Hackers Are After Your Data
Your business data and the devices which hold it are prime targets for hackers. As we are transitioning into the new decade, there is no show of malware, viruses, or ransomware slowing down. In fact, in a recent study by IBM, they found that the average cost of a data breach for a data breach is $3.9million. With steep financial consequences like that, it’s no wonder that 60% of businesses shut their doors within 6 months of a data breach. Even with high financial consequences, there are things you can do to protect your business data and devices from cybercrime.
Network Security Policies
You should have clear and concise network security policies at your business. They should be written down in your employee’s handbook and you should have employees sign an acknowledgment of receiving and reading them. Having clearly defined policies in place should set rules for expected behavior and can even define the consequences of violations.
A few common network security policies you may want to consider:
- Require all of your employees to maintain a strong password.
- Require all employees to reset their password every 6 weeks.
- Make sure you include a policy on acceptable internet usage.
- Only share sensitive information through approved encrypted channels.
- Employees must lock their computer whenever walking away from their desk.
- Have a written and formalized process for employees to report any security incidents.
Train and Educate Your Employees
Although we are elbows deep in the digital age, it’s not too uncommon for employees to not be aware of or not recognize risks when using software or programs. Which is why it’s more important than ever for employees to be properly trained on cybersecurity. There are all different types of cybersecurity risks from spam, phishing, malware, ransomware, and even social engineering. Your employees need to be well informed of how to spot these risks and prevent a disaster.
Your employees are going to be your front-line defense against hackers and exploits. Training should happen on a regular basis as new threats emerge. Scheduling a 10-minute training session with your employees once a month to give them safe computing tips, you can turn your entire staff into cybersecurity awareness experts.
Conduct Network Security Audits
Conducting a security audit is a great way to get your organization on the right track towards protecting your business data. In order to conduct a security audit, you should take these steps:
1. Define the breadth of the audit.
What will the scope be? You should have a full list of your assets, including computer equipment, servers, as well as company and customer data.
2. What Are Your Data Threats?
After you have your list of assets, you need to know what threats each one of the faces. Common threats you may want to consider:
- Hacking Attacks
- Natural Disasters
- Malicious Insiders
- Phishing Attacks
- Social Engineering
- Human Error
3. Create a List of Security Priorities
After you know what your assets are and what threats they face, you can weigh the potential damages of a cybersecurity incident for each one. Then, you should be able to put security solutions in place that close the gaps in your data threats.
Always Backup Critical Data
Data that you store and process every day is critical to the running of your business. It is absolutely imperative that your data backup solution is reliable and guarantees data backup. Your data backup solution should be fast and easy to restore the data if a disaster occurs.
Establish a BYOD Policy
Nearly all of your employees will have a phone in their pocket, maybe a tablet in their purse, or even a laptop they bring in with them. All of these devices each come with their own risk, especially if they are able to connect to your network. Here are a few examples of BYOD policies you may want to consider to add to yours:
- Specify which devices are allowed to connect to your network. You may decide to allow phones to connect, but not laptops, based on your cybersecurity solutions in place which prevent attacks from certain devices.
- What apps will be allowed on your network and which ones will be banned? Companies sometimes ban social media on their networks because it interferes with productivity.
- Along with your BYOD policy, make sure you include an acceptable use policy. This should include social media, access to VPNs, browsing of questionable sites like pornography or gambling, and use for transmitting company or customer data.
Conduct Due Diligence
Even after you have set up cybersecurity policies and trained all of your employees. How sure are you they won’t open a phishing email? Or transmit customer data across an unsecured network? It happens more often than you’d think. You can set up exercises with your Managed Service Provider or your internal IT team to simulate phishing attacks on employees. The purpose behind this exercise is to determine who, if any, of your employees may need more security awareness training. Remember, your employees need to be the best defense your company has against cybercrime. Having a well-trained and well-educated staff will keep your data under lock and key.
Always Use Strong and Unique Passwords
Although creating a strong password can be hard to remember, it’s still more important than ever that each and every one of your passwords is unique and apply to one login. If you have a strong password of 4FjasS*32#, but you use it for every login that you have, you are increasing your chances of getting hacked. If even just one of your accounts is compromised, every account you then have becomes compromised, because you’ve used the same password over and over again. Here are a few tips on creating a strong password:
- Make sure your password has a minimum of 12 characters
- Include numbers, symbols, capital letters, and lower-case letters
- Stay away from common words, and common combinations (like ‘tree’ or ‘Greentree’)
Keep Hardware Up to Date
Old IT systems and hardware can often become a major security risk. Old hard drives and disks decay over time, which can often compromise your network. End-of-life hardware is often a target of cybercriminals because the longer the product has been out there, the more time the criminals have to discover all of its vulnerabilities. When your IT systems are out of date, you dramatically increase your risks of a cyberattack. Below are steps you can take to make sure your hardware stays current.
- Your systems should be running on a modern and manufacturer-supported OS. When your systems are no longer supported by manufacturers, they stop creating security updates, becoming an easy target for hackers looking to exploit this.
- Hardware that is old or corrupt may be incompatible with your software, which may unintentionally leave a door open for hackers to access your network.
- Regularly review all of your hardware and keep a log of all of your end-of-life asset dates. That way you can upgrade your systems before they become obsolete.
Use Multiple Layers of Network Security
Multi-layered security uses several measures to protect your business and customer data. By taking a multi-layered approach to security you will be protecting yourself against attacks in email attachments, files, adware, apps, and more. Multi-Layered Cybersecurity Solutions can include:
- Intrusion Detection System
- Malware Detection
- Spam Filtering
- Patch Management
- Managed Antivirus
- Web Protection
- Email Protection
- Data Encryption
- Continuous Monitoring
Email encryption will protect the content of your email from being read by anyone other than the intended recipient. If a hacker is able to get access to your email account, they will also get access to attachments and content. Encryption makes the content of your email unreadable to anyone outside of the destination you sent it to. So even if your email is intercepted by a cybercriminal, if it’s encrypted, your message and data should be safe.
Scan All New Devices When They Connect With Your Network
Any time a new device connects to your network, you should immediately scan it for potential malware or viruses. You should then block all potentially harmful devices from accessing your network. Without doing this, you leave yourself open to hackers and cybercriminals who may have found a way on your network through a new device.
Restrict Network Admin Rights
A study from Avecto found that 97% of critical security vulnerabilities reported by Microsoft could be mitigated by removing admin rights. Admin rights on a computer give the user the ability to add and remove software, add and remove printers, and change computer settings. Allowing the end-user to have their own admin rights also allows them to put shadow IT software on their computer. These applications may have security holes or may not work properly with other software, causing even more problems.
Another possible thing that could happen if an end-user had their own admin rights is they may unknowingly download a virus or malware onto your entire network. Admin credentials are key targets for hackers looking to infiltrate a network. Having centralized logging, monitoring, and auditing, of these credentials can provide you with early warnings of any cybersecurity breaches. Network administration rights should be limited to a user name that is only used for administrative processes and not for general network usage.
Multifactor identification will require that you use more than one method of authentication to verify your identity for logging in. This adds yet another layer of security to your network, making it more difficult for a hacker or cybercriminal to infiltrate. Examples of multifactor identification might be:
- Logging in a network and then receiving an SMS code to enter
- Your ATM card requiring the card to be present and for you to have a PIN number.
By using a multifactor identification solution, it will reduce your IT costs, secure your applications, verify the end-users, and keep your data safe.
Keep All of Your Software Up to Date
Software updates are crucial to both your cybersecurity and your digital safety. Updates may provide repairs to security holes or vulnerabilities found. The software company may have fixed or removed a bug. Cybercriminals are constantly looking out for software vulnerabilities, it’s one of their more favorite ways of breaching defenses. If you have out of date software on your network, hackers may get in through the opening of a phishing email, playing of corrupt media, or even by visiting a rogue website. Then they are able to inject your un-secure software vulnerability with malware and gain control over your network. Software updates often contain patches that plug up security holes, so don’t neglect them.
Keep All Mobile OS on Your Network Up to Date
Mobile device security threats are on the rise. And with mobile technology growing faster than any other type of technology, mobile security is a growing concern for businesses. By making sure all mobile devices on your network maintain an up to date OS, you eliminate the opportunity for hackers to breach your network.
Wipe Old Devices Clean Before Disposing of Them
Whether you are tossing it in the trash, selling, or donating your old electronic devices; securely erasing all of your data before disposal is a must. Simply just pointing and clicking delete isn’t always effective either. Some data recovery tools can access your files still after they are deleted. You will have to thoroughly wipe everything clean.
- Backup all of your files
- Delete and overwrite all of your personal information
- Turn on the drive encryption
- Uninstall all of the programs
- Go back to factory settings
Complete physical destruction of the device is also a quick and easy way to make sure no data can be recovered from it.
Sometimes protecting your entire network and all of your devices isn’t always enough. Bad actors are often looking for ways in. At your place of business, are your entrances secure? Or can any old Tom, Dick, or Harry waltz on into your office without an appointment and take a seat in the lobby or waiting room? Do you have staff in or near your lobby? An unmanned computer or public access to your building can open you up from a physical attack. Hackers have become so sophisticated, that they just may need to get within a few feet of a wireless access point to weasel their way on your systems.
Whether you are looking at your organization’s network security or the physical security of your office, much of the same rules apply.
1. Identify and catalog all of your resources and assets
- Video Cameras
- Timed Locks
- Security System
Along with your list of assets, make sure you know user credentials, network configurations, and any other pertinent information to those resources.
2. List all possible threats
Aside from physical sabotage, what vulnerabilities could a hacker find to take control of? Think along the lines of breaking into your network.
3. Find all of the possible vulnerabilities in your office
A broken window lock or a missing key fob could cause a lot of problems down the road. You should limit access to who can get into your building, including your lobby. If a badge or key fob comes up missing, deactivate it right away. You should also set up security alerts if a key fob is trying to access the building or certain areas of the building in the middle of the night or weekend.
4. Focus on the Server Rooms
Guarding or monitoring access to this space is absolutely essential to keeping all of your data safe. Only authorized personnel should have access to your server room and should only be able to access it with a key or badge.
Create and Maintain a Security-Focused Culture
Your Network Security is always going to start at the top with the c-suite or board of directors and trickle down from there. When the senior executives at the company completely embrace cybersecurity best practices within their own day-to-day operations, they should expect to see the rest of the organization follow. You should invest in companywide training regarding cybersecurity; make sure that all of your employees know the basics. This training should be ongoing, as new threats happen and employee turnover is inevitable. Having strong policies and guidelines regarding your security in place will also help when an employee doesn’t follow best practices.
Monitor the Dark Web for Your Business Information
The Dark Web is a major threat to your business. The Dark Web is a hidden part of the internet where criminals engage in illegal activity. It’s not just used for selling drugs and weapons, either. Your stolen business and client data can also wind up as a commoditized item on there. Hackers target databases with credit card information, financial transactions, leaked emails, user logins, and credentials. All of these things, if leaked could cause irreparable financial hard to your company.
Cybercriminals aren’t only looking for big businesses and enterprises to target. The small mom and pop shops are at risk, as well. The smaller businesses may even be more of a target because they typically have fewer cybersecurity solutions in place than their bigger counterparts. While corporations can spend upwards of millions of dollars keeping their data safe, many small businesses aren’t paying enough attention to the threat landscape. Dark Web Monitoring can scan the Dark Web and alert you if your information is found online.
Custom Information Services is a full-stack managed IT Support Company. If you are worried about the security of your business data and devices. CONTACT US today, we can help!Tags: Cybersecurity, Data