Security Threats: 3 You Know and 1 You Should
Security threats take many forms. Most owners of small and medium-sized businesses (SMBs) are aware of the need to defend against the top three — viruses, ransomware, and phishing attacks — but their organizations are generally not as prepared to deal with the risks related to employees leaking data or sharing sensitive information, whether maliciously or accidentally.
Top 3 Types of IT Security Threats
According to research conducted by Microsoft, infection by a computer virus is the most commonly cited among security threats facing businesses. Preventing viruses requires an integrated approach to endpoint and identity management.
How to Prevent Viruses:
- Deploy next-gen antivirus software, with advanced threat protection, installed and updated, on all devices
- Use web filtering and monitoring services to prevent infection, even from trusted sites
- Roll out mobile device management to secure work devices (including laptops and desktops), as well as personal devices used for work
- Enforce the use of multi-factor authentication as part of an integrated identity and access management solution
2. Ransomware IT Security Threats
Ransomware is a type of malware that restricts access, encrypts files, or even stops you from using your systems. Like viruses, ransomware can enter the company through insecure endpoints or unsuspecting users.
While virus protections also protect against ransomware, no protection is perfect. You need to be ready to respond and recover in the event of a successful cyber attack. This includes implementing solutions and services, and ensuring you have the proper protocols in place.
How to Prevent Ransomware Security Threats
- Backup your data and system images, in the cloud, to ensure your ability to restore and recover
- Encrypt all data, at rest and in motion
- Deploy business continuity services to spin-up copies of servers in parallel with remediation
- Pre-arrange access to forensic, legal, and communications resources to ensure a proper business response
- Acquire cyber insurance to cover remediation, recovery, and regulatory costs, along with lost revenue
- Focus on the four pillars of cloud security, and continue to review them on a yearly basis
3. Phishing Attacks
The majority, 67 percent, of cybersecurity professionals surveyed consider phishing attacks to be the greatest security threat facing your business and employees. Take the proper steps today to protect your people, your data, and your business.
How to Prevent Phishing Attacks:
- Configure advanced threat protection services to identify and block attacks via email using links and/or attachments
- Monitor inbound and outbound email traffic
- Provide your team with awareness training to recognize problem emails, and how to respond/act
- Instruct your team to report suspicious messages, links, and attachments
- Deploy domain level services to prevent identity-spoofing
1 Additional IT Security Threat You Should Know
!! Internal Leaks & Threats
Insider security threats are often overlooked, and small and midsize businesses are generally unprepared to deal with these IT security threats, accidental or malicious. Surveys indicate that 53% of organizations have experienced insider attacks against their organization.
These risks take several forms. About 37% of internal leaks can be attributed to careless or uninformed employees. In many cases, these employees are using personal, less secure or unsecured services to conduct business. Whether consumer versions of email or cloud drives for sync and share, these “shadow IT” services pose a significant risk.
While the majority of internal leaks and threats are unintentional, 36% of internal leaks are identified as attacks by a malicious employee.
To prevent data leaks and breaches, you should:
- Actively manage access and permissions to networks, systems, applications, and data; periodically review permissions for compliance
- Leverage features within your systems that help you manage and protect confidential and proprietary information
- Deploy information protection solutions, such as Data Loss Prevention (DLP) and document/message level encryption, to block sensitive data from leaving your control
- Implement proper cyber insurance and breach response protocols
>> Take Action Against IT Security Threats
All of the suggestions, above, fall within our CPR best-practice model for data protection and cyber security: Communicate & Educate; Prevent & Protect; Respond & Recover.
To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.