Posts

4 More Protections for Your Business

Data protection iconIn our last blog post, we identified 3 must-have protections for any business using Google Workspace or Microsoft 365.

  • Backup/Recovery
  • Advanced Threat Protection
  • Multi-Factor Authentication

In combination, these protections help prevent successful attacks and give you the ability to recover should an attack be successful.

Here are 4 more protections for your business

Putting these protections in place improves your ability to prevent attacks, and your ability to survive.

1 Next-Gen Endpoint Protection

Basic anti-virus protection is not enough. Scanning files for known or similar patterns will not protect you from modern malware or ransomware.

Next-Gen Endpoint Protection solutions use advanced heuristics, behavior analysis, and machine learning to assess threats in real-time.  These solutions identify attacks, prevent them from running, and roll-back damaging activity.

2 DNS and Web Protection

Cyber attacks are not all breaches. Attackers can use DNS to block your use of the Internet or to impersonate you and your business. Both types of attacks hurt your business and your reputation.

Between 15% and 20% of malware is downloaded without your knowledge from websites. This malware is often hidden in third party content on websites your trust.

DNS protection creates a protective barrier that prevents others using your DNS service against you. Web Protection blocks dangerous web sites and prevents malware downloads to your devices.

3 Employee Communication and Education

Ignorance is not bliss. Employees who know are less likely to make a mistake and trigger an attack or breach. You want your team to understand:

  • The danger of cyber attacks and how to avoid them
  • The likely damage form cyber attacks
  • What to look for
  • What not to do

Employee communication and education is key to creating an aware and resilient team. Combined with testing and guidance, a communication and education program reinforces positive behaviors with on-going guidance and support.

4 Business Continuity for On-Premise Systems

Most small and midsize businesses still have some on-premise systems. The connectivity and integration across systems creates an increased risk for damage and loss. Even with backup/recovery in place, restoring systems, databases, applications, and data can take days. You want, and need, to be back in business quickly — in minutes or hours.

Business Continuity/Disaster Recovery (BCDR) solutions enable you to resume operations within minutes using images of your systems running in cloud data centers. With BCDR in place, your business runs smoothly while you recover your on-premise systems.

Failing to protect your data and systems is a failure to protect your business.  Contact us for a free assessment of your data and business protection needs.

3 Must-Have Protections for Microsoft 365 and Google Workspace

Data protection iconMicrosoft 365 and Google Workspace protect your data using a shared responsibility model.  They provide redundancy and backup to ensure your service is performing, available, reliable, and secure.  You are responsible for controlling access, managing permission, and protecting your data from loss.

Here  are 3 Must-Have Protections for your Microsoft or Google Cloud Services

 

1Backup Protection for your Data

Data in the cloud is just like data stored on local servers and workstations. Information in in Microsoft 365 or Google Workspace can be lost due to accidents or malicious acts.

  • User action — overwrites and deletes — can destroy content and files, whether accidental or deliberate.
  • Malware and ransomware corrupt files that sync to OneDrive, SharePoint, and Google Drive, can damage or delete your files.
  • Integrated third party apps can damage or delete information.

You need, and want, the ability to restore files, emails, contacts, and other information. A secure backup/recovery solution protects your data, and your business.

2Advanced Threat Protection

Cyber attacks come in many forms. The most common and most effective attacks still use email. Cyber criminals use behavior science and advanced phishing techniques to access your systems, collect personal information, steal data, and ransom your business.

Advanced Threat Protection (“ATP”) is more than “spam and virus protection.” ATP uses machine learning, advanced analytics and heuristics, and behavior analysis to identify and prevent cyber attacks from reaching your inbox. Methods like sandboxing safely test links and attachments before delivery.

Even an educated and aware team can and will fall prey to attacks. Prevention is key.

3  Multi-Factor Authentication

Your team members are human. While they may understand and respect the need for robust and unique passwords, human nature always tries to balance convenience.  Studies show that 70% of us will use the same, or substantially similar, passwords across systems. A hack or breach in a third-party tool poses a significant risk to your employees’ work identities.

A compromised identity does not enable access when you have additional authentication steps. Authenticator apps, dynamic security codes, and security tags/fobs each add physical verification to your digital access.

With cyber attacks on the rise, better protection is worth the minor inconvenience of multi factor authentication. Multi factor authentication delivers one of the best protections against breaches and unauthorized access.

Failing to protect your data in Google Workspace or Microsoft 365 is a failure to protect your business.  Contact us for a free assessment of your data and business protection needs.

Phishing and Spear Phishing

This post is part of our Cyber Threat Series.

The Challenge:

Cyber criminals prefer Phishing attacks. Phishing and Spear Phishing remain the primary vector for Malware attacks. Hackers evenly distribute attacks between two variants: Malicious Email Attachment (39.9%)  and Malicious Link (37.4%).

Leveraging human nature, phishing attacks look and feel like legitimate emails. Recipient often miss the cues that the email is fraudulent. We respond by clicking links to malicious websites, opening pictures or videos with hidden downloads, or opening infected attachments.

Advanced phishing attacks correlate public information from social media and pirated information from compromised systems to further personalize the attacks. These advanced attacks do a better job of hiding the malicious intent. As such, even savvy users fall prey.

What to Do:

The best protection is multi-level and multi-vector:

  • Teach your users about the risks and how they can help prevent attacks. User awareness leads to smart decisions on when to trust and when it’s safe to click.
  • Protect your devices with “Next Gen” endpoint protection. This includes your desktops, laptops, and mobile devices. Phishing attacks are usually platform independent and, therefore, trigger from most any email client or application.
  • Protect your email with an independent advanced threat protection (ATP) service. ATP covers inbound and outbound traffic.  ATP uses pre-analysis and testing of links and attachments for mismatched domains, copycat content, and malicious behavior. This “sandboxing” lets the ATP service block attacks from reaching your inbox.
  • Add a DNS and Web Protection solution to your environment.  Web protection blocks infected or fraudulent web sites, including blocking malware on infected sites we trust. DNS protection prevents hackers from corrupting and using your domain identities.
  • Deploy backup/recovery and continuity services that protect your on-premise and cloud data. Should an attack make it through your protections, you should be able to keep your business running while you clean up the damage.

Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Brute Force Attack

This post is part of our Cyber Threat Series.

The Challenge:

Hackers use Brute Force Attacks to target a single service exposed to the Internet, including Remote Desktop, Outlook Web Access, and email services. Brute Force Attacks gain access by trying every viable access method or password.

Hackers use these attacks to access your data or to install other malware within your systems. Patient hackers space out attempts; they are difficult to notice or detect. When hackers rush, the impact can be similar to a DDOS attack.

Hackers can launch Brute Force Attacks externally or from malware-infected systems on your network. Internal attacks often target specific systems and vulnerabilities, such as SQL Server and SQL Injection vulnerabilities.

What to Do:

Require robust passwords; they are your first protection from Brute Force Attacks. Put controls in place to enforce best-practice password structure and expiring passwords can thwart an attack.

Deploy Multi-Factor Authentication. MFA creates and additional level of protection since a compromised password is not sufficient for access.

To protect against internal attacks, ensure systems run current operating system versions. Keep all systems current with patches and updates.

Deploy “Next Gen” protections to keep Brute Force Attack malware from making it onto your servers and clients:

  • Advanced threat protection (ATP) for email
  • Endpoint and mobile device protection
  • DNS security and protection
  • Web protection and filtering

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.