3 Ways that Companies can Increase their Cyber-Security, Today.
This article will present methods on beefing up your cyber-security through proper planning and the use of security; protocols, products and services.
How Cyber-Security Attacks Happen
At AbleIT we see most cyber – security attacks happening in three categories; people, equipment and software. Can you guess which one is most common? People. People, your own people (employees), are the largest threat to your cyber-security. Not in the sense of bad employees trying to steal company data (although that does happen) but in the sense of not being educated on the best practices which then leads to un-wittingly bringing in a threat. Attacks to equipment happen most as theft; of laptops, USB sticks or other devices. By software attacks we mean the; ransomware, malware and spam emails you hear about in the news all the time.
Spam, Viruses, Phishing and Spear-phishing
This is how it all goes wrong. Spam and viruses are typically sent through email. They gain access through ransomware or malware, encrypting and blocking data. Phishing is the practice of targeting individuals like ‘Bob in accounting’ through the use of spam. Spear-phishing is the practice of targeting the company. Spear-phishers want company info and contacts to try and manipulate and trick.
What are the Signs of Cyber-Security Threats?
Luckily most of us have been ‘on-line’ for the last two decades or more. So we should have a good ‘gut instinct’ on what a cyber-security threat might look like. But even the best of us can be tricked. Here are some hints of wrong doing: Fake domains (these are the companyname.com) if they look suspicious (lots of dots and other characters in the name or misspellings) – avoid. Suspicious subject and/or content; if it doesn’t make sense or doesn’t sound professional, do not respond. Watch out for the use of incorrect grammar. Do not click on URLs (links) that don’t look right and don’t click on ZIP files. Also, anyone who is asking for sensitive company data over the phone, in person or in email could present a cyber-security risk.
What are the Risks of being attacked?
Well, the most devastating would be the complete shut down of your business and loss of all company data. What we see most often is a ransomware attack where the company data is locked and we have to rebuild their network and restore a backup. This means that the company is down or at a reduced productivity for up to two weeks. The type of backup you have and other factors could reduce this to an afternoon. This is why it is important to have a good plan in place, train your staff and use some of recommend practices you’ll learn about below.
What are some Cyber-security Best Practices?
From our point of view the best thing you can do is train your staff. Staff clicking on links they shouldn’t, responding to emails from fake domains and downloading files that are corrupted are the most common ways that viruses enter your network. Training staff, often (at least once a year), will greatly beef up your cyber-security. Other preventative measures include the use of corporate- grade spam and virus filters. These will stop threats before they come to you, hackers will go for the low hanging fruit first; meaning that they’ll go after companies that don’t have spam/virus filters or who use consumer-grade ones first.
What will save you time and money, once there is an attack, is your backup. First, if you don’t have a backup in place, get one. What we recommend is the use of an image based back up vs. file based. In short, what an image based backup will do is back up the data beyond the file level. This means that in the event of an attack we would not have to completely rebuild the network we would have a working image of how everything is setup and how it works. What this does is reduces your down time from what could be two weeks to an afternoon. In order to use an image based backup we recommend virtualizing your server. What this does is segments the data and allows for better images of your system.
There is much more you can do like password management, multi-factor authentication, security devices, creating redundant backups and replication of your network. The items above are good start and we will explore the others in another article.
If you need help setting up any of the above, please feel free to contact us and fill out the form below!