The current state of information security is something that concerns businesses in all industries and any size. According to Verizon’s 2021 Data Breach Investigations Report, 61% of all SMBs have reported at least one cyber attack during the previous year, which has left many small to medium size businesses(SMBs) wondering what kind of protections they should invest in?
To make matters worse, cyber attacks are becoming more frequent because of the increasing ease for hackers to launch attacks. Hacker groups are commoditizing malware. These groups are focusing on specific areas of hacking in which they have become experts, writing code and selling malware programs that other hacking groups can insert into their own code and malware. This commoditization of the dark side of the web has led to a drastic increase in the sophistication of cyber attacks as well as the number of attacks.
In this article, we’re going to explore some of the questions you should be asking yourself regarding your business’s cybersecurity.
Where should I start?
Create a simple risk profile
Understanding your risk will help you understand what cybersecurity tools you should be investing in. If you are a bank you will have very different needs than a manufacturing business. Businesses in the Healthcare industry may be subject to compliance laws and standards that other businesses are not. Looking at things, like how your workforce accesses the data and applications on your business network, will also help build your risk profile and understanding these types of things will help highlight the areas you need to secure the most.
Take a layered approach
Cybersecurity is most effective when it is layered. For the most part there are two main points at which attacks will originate – The end user or pc, or through the internet via some sort of download. A third vector of attack would be someone physically targeting you and bringing in a device to plug into your network, however this is the rarest type of attack since it would probably mean that someone is directly attacking you. This method is more difficult and more expensive, and therefore less used, so we will focus on the first two. This means the most effective way to secure your business network and information is to have a layered approach to your security.
What tools should I invest in?
Business Grade Antivirus
A good enterprise grade antivirus is a great place to start building your solution. This is also known as endpoint security. It is specifically designed to protect a computer or device that is being used by an end user. Any files downloaded or launched from the PC would be monitored by the antivirus software running on it.
A home or consumer version of antivirus is NOT appropriate for a business! Antivirus software must be updated constantly and consumer versions of antivirus don’t have the reporting tools that a business version has. For instance, an IT manager should be alerted right away if a PC or server has not received the latest antivirus update or patch or if the antivirus software has been disabled by the user or another software program. Consumer versions of antivirus software do not do this effectively in a business environment with multiple PCs and endpoints
There are many out there, but some of the most effective and highly rated antivirus softwares come from Watchguard, Vipre, Bitdefender, Fortinet, and SonicWall. Talk with your IT expert to find out why some of these might fit your business better than others.
Business Grade Firewall
Attacks that attempt to come through your business internet connection are mitigated through solid commercial level firewalls, like Watchguard, Fortinet, SonicWall or Cisco among many others. The firewall is the entrance and exit of your IT infrastructure. Make sure that your security subscriptions are up to date. Firewalls are just like antivirus software. They need to be updated regularly to prevent breaches. They also come in different sizes and with different abilities and features, so consult with an IT expert to tailor your firewall to your business needs.
The third vector of attack mentioned at the beginning of this article should be addressed after you have completed the first two layers of security above. Network security goes beyond just securing the devices on your network, but extends to things like detecting foreign devices, monitoring the traffic on your network, and securing data on your network. You can start with basic network security through establishing user groups, roles, and permissions. This keeps users from having certain permissions or having rights to see or use information they shouldn’t.
Tools like encryption and multi-factor authentication are important to use as additional layers in your cybersecurity suite of services. Encryption keeps data safe both in transit and at rest so that if hackers are able to somehow gain access, the data they steal is useless. Multi-factor authentication helps safeguard network access even in situations where usernames and passwords may have been compromised.
Network Security can also extend to things as deep as live monitoring of network traffic for known attack sources and odd network activity. Network security can be a deep rabbit hole, so work with a Cybersecurity expert to put together a package that is tailored to your needs and risk profile.
What should I expect from my Managed IT Company?
A good Managed IT Services company should have the expertise to guide you through a cybersecurity risk assessment and help you understand where your risks lie. From there, you would work together to review options and services that address your risks and put together a plan and execute it. From time to time, reviewing that plan would be important so that any new risks or possible threats could be assessed and the cybersecurity plan could be adjusted as needed.
Author: Josh Cochran, President and CEO of Diverse CTI
Josh has worked in Information Technology and Telecommunications for over 25 years. He is an expert in business, technology, and entrepreneurship and currently owns an IT and Telecommunications company based in Oklahoma City. He also speaks on these subjects and many others at many engagements across the country.