Find the latest news and information here.
Don’t Sit on the Fence When it Comes to Cyber-Defense
If you’ve ever attended one of our byte-size learning events, you’ve likely heard one or more of our presenters mention a company’s biggest risk is its personnel. We staff our businesses with the best, brightest, and most capable humans possible. We spend a great deal of resources training and educating our teams to ensure they have all the tools and resources necessary to do their jobs and serve our clients. So then, how is it that our most valuable assets also pose our greatest risks?
Here are some recent, real-world examples of the best intentions gone bad.
On February 17 it was reported that a small city in Ohio was the victim of a phishing scam that cost the community $219k. With all the warnings posted everywhere, you might think you would never fall for something like this, but it happens every day – to small and large companies/organizations alike. No one is truly exempt from these attempts.
How exactly did a city smaller than Manhattan, Kan. get swindled out of hundreds of thousands of dollars? Think about the world we live in today. The public demands transparency, and in an effort to comply, cities share project updates on social media. Road closures, repairs, major projects, etc. are all public information, along with the contractors and vendors. In this situation, an email was received from someone posing to be an existing vendor. They were able to persuade the accounting assistant to change the bank routing number. While this is standard work for that position, the employee failed to follow a verification protocol that was in place. One simple oversight cost the taxpayers $218,992.06.
In another recent example, an organization you might assume would be untrusting and overly suspicious of illegal activity, was duped and is now dealing with limited connectivity to its systems. While the Modesto Police Department in California is not reporting ‘exactly’ what happened, they have disconnected a portion of their computer network in an effort of precaution.
The reality is, ransomware is a growing concern for law enforcement agencies across the nation. In perspective, Modesto’s department employs 199 sworn officers, comparable to Salina and Olathe here in Kansas. But law enforcement agencies and municipalities are not the only ones being targeted. Unfortunately, as we mentioned, no one is exempt from these attempts.
The burning question is, how do we combat these attacks and attempts?
One way is to implement an employee education program. Computer-based Security Awareness Training can teach employees how to identify phishing emails, while also conducting phishing simulations to identify an organization’s high-risk employees. When an employee is identified as high-risk, the company can assign additional training to the employee, which is a much better step than falling victim to an actual phishing attack.
Aside from training and awareness, a very effective addition is the implementation of multifactor authentication (MFA). While this will not protect you from social engineering attempts, it does have a 99% effectiveness score for preventing cyberattacks. If you are unfamiliar with MFA, it simply requires you verify your identity using either an authenticator app or one-time passcode. While it may seem inconvenient initially, it’s a much better alternative than being locked out of your data for an interminable amount of time, facing extortion, and/or having email accounts compromised.
If you need assistance implementing training tools or MFA, please reach out to us. Our experts are here and happy to assist you with everything to implement security best practices within your organization.
Password Policies – A Protective Layer for your Business
Businesses of all sizes are common targets for cyber-attacks, and the damage can range from temporary inconvenience to financial devastation. Many small enterprises, in fact, have been forced to close within several months after a data breach cost them their private information and/or a lot of cash.
There are multiple types of attacks, including password hacking, phishing, malware, and ransomware. Most businesses will be targeted at one time or another, and a large number of applications a typical business uses, combined with a large number of people now working from home, can make it difficult to batten down the data hatches. But it can be done!
Here are a few simple guidelines to make it more difficult for bad actors to break in.
Let’s begin with creating a password policy. It’s important that you implement one that you enforce it. Here’s what we suggest:
- Require every password to have at least 12 characters that are a mix of numbers, capital and lower-case letters, and symbols. Password phrases are best! (Example: MyC@r!sAmazing)
- Require passwords to be changed at least once a year. Don’t allow the use of previous passwords.
- Use password manager applications. There are many good options on the market. Allow your staff to store all those passwords in one place, online, and not on a sticky note on their desks.
- Regularly remind your employees that personnel will never request their password by phone, text, or email. That’s how phishing succeeds.
- Regularly remind your employees to avoid clicking on links in any text or email that’s from an email or number they don’t recognize. Remind them to look closely and twice: cyberthieves often use email addresses and phone numbers that resemble that of senior managers or close colleagues.
- Use multi-factor authentication (MFA) software. This requires a second authentication measure beyond simply a password. That can be a challenging question the user must answer or a code that’s sent to the user’s mobile phone. Like password managers, there are multiple options available that are relatively inexpensive and highly effective.
- Speaking of the user’s mobile phone, your password policy also should spell out what devices are included, including any private phones, laptops, and/or tablets used for company work.
Cybercriminals constantly change their tactics and they’re not going to stop trying. Simple password and dual authentication measures that are strictly followed and enforced can go a long way toward keeping these threats at bay.
To learn more about cybersecurity for your business, contact us at firstname.lastname@example.org, or call 800.299.1704.
Top Cybersecurity Threats of 2023
As a new year dawns, we are doing our best to predict what cyber risks lie ahead. While we don’t have a crystal ball (wouldn’t that make life a lot easier?!), we do have some statistical data to help us better serve you. Here’s what we have summarized thus far:
Geopolitics will play an instrumental role.
Ukrainian targets have been attacked six times with wiper malware already this year. According to a Forbes Report, more non-government businesses may become targets of state-sponsored attacks.
State-sponsored attacks (SSA) are carried out by cyber criminals directly linked to a nation-state, such as France, Egypt, Germany, and Japan to name a few. Their goals are threefold: Identify and exploit national infrastructure vulnerabilities; gather intelligence; and exploit systems and people for money.
According to Asaf Kochan, Co-Founder of Sentra, “… 2023 enters during a period of tremendous global tension and economic uncertainty. If the past few years have been defined by ransomware attacks from organized hacking groups, we are now entering an era in which an increasing number of threats will come from state-sponsored actors seeking to disarm global economies. This poses a direct threat to specific sectors, including energy, shipping, financial services, and chip manufacturing. These attacks won’t stop at stealing IP or asking for ransom. Instead, they will focus on proper disruption — compromising or shutting down critical operations on a national scale.”
But… don’t let that fool you. Ransomware will continue to be an issue.
As attacks appeared to peak in 2022, the trend, unfortunately, is likely to continue. It is anticipated that these attacks will evolve into more of a focus on corrupting data rather than encrypting it.
What does this mean for your business? If you are not sufficiently backing up your data, you will be faced with either paying the ransom or losing all your data. There won’t be an opportunity to unencrypt it. It will simply be destroyed. This makes prioritizing offsite backup a critical factor in the coming new year.
One last subject we want to touch on is the threat of botnets. With all the looming threats, Botnots remain a critical risk for small-medium-sized businesses.
Botnets, also known as robot networks, target a network of private computers (think of the network at your office), and infect them with malicious software. Without any knowledge from you or your staff, your network is taken over by bot/s who begin sending emails, stealing data, and worse, all while impersonating your business. Forbes predicts we will see an increase in bot activity in the coming months.
These are just THREE of the looming threats we see on the horizon. No business is immune – all it takes is one click to jeopardize everything you have worked so hard to build. We urge you not to take unnecessary risks with your data. Even in these times of economic uncertainty and budget cuts, eliminating or foregoing cybersecurity will leave you and your data vulnerable – potentially costing you more in the event of an attack. Let the experts at Networks Plus partner with you to find a solution that not only fits your budget, but that will protect you in the coming months!
The Anatomy of a Data Breach: What are They and What if You Spot One?
Arguably no phrase has dominated the tech world the last 24 months more than the term “data breach.” From breaches that have impacted critical infrastructure like the Colonial Pipeline to hackers compromising healthcare records at UC San Diego Health, the last two years have been saturated by headlines of cybersecurity mishaps. Yet, despite the prevalence of the breach-centric news cycle, many everyday individuals may not know what exactly a data breach is, how they typically start, and why they occur.
According to IBM, the average time it takes to identify that a breach has occurred is 287 days, with the average time to contain a breach clocking in at 80 days. And with 81% of businesses experiencing a cyberattack during COVID, it is essential that individuals are familiar with the anatomy of a data breach so that they can keep their data, as well as their colleagues’ and customers’ data, safe.
With that in mind, here is some helpful background on what data breaches are and why they are so problematic.
What is a data breach?
While it may seem like a complex concept, once the jargon is removed, a data breach is actually really straightforward to explain. According to Trend Micro, a data breach is “an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner.” And while data breaches can be the result of a system or human error, a vast majority of data breaches are the result of cyber-attacks, where a cybercriminal gains unlawful access to sensitive system data. In fact, 92% of the data breaches in Q1 2022 were the result of cyberattacks.
What kind of data can be breached?
Unfortunately, cybercriminals look to get their hands on any information that they possibly can ranging from more obvious sensitive information such as social security numbers and credit card information to more obscure data like past purchase history.
What are some of the tactics used to execute data breaches?
Cybercrime is getting more sophisticated each day. However, cyberattack tactics do not have to be cutting-edge or advanced in order to be very effective. Here are a few examples of popular tactics used by cybercriminals:
- Phishing: Phishing is when a cybercriminal pretends to be a legitimate party in hopes of tricking an individual into giving them access to personal information. Phishing is one of the oldest tricks in the book for cybercriminals, but it is just as effective as ever. For example, 80% of security incidents and 90% of data breaches stem from phishing attempts.
- Malware: Another tried-and-true method for cybercriminals is malware. Malware is malicious software that secretly installs itself on devices – often by way of a user engaging with fake links and content – and quietly gains access to the data on an individual’s device or a business network.
- Password Attack: Through password attacks, cybercriminals look to gain access to sensitive data and networks by way of “cracking” user passwords and using these credentials to get into networks and extract data from a given network.
How to spot a possible breach?
The best way to stop a data breach is to stop it before it even starts. This includes taking steps from making sure passwords are long and complex to report suspicious emails. If you do suspect that you have been the victim of a breach, immediately contact your IT department or experts at Networks Plus to notify them and follow subsequent protocols to help them scan, detect, and remediate any issues that exist.
Cybersecurity in the Workplace: 4 Tips to Keep Your Business Safe and Secure
Keeping information safe and secure is challenging developments for businesses of all sizes over the last few years. Expeditious shifts from in-person to online to hybrid workplaces forced companies to change, or at least reexamine, their cybersecurity practices and protocols, and far too often they weren’t prepared. In fact, according to CyberEdge’s Cyberthreat Defense Report, 85% of organizations suffered from a successful cyberattack in 2021.
Now, businesses that have suffered cyberattacks along with companies that have been fortunate enough to avoid being a victim of breaches and hacks are looking at ways they can bolster their defenses and safeguard their data. But which plans, practices, and services should these organizations invest in?
Below are 4 steps businesses of all shapes and sizes can take to better protect themselves against cyber attacks:
Identify “Crown Jewels” of Your Business
Understanding what information cybercriminals are after most is essential to combating cyber attacks. Therefore, creating an inventory list of the valuable data and assets within your organization, including manufacturer, model, hardware,
and software information, is of the utmost importance. In addition, take note of who has access to important data and information while also accounting for all storage locations. This practice will ensure that business leaders have a track record of accessibility so that they know where to look in case of a vulnerability or breach.
Protect Assets by Updating and Authenticating
At the end of the day, protecting your data and devices from malicious actors is what cybersecurity is all about. In order to accomplish this, make sure your security software is current. Investing in the most up-to-date software, web browsers, and operating systems is one of the best defenses against a host of viruses, malware, and other online threats. Furthermore, make sure these devices have automatic updates turned on so employees aren’t tasked with manually updating devices. Additionally, make sure all data is backed up either in the cloud or via separate hard drive storage.
Another important way to keep your assets safe is by ensuring staff are using strong authentication to protect access to accounts and ensure only those with permission can access them. This includes strong, secure, and differentiated passwords. According to a 2021 PC Mag study, 70% of people admit they use the same password for more than one account. Using weak and similar passwords makes a hacker’s life a lot easier and can give them access to more materials than they could dream of. Finally, make sure employees are using multi-factor authentication. While this may result in a few extra sign-ins, MFA is essential to safeguarding data and can be the difference between a successful and unsuccessful breach.
Monitor and Detect Suspicious Activity
Companies must always be on the lookout for possible breaches, vulnerabilities, and attacks, especially in a world where many often go undetected. This can be done by investing in cybersecurity products or services that help monitor your networks such as antivirus and antimalware software. Moreover, make sure your employees and personnel are following all established cybersecurity protocols before, during, and after a breach. Individuals who ignore or disregard important cybersecurity practices can compromise not only themselves but the entire organization. Paying close attention to whether your company is fully embracing all of your cybersecurity procedures and technology is incumbent upon business leaders.
Have a Response Plan Ready
No matter how many safeguards you have in place, the unfortunate reality is that cyber incidents still occur. However, responding in a comprehensive manner will reduce risks to your business and send a positive signal to your customers and employees. Therefore, businesses should have a cyber incident response plan ready to go prior to a breach. In it, companies should embrace savvy practices such as disconnecting any affected computers from the network, notifying their IT staff or the proper third-party vendors, and utilizing any spares and backup devices while continuing to capture operational data.
EMPLOYEES: YOUR BIGGEST ASSET – YOUR BIGGEST THREAT
When we think of cybersecurity, oftentimes our minds go straight to the bad guys. The hackers, cybercriminals, and the dark web. The truth is, while these are the instigators behind the attacks, they are not our biggest threat. As shocking as that may sound, our biggest threat is our employees – including you. Oftentimes owners, supervisors, and IT staff are some of the worst offenders.
Sure, our employees are good, honest, trustworthy people. After all, we trust them with our corporate finances, client interactions, and day-to-day operations. But they are, after all, only human and unfortunately, that puts our cyber safety in jeopardy every day.
Human error is the leading cause of most cyberattacks. This has less to do with employees being vindictive or malicious and a lot more from curiosity and carelessness. No longer is it safe to assume our employees know or even understand our company’s cybersecurity protocol or best practices. It’s a matter of taking responsibility to ensure they know, comprehend, and agree to adhere to it.
Let’s explore a few ways we can educate our team to be our best allies and defense rather than the gateway to attacks.
- Email Education
Phishing scams and malicious links sent through emails are the two most common areas for errors to happen. A study in 2019 by Webroot revealed that nearly 49% of employees admit to clicking a link from an unknown sender that they didn’t request. Even more startling is that 29% admitted to doing this more than once.
It is no longer enough to rely on spam filters and quarantines. Employee education must be at the forefront of all cybersecurity plans.
- Web Browsing
Many companies either can’t or don’t limit their employees to internet access. There are many positions that require free reign to research, make purchases, communicate with customers, etc., making restrictions a bit of a hindrance. The flip side of this is that employees can visit malicious websites without even realizing it.
Like emails, it is imperative that employees learn to avoid clicking links, to steer clear of unknown websites, and to only enter personal, corporate, or financial information on trusted sites.
- Password Strength
Humans are notorious creatures of habit. We tend to park in the same vicinity every day, we have morning and evening routines, and even choose the same passwords for multiple accounts. Bad password habits create whole new levels of vulnerability and risks. By implementing password protocols and even password management, you are able to reduce and mitigate some of that risk.
The Networks Plus team understands this might not be at the top of your daily to-do list. That’s why we have a group of experts available to help and assist you in not only getting these protocols in place but in educating your employees on these best practices.
If you want help helping your team, call us today!
RISK MANAGEMENT: CYBER INSURANCE AND YOU
Cybersecurity insurance, also referred to as cyber insurance or even cyber liability insurance, is in many ways, similar to flood insurance for your homeowner’s policy. It provides you with additional coverage in the event of a catastrophic event. In this case, a cyberattack, data breach, etc.
Cybersecurity insurance is relatively new and still viewed skeptically by some. However, it is important to remember that any business that uses technology or collects data is at risk of a cyber-attack. Many small-medium sized businesses (SMB) cannot afford the catastrophic costs to rectify a breach on their own. This is where cybersecurity insurance steps in and becomes a game changer.
We’ve heard time and time again from SMB owners that they are too small to be hacked. However, think about Grandma Jones sitting at home playing ‘Words with Friends’ online. A “friend” messages her and they begin chatting daily. She gets convinced to send money to this “friend’s” account and gets swindled out of thousands of dollars. She, not unlike your SMB, thought she was under the radar and an unlikely target. Hackers don’t discriminate on size, gender, age, etc. Everyone online is potentially a target!
Our partners at DataStream Cyber Insurance recently released an article discussing how our focus is now not so much on the IF it happens, but more so the WHEN it happens. DataStream explains, “The Covid-19 pandemic has led to a paradigm shift in how businesses operate and the accelerated shift to digital and online operations.
With that shift has come, sadly but inevitably, an increase in the number of businesses that are being targeted by cyber criminals.
The statistics for 2020 make for uncomfortable reading. Last summer at the height of the pandemic, the FBI reported it was now receiving more than 4,000 complaints about cybersecurity attacks each day – up 400% from what they were seeing pre-covid. Interpol, too, reported a huge surge in reports of attack attempts aimed at SMBs, major corporations, governments and critical infrastructure.
The most worrying increase has come in the form of corporate ransomware attacks, where criminals hold your company’s data (including customer data) or network hostage until they get paid money. Ransomware attacks have crippled businesses, with Security Boulevard reporting that 58% of businesses ended up paying off the attackers just to get control back of their systems.
Unfortunately, most cybersecurity experts – including DataStream’s own team of analysts – now position corporate cyber-attacks as an almost inevitable event that businesses should prepare for. Even with the best and most expensive cyber security technology protecting your systems, the chances are a cyber-attack can and will find its way through at some point.”
To read their article in full, click HERE.
Networks Plus’ CISSP and Certified Ethical Hacker, Jerry Horton explains the importance of cyber insurance from a different point of view. Jerry explains, “Risk management is more than a buzzword: it is a foundational practice to keep a business operational.”
Jerry emphasizes that once risks have been identified, there are four things business leaders can do with them:
- Avoid the risk – simply stop doing what is creating the risk
- Mitigate the risk – this is the core of cybersecurity. Technical and administrative controls are put into place to prevent the risk
- Accept the risk – when a business practice comes with unavoidable risk and the cost of mitigating outweighs the potential impact, business leaders can simply accept it and pay out of pocket if the risk causes an issue
- Transfer the risk – this is where insurance comes into play.
Transference is always a secondary step as business leaders need to insure against practices that can’t be avoided and for which risk mitigations have already been put into place. By way of example, we all carry insurance for our vehicles and the operation of them. We can lower our rates by mitigating risks such as ensuring that vehicle operators are properly trained and licensed, obeying traffic laws, and avoiding operating vehicles in dangerous environment when possible. However, we can’t avoid chips in a windshield from a piece of gravel thrown up during operation or avoid incidents such as a tree falling on the vehicle, scratches and dings in a parking lot, or even a multi-vehicle accident. We purchase insurance to guard against the loss such incidents will incur.
Cyberinsurance is the same concept – transference of risks with your data and systems. Just like insurance on any other property, you, as the business leader, have a responsibility to make certain that you have mitigated as many risks as possible. More importantly, cyberinsurance is an essential part of a business’s strategy to maintain a healthy and stable financial state.
Why would cyberinsurance do that, you might ask? Consider this, ransomware is the most common risk faced by every business, accounting for more than 54% of all of cyberinsurance claims in 2020 (up from only 13% the year before or over a 400% increase). This only shows part of the picture, however. Not only are ransomware attacks increasing in frequency, but the ransoms demands are also rising dramatically (the current average ransom is $170,000!) and the cost of cleanup is even higher. Estimated costs for recovering from a ransomware incident are calculated as roughly 10 times the ransom demanded. In short, this isn’t a risk that can be avoided or accepted; a portion of this risk has to be transferred to keep a business viable.
In Jerry’s words, “Make no mistake – cyberinsurance is only a part of your risk management strategy.” He strongly encourages you to have a strong cybersecurity program in place, including cybersecurity training for everyone involved in the business, so as to mitigate as much as is possible.
He adds, “Please contact one of our top-notch Business Consultants to talk about your current state of cybersecurity. We will help you get cyber-ready and, through our partner DataStream, cyberinsured against the potential disasters of our online world.”
SMBs Are Being Targeted for Cyberattacks
SMBs are constantly under attack. Don’t let yours be next!
When you’re running a small to medium-sized business, you may think that you’re not going to become a victim of a cyberattack. Maybe you think that your data and files aren’t valuable enough to be stolen—or even worse, that your current cybersecurity strategy is strong enough to protect them. But nothing could be farther from the truth.
In fact, cybercriminals are becoming smarter every day, and since their methods are constantly changing, your security needs will also need to evolve. To stay safe, adopt a comprehensive cybersecurity solution that protects your entire organization.
Why Are SMBs Top Targets?
- They often lack comprehensive protection
- They don’t understand the magnitude of their risk
- They underestimate the value of their data
- They are unprepared to battle cybercriminals
Our sophisticated cybersecurity solutions protect all of your business environments, including your brick-and-mortar and your cloud. You’ll also need to secure any home offices, mobile devices, hardware, software, and cloud-based apps like Microsoft 365.
Would Your Business Survive an Attack?
Hackers will stop at nothing to get to your valuable data, and it’s up to you to protect your business. Ignoring cybersecurity may work in the short term, but the time to be proactive is now.
Did You Know…
SMBs Account for Over 60% of all Attacks
Is Your Guard Down?
- 69% of SMBs have not identified and documented cybersecurity threats
- 43% do not have a recovery plan in the event of a cybersecurity incident
- 57% have not informed or trained all users on cybersecurity
- 48% have not analyzed cybersecurity attack targets and methods
Your Cybersecurity To-Do List:
- Understand the Risk
While you’re busy trying to beat out the competition, cybercriminals are busy hatching schemes to infect your devices with malware, take you down with a business email compromise attack (BEC) and steal your valuable data. You can’t let that happen. It’s a cost you can’t afford to bear.
- Take Responsibility
After reading up on the latest cybersecurity threats and understanding how easy it is for a small to medium-sized business to fall victim to an attack, tackle the challenge head-on. With so much at stake, you need to come up with a plan that gets your security on a strong foundation. Bring in the professionals.
- Assess Weaknesses
You won’t fully understand your risk until you meet with security experts who can conduct a thorough security assessment and diagnose structural weaknesses. To truly protect your business from cybercrime, you’ll need to undergo a cybersecurity evaluation to identify vulnerabilities.
Close Gaps in Security
You can’t secure your organization until you understand your risk.
Security for a Remote Workforce
Mobile workers are playing a more important role in operations than ever before. While empowering your remote workforce with the right technical tools will drive productivity and success, the work-from-home (WFH) era is also introducing new security risks for small to medium-sized businesses. In addition to providing IT support for remote workers, you’ll want to defend your business from common cloud computing risks and cybersecurity threats.
- Mobile Devices: Protecting and monitoring smartphones, tablets and laptops is harder in the bring-your-own-device era. Enter mobile device management.
- Remote Access: With employees working outside of the office, it’s important that they have secure remote access to your network.
- Identity Authentication: It’s easy for bad actors to impersonate your employees—keep the hackers out with identity authentication management.
- The Company Cloud: Storing and transmitting data in the cloud makes conducting business a breeze, but it opens up a lot of risk, too.
- Cloud-Based Apps: Collaborating in Microsoft 365 or G-Suite is simple, but that doesn’t mean it’s secure.
Why Partner with a Managed Services Provider (MSP) for Security Solutions?
Once you understand what’s a stake, it’s hard to put off cybersecurity any longer. When you’re ready to prioritize security, it’s time to bring in the professionals.
There’s never been a better time to work with top-tier security consultants who are united around one common goal: Keeping your data secure. Let industry insiders protect your business with an all-encompassing approach to cybersecurity that will help you avoid falling victim to an attack.
Benefits of Professional Cybersecurity Services Include:
- Comprehensive Cybersecurity: Benefit from layered security solutions that protect your business from every angle and anticipate future challenges.
- Nonstop Monitoring and Support: Let security experts stand guard 24/7/365, identifying suspicious behavior and providing around-the-clock monitoring.
- Future-Oriented Business Plans: We’ll assess your current cybersecurity risks and make sure your new strategy evolves alongside emerging threats.
- Protection for Cloud-Based Suites: Our team of security professionals can protect your Microsoft 365 apps, including SharePoint, Teams, and OneDrive
How We Can Help
- High-Level Security Assessment: Let us provide you with a detailed picture of your cybersecurity health and security exposure, including scanning your information on the dark web.
- Custom Cybersecurity Report: Following the security assessment, we’ll create a detailed report on your vulnerability, allowing us to assess how we’ll proceed to keep you safe.
- Industry-Specific Action Plan:We’ll work together to create an action plan that will start securing your organization and its technology. This includes monitoring threats on all managed devices, servers and firewalls.
- Compliance IT Solutions: After closing gaps in security, we can support compliance guidelines and make sure your data stays out of harm’s way. Maintaining compliance is easier with security analysts on your team.
- We Leave No Stone Unturned
Take the first step and get your free security assessment today.
This Checklist Can Make Your Business More Secure
[ ] Verify all software patches and updates have been installed. Not just laptops and servers, but firewalls and other network devices (routers, switches, APs, office equipment, etc.)
[ ] Implement access control to manage who can access data and restrict from where that data can be accessed.
[ ] Change passwords for network devices; when possible, require multi-factor authentication (MFA)
[ ] Upgrade end of service versions of software your company is using and supports
[ ] Document and train employees on the process for reporting suspicious activity
[ ] Test backups and put at least one version offline monthly (or more often)
[ ] Enable employee multi-factor authentication (MFA) everywhere
[ ] Remove internet-facing management consoles (internal access only)
[ ] Verify everyone in your company has completed security awareness training
[ ] Implement Managed Detection & Response (MDR) on computers and servers to monitor and respond to threats via both technology and human expertise.
[ ] Implement security information and event management (SIEM) software for additional visibility, when possible
[ ] Review cybersecurity policies and corresponding procedures, especially incident response plans and updates have been installed. Not just laptops and servers, but firewalls and other network devices (routers, switches, APs, office equipment, etc.)
YOUR SECURITY CODE WILL EXPIRE IN…
The facts about why MFA is so important to your business
Created in collaboration with Brad Jepson, service team lead at Networks Plus
“All I want to do is pay my credit card bill online, but I can’t do that without jumping through, what feels like, a hundred hoops to prove it’s me. Don’t get me wrong, I’m glad the financial institution wants to protect my information, but seriously, who besides me is going to make that payment?? I don’t understand why I have to wait for the text message or phone call to get a code when I have already entered my password. Can someone please just tell me the point of this?!?”
If this has ever crossed your mind, you aren’t alone. Multi-factor authentication, more commonly referred to as MFA, essentially adds an additional layer of security to your account. Simply put, it requires two or more factors to prove who you are, what you know, or what you have, in order to authenticate your account.
While it may seem superfluous, it is becoming quite imperative to adhere to the requests. The truth is, cybersecurity threats are so advanced it is no longer a question of if your credentials get hacked, it’s when. Just take a moment to let that sink in. This isn’t just your Facebook or Instagram page getting hacked. Sure, that would be an inconvenience, but what about the big stuff? What about your credit cards? Your personal or business banking account? Your social security number? Your client’s data? What price would you place on your company’s reputation? When you have MFA in place and a hacker gains access to your password but does not have access to your fingerprint or your cell phone – they cannot gain access to your accounts. All of a sudden that extra step in paying your credit card bill no longer seems pointless, does it?
Hacking isn’t something that is centralized to a particular demographic or region, either. It is quickly becoming a global issue and therefore, MFA is also being adopted all over the world. It is becoming increasingly important for businesses and organizations to add MFA to their cybersecurity plan. Imagine if your company’s email accounts were continuously hacked. What would that do to your brand’s image?
When you think in terms of damage control, the hassles of push notifications seem minor in comparison, doesn’t it? Even if you don’t think you have critical data, the amount of downtime to recover from a breach is substantial. The Denver Post has even reported that a whopping 60 percent of small businesses who fall victim to a cyberattack are out of business within six months.
We realize that forcing your employees to enter codes multiple times a day can be overwhelming and time-consuming. The last thing a security measure should do is waste valuable time. However, the importance of implementing MFA is an inherent necessity. If your concern is causing frustration for your staff, there is a single sign-on (SSO) solution, which allows a single multi-factor authentication to allow access to any of your capable platforms.
As a group of cybersecurity experts, we don’t like things getting in our way of productivity either. Since downtime is really not an option for anyone, it is always best to add as many layers of protection as we can. Think about going outside in subzero temperatures. You dress in pants, socks, boots, a sweater, a coat, a hat, gloves, and a scarf. You’ve added layers of protection to your body to reduce the risk of external threats. MFA is essentially the same thing – only, applied to your data.
To learn more about MFA we invite you to contact us at 800-299-1704. We love to talk about cybersecurity – so make our day by giving us a call!