Security threats take many forms. Most owners of small and medium-sized businesses (SMBs) are aware of the need to defend against the top three — viruses, ransomware, and phishing attacks — but their organizations are generally not as prepared to deal with the risks related to employees leaking data or sharing sensitive information, whether maliciously or accidentally.
According to research conducted by Microsoft, infection by a computer virus is the most commonly cited among security threats facing businesses. Preventing viruses requires an integrated approach to endpoint and identity management, including:
- Deploy next-gen antivirus software, with advanced threat protection, installed and updated, on all devices
- Use web filtering and monitoring services to prevent infection, even from trusted sites
- Roll out mobile device management to secure work devices (including laptops and desktops), as well as personal devices used for work
- Enforce the use of multi-factor authentication as part of an integrated identity and access management solution
Ransomware is a type of malware that restricts access, encrypts files, or even stops you from using your systems. Like viruses, ransomware can enter the company through insecure endpoints or unsuspecting users.
While virus protections also protect against ransomware, no protection is perfect. You need to be ready to respond and recover in the event of a successful cyber attack. Here are some solutions and services you should have in place:
- Backup your data and system images, in the cloud, to ensure your ability to restore and recover
- Encrypt all data, at rest and in motion
- Deploy business continuity services to spin-up copies of servers in parallel with remediation
- Pre-arrange access to forensic, legal, and communications resources to ensure a proper business response
- Acquire cyber insurance to cover remediation, recovery, and regulatory costs, along with lost revenue
3 Phishing Attacks
The majority, 67 percent, of cybersecurity professionals surveyed consider phishing to be the greatest security threat facing your business and employees. To protect your people, your data, and your business:
- Configure advanced threat protection services to identify and block attacks via email using links and/or attachments
- Monitor inbound and outbound email traffic
- Provide your team with awareness training to recognize problem emails, and how to respond/act
- Instruct your team to report suspicious messages, links, and attachments
- Deploy domain level services to prevent identity-spoofing
!! Internal Leaks & Threats
Insider security threats are often overlooked. Surveys indicate that 53% of organizations have experienced insider attacks against their organization.
These risks take several forms. About 37% of internal leaks can be attributed to careless or uninformed employees. In many cases, these employees are using personal, less secure or unsecured services to conduct business. Whether consumer versions of email or cloud drives for sync and share, these “shadow IT” services pose a significant risk.
While the majority of internal leaks and threats are unintentional, 36% of internal leaks are identified as attacks by a malicious employee.
To prevent data leaks and breaches, you should:
- Actively manage access and permissions to networks, systems, applications, and data; periodically review permissions for compliance
- Leverage features within your systems that help you manage and protect confidential and proprietary information
- Deploy information protection solutions, such as Data Loss Prevention (DLP) and document/message level encryption, to block sensitive data from leaving your control
>> Take Action
All of the suggestions, above, fall within our CPR best-practice model for cyber security: Communicate & Educate; Prevent & Protect; Respond & Recover.
To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.