VIDEO: 10 Great Ways To Reduce Your Cyber Risk
Since the start of the pandemic, the rate of cyberattacks grew by 400%.
As cybercrime becomes more prevalent, your organization becomes a more likely target, no matter its size.
Discover 10 great ways to reduce your cyber risk in this new video:
The Small Business Cybersecurity Dilemma
Given how often big-name data breaches make headlines these days, you probably think cybersecurity is only a concern for big businesses. Whether it’s Colonial Pipeline or Kaseya, the one thing they all have in common is that they’re operating on a scale much larger than your organization is.
Are you letting your small size give you a false sense of security?
For small businesses, the situation is especially dire.
According to a study conducted jointly between Cisco and the National Center for the Middle Market, over 50% of small businesses have no cybersecurity strategy or plan in place and for those that do, most have not reviewed the plan in over a year.
A cybersecurity strategy and plan, once created and adopted, must be reviewed at least annually to ensure that current threats are being included.
Cybersecurity is not a one-and-done solution; the threat landscape evolves at a rapid pace and frequent reviews ensure that the plan will help reduce an organization’s cyber risk profile. That’s why you need to be aware of the greatest threats to your business and plan against them.
10 Cybersecurity Tips You Need To Follow
Conduct A Comprehensive Cyber Risk Assessment
The gulf between what you know and what you don’t is where cybercriminals operate. That’s why risk assessment processes are so crucial. They help you better understand where your most severe cybersecurity issues are.
Consider the facts—whereas nearly 80% of IT security leaders believe their organizations are not secure enough, only 57% have invested in cybersecurity risk assessments. Don’t make the same mistake.
Are you unsure of how secure your business’ IT infrastructure is? The network that connects your business’ computers deals with a lot of sensitive and valuable information—this makes it a prime target for cybercriminals.
You can’t afford to assume that your cyber security measures and practices are keeping you safe. You need to understand the risks you face, and how to mitigate them, which is precisely what a Cyber Risk Assessment will achieve.
Conduct Ongoing Cyber Awareness Training
If your staff lacks a proper understanding of cybercrime threats and how to defend against them, it’s only a matter of time until it costs you.
Here are the facts:
- 90% of cybersecurity incidents can be traced back to human error
- The average cost of a data breach is $3.86M
- 60% of breached companies go out of business within half a year of a cyber incident
What does that mean?
What your employees know about cybersecurity, and how securely they use IT can directly affect the future of your business. If you’re breached, the best-case scenario is thousands, but could be millions of dollars in damage.
You can’t expect a firewall and antivirus solution to keep you 100% secure. Cybercriminals know that the user is the gap in a business’ cyber armor—that’s where they’re going to aim.
That’s why cybersecurity awareness training is such a worthwhile investment. It turns your most dangerous weakness into a key strength.
Use Multi-Factor Authentication
Multi-Factor Authentication is a great way to add an extra layer of protection to existing system and account logins. 45% of polled businesses began using MFA in recent years, compared to 25% the years before.
By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re better able to ensure that the person using your employee’s login credentials is actually who they say they are. Biometrics like fingerprints, voice or even iris scans are also options, as are physical objects like keycards.
Enforce A Strong Password Policy
Despite the fact that passwords are the most direct way to access a user’s private information, most passwords in use today are simply not strong or complex enough.
Passwords protect email accounts, banking information, private documents, administrator rights, and more. Even so, user after user and business after business continue to make critical errors when it comes to choosing and protecting their passwords.
Keep these tips in mind when setting your passwords:
It’s common that passwords are required to include uppercase letters, lowercase letters, numbers, and special characters.
Consider using a passphrase—which is when you combine multiple words into one long string of characters—instead of a password. The extra length of a passphrase makes it harder to crack.
For a more secure passphrase, you’re encouraged to combine multiple unrelated words to create the phrase, for example, “goldielittlelamb3pigs.”
These programs store all of your passwords in one place, which is sometimes called a vault.
Some programs can even make strong passwords for you and keep track of them all in one location, so then the only password or passphrase you have to remember is the one for your vault.
The downside of using a password keeper program is if an attacker cracks your vault password, then he or she knows all of your passwords for all of your accounts. But many IT professionals agree, the benefit of a password keeper program far outweighs this risk.
Implement A Least Privilege Access Model
Pop quiz—who on your staff is authorized as your local administrator?
At most, your organization’s local IT manager, or another member of the business’ leadership should be set as the admin. If any other staff members have that level of access, it poses a serious risk to your cybersecurity.
The fact is that many businesses give out administrator rights by default. This makes it far easier for cybercriminals to gain access to your systems.
All they have to do is hack the employee’s account, and then they have full administrator access to your IT environment. That’s why you need to be very careful about who has administrator rights on their business account. Make sure that any given user only has the access rights they need to do their job.
Make Sure All Systems Are Routinely Patched
Despite how advanced modern software is, it is still designed by humans, and the fact is that humans still make mistakes. That’s why much of the software you rely on to get work done every day could have flaws—or “exploits”—that leave you vulnerable to security breaches.
Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.
This is why it’s important for you to keep your applications and systems up to date.
Deploy Next-Generation Endpoint Security Solutions
More often than not, businesses will choose free, consumer, and trial-based options instead of buying outright, paying for licenses, or investing in the premium solution.
Where this may occasionally be a practical decision, say, in terms of choosing a cheaper option because it fits the scope of a small business, there’s one area in which this will always be the wrong choice—cybersecurity.
The most popular business-class firewalls in use today are next-generation firewalls. These are hardware or software solutions used to detect and block complicated attacks. They enforce strict security measures at the port, protocol and application levels.
Next-generation firewalls can detect application-specific attacks (traditional firewalls can’t). Therefore, they have the ability to prevent more malicious intrusions.
Next-generation Firewalls perform a more in-depth inspection than standard firewalls. They perform inspections of state and active directories, virtual private networks and packet filtering. They also come with additional features like active directory integration support, SSH, and SSL inspection, as well as malware reputation-based filtering.
Encrypt All Data
In layman’s terms, encrypted data is formatted in a secret code that would be meaningless if intercepted.
It is one of the most efficient ways to secure a database given that decryption can only occur through a key, which is essentially a “secret password”. In this case, there is a need for updated encryption software to ensure that private information is only accessible through the database program.
Encryption technology is a great way to protect important data. By making data unreadable to anyone who isn’t supposed to have access to it, you can secure files stored on your systems, servers, and mobile devices, as well as files sent via email or through file-sharing services.
While all your data should be encrypted, often the first and best step is to start with how you communicate—that is, your email.
Email is the primary method of communication amongst your staff members and your community, so if you’re not encrypting email, you’re leaving all sorts of sensitive information open to unauthorized access.
Unfortunately, concerns like cybersecurity, compliance and email encryption are often last on the list when it comes to small businesses. The resources needed simply aren’t always that easy to come by. Unfortunately, technology is sometimes the last thing to be considered when it comes to committing finances.
Perform Ongoing Penetration Testing
Also known as pen testing, this is an attempted and authorized breach against your business systems to disclose application, web server, or network vulnerabilities.
Penetration testing keeps you ahead of the attackers by letting you in on exploitable weaknesses and gives you a chance to correct these before you lose valuable data and vast amounts of money.
Mandate Secure Remote Access Solutions
When the COVID-19 crisis hit, it hit fast.
Despite what, in retrospect, may have seemed like a gradual build-up, it was virtually over the course of a single weekend in March that businesses across the US had to pivot to a remote work model.
Obviously, the first priority was maintaining business continuity. You needed to make sure your newly remote workers had the technology and the remote access necessary to do their work.
But the process doesn’t end there—security is a complicated undertaking for remote work models, and needs ongoing attention.
Continuing with a remote work model, whether entirely or in part, will require:
- Enhancing security measures
- Providing the right hardware for users working permanently from home
- Implementing more permanent file-sharing and collaboration tools
Need Expert Cybersecurity Guidance?
Don’t let basic cybersecurity put you at risk, and don’t assume you have to handle advanced cybersecurity all on your own.
Alliance Technology Partners can help you assess your cybersecurity and develop a plan to enhance it.
You can start improving your cybersecurity by getting in touch with our team.