Important Cybersecurity Information That May Just Save Your Butt!
The year 2020 will largely be remembered as the year of the pandemic, and rightly so. COVID-19 disrupted lives and caused severe economic hardship, and continues to do so in 2021.
However, 2020 was also the year that cyberattacks grew 400% compared to the previous year, according to Cyber Threat Intelligence League, a collective of over 1400 cybersecurity professionals and government experts from 40 countries.
Today’s threats are evolving:
- The global cybercrime industry will cause up to $6 trillion in damages in just a few years.
- The average phishing attack costs businesses $1.6 million – can you afford to pay that price because one of your staff members can’t recognize a phishing email?
- It takes most businesses up to 6 months to find out that they’ve experienced a data breach.
Having the right cybersecurity technology is a necessary part of doing business in today’s world. Do you have the multi-layered defense you need to truly stay safe?
Despite the rampant rise of cybercrime across the country and around the world, many small business owners remain skeptical of the importance of cybersecurity. One of the most common assumptions is that cybercriminals are only focusing on bigger organizations, and so, small businesses don’t have to invest as much in their defensive capabilities.
When you look at the stats, that’s not really the case:
- Whereas 43% of cybercrime attacks target small businesses, only 14% are able to defend themselves
- 66% of businesses have experienced a cyber attack in the past year
- It can take up to 197 days for a small business to discover they’ve been hacked
That’s why you need to step up your cybersecurity efforts. Palindrome Consulting recently gave an in-depth presentation on cybersecurity necessities for the Florida Public Defenders Association.
In this article, we pass along the same expert insight to you. When it comes to cybersecurity, the first step is to find out where you stand…
Assess Your Cybersecurity
Cybersecurity risk assessments are extremely important. By having an experienced IT security company examine your cybersecurity from top to bottom, you can verify the effectiveness of your cyber defenses.
Unfortunately, not all cybersecurity risk assessments are created equal. Some offer nothing more than a technician checking off items on a list:
- Do you have a firewall in place?
- Do you have an antivirus solution in place?
- Is there a data backup in place?
While these are certainly all important aspects of a viable cybersecurity posture, checking them off a list is not enough on its own — you need a comprehensive and robust analysis of your IT systems and the practices that govern their use.
How To Protect Your Business
A core component of cybersecurity is protection. The many assets incorporated in an IT environment need to be properly defended in order to mitigate common cybercrime techniques.
Protect Your Wireless Networks
Wi-Fi is a necessary part of doing business. Staff and visitors cannot go without it, so it becomes the business’ responsibility to make sure it’s secured, simple as that.
- Turn off broadcast so that the SSID is not available for others to see.
- Use WPA2-Enterprise security, which forces per-user authentication via RADIUS for access.
- Double-check radio broadcast levels at default to make sure they don’t extend outside your building.
- Create a Guest Network that’s segmented and has a limited bandwidth so that those visiting the building don’t have any chance of access to company data.
- Monitor the network, and log events to track any activity by the employees and other contacts with network access.
Keep Your Programs Up To Date
Patch management is a simple yet critical part of effective cybersecurity. If a software provider releases a security patch, it’s not something owners and managers can wait to address — it needs to be installed right away to ensure systems aren’t vulnerable to a cybercrime attack.
Limit Unnecessary Physical Access
Cybersecurity measures won’t amount to much if the company’s laptops, tablets, smartphones, and other devices are left out in the open for anyone to take.
It’s one thing for a cybercriminal to hack into a business’ systems remotely. It can be significantly easier if they’re doing so directly on a business device. That’s why businesses need to:
- Keep business devices under lock and key when not in use.
- Maintain a detailed inventory of who has authorized use for specific business devices.
- Don’t leave the login information on a sticky note on the keyboard of the device.
Manage Account Lifecycles And Access
This is one of the more basic steps on the list, but no less important. It can’t really be automated or outsourced to any technological aids; it’s just about doing the work. Business owners need to have a carefully implemented process to track the lifecycle of accounts on your network.
- Follow a careful system for how accounts are created for new members, how their security is maintained and verified through their life, and how they are removed when no longer needed.
- Implement secure configuration settings (complex passwords, MFA, etc.) for all accounts.
- Implement controls for login and use, such as lockouts for too many unsuccessful logins, unsuccessful login alerts, and automatic log-off after a period of inactivity.
Protect Mobile Devices: Implement Mobile Device Management and Bring Your Own Device policies that allow employees to use their own devices in combination with the business’ without compromising your security:
- Require password protection and MFA for mobile devices.
- Deploy remote access software that allows you to locate lost/stolen devices, and remotely wipe their data if need be.
- Develop a whitelist of apps that are approved for business data access.
How To Detect Threats
Another priority in a business’ cybersecurity strategy is detection. If a business’ IT team can identify incoming attacks and neutralize them before they take effect, they can further lower the risk they pose to the business.
This is the practice of monitoring IT systems (through both automated tools and manual oversight) to identify potentially dangerous events and address them before they become serious threats.
Intrusion Detection & Prevention
These systems can further improve event monitoring efficacy by scanning for known security events and raising the alarm when they are identified.
Threat monitoring is the practice of staying up to date on the latest cybercrime attack vectors. This is a key part of Cybersecurity Awareness Training (see below) and ensures your staff actively contributes to organization-wide detection processes.
How To Respond To Cyber Attacks
Lastly, it’s important to note that no business owner can assume they’re 100% secure at any time. A robust cybersecurity strategy has to account for the possibility of a breach, and detail a range of response methods and failsafe capabilities.
How To Respond To An Attack: Owners and managers should have a detailed strategy in place for each type of attack. For example, do you know how to act if you were to discover a ransomware attack in progress?
- Disconnect: If a business suspects their networks are at immediate risk, the first step is to disconnect the computer from the company’s network to inhibit further exploitation attempts on other systems. Simply remove the network cable from its connection point, usually a tower or laptop. This step should be then followed by disabling the WiFi settings. It is critical that this is performed manually to make sure it’s been properly disconnected.
- Power Down: Once the computer has been removed from the network, it is then necessary to power down the machine to prevent any potential damage.
- Contact Your Cybersecurity Professionals: Whether you have one on speed dial or not, your next step is to get professional assistance.
Don’t Forget To Train Your Staff Members
An organization’s staff can have a significant effect on your cybersecurity – either they know enough to keep the assets secure, or they don’t, and therefore present a serious threat to company security.
Business owners that are not confident in their staff’s level of cybersecurity may need to invest in training. Security awareness training helps employees know how to recognize and avoid being victimized by phishing emails and scam websites.
They learn how to handle security incidents when they occur. If employees are informed about what to watch for, how to block attempts, and where they can turn for help, this alone is worth the investment.
A comprehensive cybersecurity training program will teach staff members how to handle a range of potential situations:
- How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
- How to use business technology without exposing data and other assets to external threats by accident.
- How to respond when you suspect that an attack is occurring or has occurred.
Expert Cybersecurity Assistance That Will Save Your Butt
The Palindrome Consulting team will deliver the support and solutions needed to keep your business confidently protected against the threats present in today’s digital world. We will keep your data secure, both on your local systems, as well as in the cloud.
We will take care of your digital defenses, so you can know you’re secure and focus on your work.