Daily it seems that we read new stories about companies that have had data security breaches, ransomware attacks or system downtime caused by malware. Reading these stories, it feels as if little can be done to protect your company from the seemingly endless threats that exist in the cyber world. It’s true, the attackers are clever, their methods of attack evolve quickly, and what was protected yesterday may not be protected today. So what can you do to protect your business?
Before throwing up your arms in frustration, remember that maintaining vigilance in particular areas gives your company its best odds. Below we have listed five areas that all businesses should prioritise to minimise the chance of becoming another news article statistic.
Cybersecurity Tip 1. Endpoint Protection
Cybercriminals are capable of attacking your business from all angles. To make the situation more dangerous and chaotic, devices like smartphones and tablets that connect to your business’s network provide an easy and largely un-watched entry point for many types of threats. Making sure that only protected devices access your business network and those devices have currently approved endpoint protection is critical.
It is also imperative that your company’s endpoint protection is centrally managed and that someone is accountable for reviewing endpoint statuses and to remediate any deficiencies. If you would like to learn more about endpoint protection and try a Sophos trial, you can do by clicking here.
Cybersecurity Tip 2. Basic Access Controls
Access control is a more complicated component of security, but it’s one of the most critical areas to focus on. Access control to systems and networks needs to be tightly managed and reviewed often. A company’s access control should provide identification, authentication, and authorisation capabilities. You need to know who has access to data and systems and what level of access they have in your business.
Cybersecurity Tip 3. Software and Patch Management
At its core, patch management allows for the update of software to address vulnerabilities as they are discovered. Your business needs to have a plan for patch management, and the plan needs to be communicated to employees as to when, how and why systems need to be patched. Exclusions for specific individuals because they are too busy or can’t wait for a device to reboot are an invitation for disaster.
Like all plans, there is no point in having one if there isn’t a person accountable for the plan’s execution. Monitoring and enforcing compliance with the patching plan adds yet another layer of defence against the cyber-criminal.
Cybersecurity Tip 4. Documentation and Training
Documentation of systems, policies and procedures goes a long way towards helping address standards and non-compliance by those in the organisation. Maintaining documentation regarding systems and access control prevents many of the “one-off” fixes or changes that grow year after year and leave holes in your company’s security plan.
Training is the other area that, in Internetwork’s opinion, is the most overlooked component in the security prevention quiver. Training on the proper use of company IT assets, software systems and applications, internet activities and common cybercriminal phishing tactics are all items that companies large and small fail to address. We also offer training as part of our IT managed service.
The difference between clicking on a link that brings disaster to the organisation or not clicking may very well be the short training that an employee was given.
Cybersecurity Tip 5. Data Backup
You will need to rely on your most current backups to keep the business running when all else fails. Like the areas above, it is more than a specific tool; it’s a process. With backup, there are many ways to go about it or things to think about, but the bottom line is that you need a fallback.
How long can your company be down, or how much data can you afford to lose altogether? You’ll want to consider having both a file-based backup and an image-based backup solution and make this part of the planning process when you plan your Restore Point Objectives (RPOs) as well as your Restore Time Objectives (RTOs).
Backup is the insurance that many business owners don’t want to pay but is indispensable when a real disaster occurs.