All cyber threats are not equal. Some may hold your data for ransom, while others may destroy your information for good. The cyber incidents making headlines are varied, ranging from phishing scams, DDoS (distributed denial-of-service) strikes to insider attacks, malware, password intrusions, ransomware, and man-in-the-middle scams.
Any of these could be a worst-case scenario for businesses, and as technology becomes more advanced, cybercriminals are becoming more cunning and their methods more challenging to detect.
Over the years, major companies from the tech and financial sector to the hospitality and retail industries have fallen victim to cyber-attacks—including institutions and businesses we would never have imagined. The Sony Pictures Entertainment breach was one and described as "one of the most devastating corporate hacks of all time.” Yahoo was another. That attack compromised 3 billion accounts. These companies suffered catastrophic financial losses and the loss of sensitive data and private information of their clients—and it could get worse in the years to come.
Digital tech analysis firm Juniper Research predict that the cost of data breaches will rise from $3 trillion annually to over $5 trillion in 2024.
That number is staggering.
Your enterprise may not nearly be as large as those mentioned above, but that does not mean your company is immune. The outcomes are not pretty, either. Many small businesses do not have enough financial leverage to cope with the losses and must make the grim decision to close up shop.
There are strategies SMBs can implement to protect their business from cyber threats and cybercriminals. The National Institute of Standards and Technology (NIST) offers cybersecurity guidelines for best practices to manage cyber risk. These include identify, protect, detect, respond and recover. Another resource is the NCSA’s national program, CyberSecure My Business.
That said, there is no substitute for actual cybersecurity protection and monitoring from a skilled team of cyber experts. There are essential cybersecurity tools that SMBs should have in place. These include:
Antivirus software is an essential tool that must always be part of a company's cybersecurity arsenal, particularly with the spike in ransomware attacks, one of the most malicious forms of malware.
Antivirus software has evolved since its humble beginnings. Original AV software employed a database of "signatures" to detect and prevent viruses from running on a computer. Then Anti-virus evolved to look at software behavior to help decide if it is malicious. Unfortunately, ransomware and malware writers have developed many ways to render these kinds of protections obsolete.
Today, organizations should look to Next Generation Anti-Virus solutions (NGAV) to protect their assets. NGAV takes traditional AV and then adds advanced analytics, behavioral analysis powered in real-time by large scale cloud back-ends to thwart known and unknown attacks. Leading NGAV solutions include Sentinel One, Carbon Black, and CrowdStrike.
Often referred to as a company's "first line of defense," a firewall is a security control that filters and screens network traffic entering and exiting your corporate network.
Modern firewalls come with an array of features to help enhance the overall security of your network. Beyond simply screening packets based on IP addresses and ports, modern firewalls can look deep inside a packet for threats. They can also perform strong authentication and provide VPN encryption for remote access. Firewalls are excellent at providing up to the minute information on what is happening in your internet traffic.
Firewalls can be implemented internally to protect sensitive sections of your network and don't have to exist just at the corporate border. No network should be deployed today without a firewall. All modern operating systems come with built-in firewalls to help keep hosts safe and secure.
Poor password and authentication practices put companies at higher risks of being attacked. The Poneman Institute's 2019 State of Password and Authentication Security Behaviors Report, sponsored by Yubico, surveyed 1,761 IT and IT security practitioners in the U.S., U.K., Germany, and France. The survey revealed that 51 percent of respondents reuse an average of five passwords across their business accounts. Two-factor authentication is not widely used, and 55 percent do not use any type of two-factor authentication at work.
Hackers routinely steal millions of passwords a year and attempt to leverage a password stolen from one place to log in to your accounts stored elsewhere. Implementing a password management tool such as LastPass or KeePass that manages and enables you to have unique passwords everywhere can help reduce that risk. People can rely on the password manager to create and store dozens of passwords in an encrypted database without having to remember them.
Password managers are quite helpful, and some are even free.
To add to your security level, store the first part of sensitive site passwords, such as banking and/or investment accounts in the password manager, but keep the last few digits memorized and fill them manually. This way, if there is ever a compromise of the password database, hackers don't have those full passwords.
You should also consider implementing multi-factor authentication (MFA). MFA authentication uses more than one thing or "factor" to log you in. Examples of factors are something you know, such as a password; something you have, including a mobile phone or a token; and something you are. For instance, biometrics is part of this last category. A fingerprint is a prime example. It is an additional defense layer so that if an attacker manages to guess or obtain your password, they still cannot gain entry because they do not have the second factor protecting your account.
Google Authenticator is a free software-based authenticator that implements a two-step verification service using a time-based, one-time password algorithm.
Email SPAM/Malware Filters
Email is a prime attack vector for hackers to try and breach your network. Hackers routinely send malicious emails and other phishing attempts to trick users into opening malware or divulge credentials.
Like a Firewall for an organization's network traffic, SPAM & Malware filters screen email for unwanted and dangerous elements, blocking them before they ever reach your users. SPAM/Filters can be integrated into your email server, but most email systems are focused on delivery and do not have robust filtering capabilities.
In the world of cybersecurity, there's a phrase, "humans are the weakest link." An employee who accidentally clicks on the wrong link or email attachment can put in motion a chain of events that results in a cyber breach. Security awareness training is an anti-phishing tactic all organizations should employ. This training educates team members on ways to identify and avoid content that may be malicious. Awareness training should include simulated phishing attacks as reinforcement to the lessons learned from training. The best defense against phishing attacks is to give users experience in identifying them.
Virtual Private Network (VPN)
A VPN uses encryption to protect your network communications across public networks. VPNs are commonly used to make internal corporate assets available to users remotely. VPNs have also become popular for personal use to protect your traffic when on untrusted and/or public WiFi networks.
The first step in creating any VPN "Tunnel" is to go through an authentication process. This ensures that only authorized people can use the VPN before traffic is permitted.
Most small businesses make a cardinal sin to open up their computers via Microsoft Remote Desktop (RDP) to the Internet instead of protecting that traffic inside a VPN. While a convenient and easy way to access your PC from home, it's also an easy way for hackers to break into your network. RDP is not built to withstand today's attacks. There have been multiple flaws discovered, and millions of RDP credentials are available for sale on the Dark Web.
RDP is currently the most common compromise vector for Ransomware attacks. Therefore, to avoid undue risk to your network, RDP access must be protected by a VPN connection.
Patch Management Program
Another way to reduce the risk of getting hacked is to ensure your systems and software are updated regularly, or "patched." Patches are released periodically to address bugs, improve the software as well as address any security vulnerabilities. Microsoft releases patches for their software on the second and sometimes fourth Tuesday of each month.
But patching shouldn't end with the operating system. Your patch program should also look to patch all other applications running on your systems, such as Java and Adobe. Apple also releases patches regularly to address issues in its desktop, laptop, and mobile products. Finally, browsers such as Firefox and Chrome will remind you to update them as required.
There are applications and possibly even your firewall that can help automate and simplify patching systems. Ultimately, timely patch management will reduce the attack surface from intruders getting into your system.
24/7/365 Network and Endpoint Monitoring
When it comes to safeguarding your network, regardless of the security tools implemented to prevent a data breach, you should plan for a compromise occurring.
Many companies may discover security breaches when it's too late.
That's where 24/7/365 network and endpoint monitoring comes in. It's the most critical cybersecurity tool a business can have, and here's why: Even if an organization has excellent cyber defenses in place, it does not guarantee complete security. Your enterprise is still at risk, and chances are an attacker will still find a way to bypass your defenses and gain entry. network and endpoint security monitoring focuses on analyzing your security data for signs that a cyberattack is succeeding. Once detected, organizations can quickly contain the threat before it becomes a significant security incident. With today's unpredictable and uncertain threat landscape, this is a critical measure all organizations must have in place.
Cybersafe Solutions employs state-of-the-art capabilities that specialize in continuous monitoring. Our team of specialists watch your network 24/7/365, so you don't have to. Our network monitoring solutions give insights into the different methods an adversary may use during a potential attack. Our endpoint security monitoring platform uses a lightweight endpoint sensor that offers real-time visibility into all activity on every computer in an organization. Our Threat 360 platform goes a step further by providing visibility into a company's network, cloud, and all of its endpoints, so when threats are identified, our team is there waiting to thwart them. These monitoring solutions give an organization peace-of-mind, so they can focus on their day-to-day business operations as our experts take care of the rest.
Working with an experienced and dedicated cybersecurity company can also safeguard the data of your most valuable assets: your employees, clients, and customers.