We recently teamed up with PBO Advisory Group and Franklin | Soto to present the top best cyber practices to help protect your organization’s valuable IT and financial assets. The 5 top IT security habits we shared in the webinar will help your business get started right away with a better IT security posture.
Listen to the full webinar, “Hacking Is on the Rise.”
Small- to medium-sized businesses are targets of cyber attacks and need to be intentional about finances, security, legal conformity and insurance. The COVID-19 environment has unfortunately leveled the playing field for a lot of cyber criminals. Criminals take advantage of small- to medium-sized businesses who are unprepared for the technical considerations of the work-from-home environment.
Cybercriminals uncover and exploit increasing numbers of vulnerabilities every day. Big companies are paying out huge ransoms, including Colonial Pipeline and JBS. The Scripps attack resulted in a shutdown of three weeks, a number devastating to any business, let alone in a hospital trying to take care of patients and inpatient/outpatient care.
What we don’t hear about in the news is the attacks to small- and medium-sized businesses. The price they pay is smaller and not as headline-worthy, but in reality close to 60% of all cyber attacks target small businesses. Why are the majority of cyber criminals focusing their attacks on SMBs? Simply, SMBs often do not have best practices in place to prevent or recover from an cyber attack, making them easy targets.
Our employees are our greatest assets, but they are also our greatest vulnerability. Negligence, whether intentional or unintentional, leaves a company vulnerable to attack. Contractors, employees, or anyone that might have access to corporate information must go through periodic awareness training to keep businesses safe.
A data breach costs a company in several ways.
Hard costs include actual out of pocket costs, such as breach notification mailings, post-breach monitoring, and fines. Soft costs include things like loss of revenue, increased insurance, and tracking software. Reputation damage can hurt or cripple business and relationships with both existing and future customers.
There has been an instrumental shift in the way that we approach how to protect our information. Even as late as five years ago, systems were designed “not to fail.” In this old mindset, IT security depends on system designs that prevent every single attack into the network.
Fast forward to today. We understand that that mindset is no longer realistic. You can’t protect yourself against every single attack. Cybercriminals generate new attacks every second of every day and look for every way they can to get into your system. Today’s IT security mindset focuses on resiliency and assuming compromise.
Our top 5 IT Security Habits are built around this new mindset of resiliency and assuming compromise. The habits focus on how to best keep data protected and dispersed throughout multiple different media and systems. That way, when an attack occurs, a business can quickly restore, recover, make sure the information is secure, and respond to those attacks as quickly as possible.
The first habit we recommend is to put some basic technology protections in place, including things like virus, spam, and malicious content protection.
There are a number of access control measures small- and medium-sized businesses do to protect themselves.
Training is critical to educate our employees on cyber safety. A typical training exercise a company does with their employees are phishing simulations. Here’s a prime example of a real phishing email that we received here at centrexIT. The email looks like an urgent request for a phone number from James Desson, our president.
Always be suspicious of any email with urgent requests, especially for money or personal information. Other clues that this is a phishing email include:
Take a look at our Cybersecurity Essentials Packet to learn more about basic training options available for employees.
Policies and procedures are absolutely necessary for the success of your business. At a minimum, every company should have a business continuity plan (BCP) and information security policy as protection for when disaster strikes.
A disaster does not have to be a pandemic or natural disaster. It can be system access or an attack by a cybercriminal. A BCP details responsibilities, actions and a clear set of steps for response and recovery from disasters. Once policies are in place, test the disaster recovery strategy at least once a year. The goal is to know exactly the steps that need to be taken to be up and running as quickly as possible.
Another important policy, especially with the increase in remote work, is a Bring Your Own Device (BYOD) policy. Many employees utilize personal mobile devices for work purposes. Businesses must advise employees on the following:
Frequent backups are critical. One of the most important actions you can take as an organization is ensure your backups are regular and tested. At a minimum, periodically do a simple test restore. Once a year, do a full system restore as part of your disaster recovery plan. Increase the frequency of your full system restore based on your business needs.
We recommend clients use the 3-2-1 backup rule when developing a backup strategy.
The 3-2-1 backup rule states you should have at least three copies of your data on two different types of storage media for redundancy. At least one of these backups should be at an offsite geographic location.
When you restore those backups to the desired systems, the idea is to have zero recoverability errors. Zero recoverability errors is is not always achievable, but it’s a good goal to regularly test to. The more we test, the more we can reduce errors. Our position is strong to restore and resume business practices when attacks occur.
In summary, our top five IT security recommendations are:
Still unsure how to get started? We’re here to help. Contact us today and we’ll walk through an IT security plan that’s built for your business.