These days, we talk to our clients almost daily about Cyber Security. No business, regardless of size, can ignore cyber security. According to a recent Verizon Data Breach Investigations Report, 60 percent of cyber-attacks target SMBs, largely because they are easier targets. Below are the most common topics we are managing for and discussing with our clients.
Security Awareness Training
Unfortunately, your valued employees are typically the weakest link in your security stack. Set your users up for success by training them – frequently. Security training is something that should be repetitive.
Establish Information Security Policies & Procedures
Establish policies on how employees should handle and protect your information assets, computer, and network systems. Clearly outline the consequences of violating your business’s cyber security policies. If you are starting from scratch, we recommend SANS. They have a good set of free policy templates you can download, tweak and implement. Many of our clients start this way.
Follow best practices for passwords, have a company password policy, train employees on passwords, consider deploying a companywide password management solution.
Computer & Mobile Device Updates and Patches
Make sure to keep your devices, software, and apps updated. This is a critical and easy way to help protect yourself and the company. In addition to security fixes, software updates can also include new or enhanced features, or better compatibility with different devices or applications. They can also improve the stability of your software and remove outdated features.
Deploy a Best-In-Class antivirus and anti-malware solution on your company’s endpoints. Endpoint protection helps businesses keep critical systems, intellectual property, customer data, employees, and guests safe from ransomware, phishing, malware, and other cyberattacks.
Mobile Device Security
Today's cybercriminals attempt to steal data or access your network by way of your employees' phones and tablets. They're counting on you to neglect this piece of the puzzle. Mobile device security closes this gap.
Secure your company’s email. Most attacks originate in email. Most of the email solutions we recommend come “baked in” with high-quality SPAM protection. If your email solution does not, deploy a Best-In-Class solution designed to reduce spam and your exposure to attacks on your company via email.
Multi-factor authentication combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification). Utilize Multi-Factor Authentication whenever you can including: on your network, banking websites, and even social media. It adds a layer of protection to ensure that even if your password does get stolen, your data stays protected.
Firewalls are fundamental for protecting a company’s data, computers, and networks. They are required for compliance with mandates like PCI DSS, HIPAA, and GDPR. This is a must-have for any sized business. Turn on Intrusion Detection and Intrusion Prevention features. Send the log files to a managed SIEM (see below). If your IT team doesn’t know what these things are or you don’t have an IT team, call us today.
Backup your laptops, back up your servers. Backup to your office and replicate it to the cloud. Test your backups. People are not infallible. They make mistakes. Emails containing viruses are accidentally opened every day and important files are often mistakenly deleted. There’s no reason to fear these issues if you take frequent incremental snapshots of your systems.
Encrypt data and communications whenever possible! Data is critical to our personal lives, economic prosperity, and security. That data must be kept secure. Just as we lock our homes, restrict access to critical infrastructure, and protect our valuable business property in the physical world, we rely on encryption to keep cybercriminals from our data.
Dark Web Monitoring
Deploy a solution with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data.
Advanced Cyber Security Monitoring
Managed Detection and Response (MDR) & SIEM/Log Management (Security Incident & Event Management) uses big data engines to review all event and security logs from all covered devices and cloud solutions to protect against advanced threats and to meet compliance requirements.
Web Security Gateway
Sometimes referred to as a web filter, these solutions detect web and email threats as they emerge on the internet and block them on your network within seconds – before they reach the user. These gateways may include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications, such as instant messaging.
Test your networks and IT systems on a planned and frequent basis. A vulnerability scan detects and classifies system weaknesses in computers, networks, and communications equipment and can predict the effectiveness of countermeasures.
Protect your business by speaking with your attorney and insurance agent about the right sized cyber policy for you.
Also, check out what our friends at Vendor Centric have to say about Third Party Risk: https://www.vendorcentric.com/single-post/What-is-Third-Party-Risk-Management