Part one in a three part series outlining the best multi-level Cybersecurity Plan you can adopt to protect your business from Cyberattack.
In 2014 former Distribute.IT co-founder Carl Woerndle and his brother Alex lost their multi-million dollar business and their family homes due to a cyber-attack of unprecedented proportion. Distribute.IT was a business that was very robust in its approach to security. They continuously defended themselves and their clients against cyber-attacks. However, despite this, they still managed to lose everything. Many small businesses think that larger companies and government departments that are the focus of cyber-attack. However small business is the target of 43% of cybercrime.
Due to the rapidly changing nature of cybercrime, it’s essential that you adopt a multi-level strategy for your businesses’ cybersecurity. Managed Service Providers (MSPs) are best positioned to offer and manage this level of comprehensive security coverage. However, regardless of who is managing your information technology (IT) security, it is impossible to secure any IT environment completely. Technology is changing too rapidly to ensure a bullet-proof solution. This article is the first in a three-part series on what you can do to protect your business as much as you ever can against cyber-attack
When it comes to cybersecurity, 87% small businesses think anti-virus software will do the job. However, this is just a component of what needs to be done to adequately protect your enterprise. It’s a bit like locking the front door at night and leaving all the windows and the back door open. You need to ensure you have shut and locked all the doors and windows and renewed your insurance in the event of a break in.
One of the first measures you should adopt is a vulnerability assessment and management plan. Examine your users, their user IDs and passwords. How often do they change them and update their passwords? Who has access to the network and what are they authorised to do on it? Also look at network configuration errors and any unauthorised changes. Auto-vulnerability scanning and remediation software is now available. This software identifies potential areas of vulnerability and initiates remedial actions that can be taken to address where you are most at risk. It will also help ensure that your network protocols are up to date and complied with.
Malware often gets in via vulnerabilities in applications and software, like Adobe, that are left unpatched. Your MSP can largely automate the patching process so that it is not left to any individual’s manual discretion.
Ensure all devices, smartphones, laptops and workstations are protected.
With so many different devices and types of computers now being used by businesses, it is imperative that any device or computer that can access your network or data is protected. This is called endpoint security. Anti-virus software alone on your endpoints is not adequate. You should have a separate managed security platform that detects and blocks malware and spam and phishing attempts. (Phishing is when a series of fraudulent emails are sent from someone posing as a credible company to try and obtain personal details such as a date of birth or password.)
Any security platform must also offer protection from adware botnets as well. (A botnet is a group of computers that are utilised in a coordinated way for nefarious purposes.) Always get a centrally managed security platform that monitors each device and computer and can identify the point where any malware has entered the system.
Content filters are a must.
Content filters set rules to ensure that email and websites get screened for certain things and they help to ensure that potentially dangerous files don’t get downloaded. They also have the added bonus of guaranteeing staff don’t access potentially “undesirable” content.
Email is still a high-risk entry point for cyberattack.
Email is favourite for hackers because it offers an easy way into a network or device. This is primarily due to human error where employees and contractors open a malicious file by accident. Email security is a two-part strategy one that involves appropriate software and also the education of staff which we will cover off in the third and final part of this series.
In the next article, we will continue to outline the steps you need to consider in protecting your business from cyberattack. In particular, what to do about future threat intelligence, back-up and recovery systems and insurance. For now, look to adopt the above steps to get your business in best position possible to defend against data theft and network corruption.