller utilities, all utilities can benefit from their implementation.

1. Enable staff. Your staff need to know what is expected of them, and what not to do. Make cybersecurity a company-wide issue.
2. Know your equipment. Being aware of your networking equipment, endpoints, and devices is crucial—not only to identify what requires protection but also to recognize potential vulnerabilities.
3. Patch and update promptly. After identifying the hardware and software in your environment, it is essential to implement effective patch and vulnerability management.
4. Lock things down. Implementing a strict policy to safeguard your critical assets through the use of strong passwords and multi-factor authentication (MFA) should be a fundamental practice. To simplify the process for your staff, consider utilizing a single sign-on service or providing them with a password manager.
5. Use a firewall and VPN. A firewall protects an entry point to a network while a VPN creates an encrypted tunnel between two networks. Both are important for network security.
6. Protect your systems. Ensure that all your devices are secured with cybersecurity solutions. Logs should be clear and easily understandable for all readers, whether they are your employees or those of a service provider.
7. Consider your supply chain safety. Organizations need to understand what level of protection their providers or others with access to their resources have in place. Ransomware is contagious, so if your providers have it you likely will too.
8. Have a recovery strategy. When a security issue occurs despite your efforts to secure your environment, it’s essential to have a plan in place to manage and mitigate the consequences.

For more information on each of the above strategies, visit Malwarebytes.