Posts

2018 Cybersecurity Trends: What Your Business Needs to Know

SMBs usually place cybersecurity a few places down on their list of important issues, mainly because they think hackers target the big guys: those corporations that bring in billions of dollars every year.

This belief is a myth.

Those big businesses routinely spend millions on cybersecurity, making them much more difficult to breach. Hackers often turn to companies that do not focus on these security issues, which is why half of the 28 million small businesses in the United States have already been hacked. Medium-sized businesses are also in danger of the same fate.

No matter the size, your business needs to focus on these 2018 cybersecurity trends to keep your data safe from thieves.

Password Policy Updates

CSO: 63% of confirmed data breaches involved leveraging weak, stolen or default passwords.

You and your employees have heard the following password warnings for years:

If you are like many people, you have often ignored this advice, making it incredibly simple for hacking software to determine your password, often in seconds. Your company needs to enforce these password rules to keep your data safe.

Related: Include These Key Steps and Elements to Create a Solid Cybersecurity Strategy

Since almost no one can memorize passwords for each of their accounts, you should install a password manager app for every employee. Your data will be safer, and your staff won’t have daily password breakdowns.

Employee Education

WeLiveSecurity: 70% of employees in some industries lack awareness to stop preventable cybersecurity attacks.

Every business needs to teach basic cybersecurity classes.

Many viruses and ransomware attacks come through email attachments that are carelessly opened by innocent employees. No one should ever open an attachment from an unknown source – in fact, your employees should check with the sender of an attachment before opening it to make certain it is a valid document.

Related: Bad Security Practices that Hackers Love

Some email providers automatically scan attachments for viruses. Make certain that your email provides this service. If it doesn’t, see if they have a procedure for downloading documents so that they can be safely scanned that way.

Stay up-to-date on current virus and phishing schemes and alert your employees to them. Simply being cautious can save the company thousands or even millions of dollars.

Secure Devices and Networks Through the Cloud

Gartner: Cloud-delivered security products are more agile and can implement new detection methods and services faster than on-site solutions.

You need to inventory all of your company’s endpoints and devices and know exactly where they are and who is using them. Someone can easily take home a company laptop or tablet and let their family members have access to it. Sensitive company data can easily be shared in that instance, which can lead to serious problems for the company.

Also, no one should do company business on an unsecured WiFi connection. First, check that your company’s firewall, virus protection, and internet connection are all up-to-date and secure. Then make certain that no one is using company computing devices on a open connection at a coffee shop or similar location. Hackers commonly use these security lapses to steal important data.

Related: 6 Cybersecurity Myths That Are Hurting Your Business

You should use cloud protection platforms to monitor the status of your organization’s security. It allows for anytime, anywhere access that can save you a lot of trouble in the event of a cyberattack.

Final Thoughts on 2018 Cybersecurity Trends

SMBs are popular targets for hackers who can steal company and customer data, leaving everyone involved exposed to financial loss. These internet thieves consider smaller businesses easy marks because… they usually are.

You can protect your company from serious cybersecurity problems by partnering with an SMB security specialist that can handle your security for you. We’ve got experience in protecting organizations like yours.

We’ll make sure that no matter what comes your way, your data will stay your own.

Interested in learning more? Contact us today to get more information or to get started.

Bad Security Practices That Hackers Love

When you think about hackers and security breaches, you often associate these attacks with large corporations. Although major security attacks do impact large businesses, small-to-medium businesses tend to be the easiest targets for hackers.

Unfortunately, smaller companies often don’t have a dedicated IT team to enforce digital best practices, leaving them vulnerable to criminals.

Luckily, even if you do not have a deep understanding of IT practices, you can still protect your company through good due diligence — all while avoiding common pitfalls that hackers love.

Be Mindful of These Bad Security Practices

You have likely heard about security best practices. However, it’s also important that you take a proactive approach in regards to bad practices. After all, only around 14% of small companies rate their ability to reduce cyber risks and attacks as highly effective.

Address the following bad practices as soon as possible in order to mitigate cyber-security risks.

Bad practice #1: Only implementing an “all-in-one” antivirus scanner

Back in the early 90s, all-in-one antivirus scanners were effective, as they were able to detect the dozens of worms and viruses lurking out there. Unfortunately, times have changed. Thousands (if not millions) of malware programs are released monthly, many of which will go undetected.

To protect your business, you need a combination of tools in a unified platform that is easy to manage. This platform should take care of things like file sharing security, email security, routine system scans, and more.

Bad practice #2: Reusing passwords

Many people have a “go-to” password, often using it across multiple online accounts. This has led to some major data breaches in the past, as hackers are able to easily steal a copious amount of information by just knowing a single password.

Each account needs to have a strong, unique password. Make sure each password is at least six characters (but the more the better) and that it includes a combination of numbers, letters (both lowercase and uppercase), and symbols.

Bad practice #3: A lack of training

One of the biggest issues associated with cybersecurity is human error. Whether your staff ignore security updates or is unaware of phishing scams, poor training and a lack of awareness are incredibly dangerous for your business.

Many companies do not make cybersecurity training a priority until it’s too late. Be sure to meet with your staff on a regular basis to discuss the latest techniques and methods, as well as recent trends and dangers (especially in relation to malware email attachments).

Related: The 3-2-1 Backup Rule — Why It’s Important

Bad practice #4: Not performing regular tests

You may have implemented security measures in the past, but that does not mean they’re up-to-date. This is where regular testing or “fire drills” come into play. If you created a security response plan within the last year, you should run a hypothetical drill.

Ideally, you should be revisiting your security plans quarterly — but many businesses are now opting to run drills monthly. This also applies to your disaster recovery plan (as hackers are not the only risk involved).

Bad practice #5: Ignoring the dangers of mobile devices

Since many companies are transitioning towards a “bring your own device” arrangement, business owners need to consider where critical data is being stored and accessed. This is because mobile devices are typically easy to crack.

If you currently have mobile device management (MDM) or enterprise mobility management (EMM) solutions in place, know that these do not protect you against hackers and malware. This is something that you can discuss with a managed service provider.

Create a Better Cybersecurity Strategy Today

Beginning today, it is imperative that you take a proactive approach, focusing on your company’s future. After all, cybersecurity entrepreneur and IT security futurist, Neil Rerup, said it best, “True cybersecurity is preparing for what’s next, not what was last.”

Now is the time to create a solid cybersecurity strategy and if you require assistance, please feel free to contact our team our team today!

6 Cybersecurity Myths That Are Hurting Your Business

Every company is wrestling with cybersecurity. The number of breaches makes it impossible to ignore the issue. One of the biggest challenges that companies face when addressing cybersecurity is the number of myths and misconceptions that surround it.

These are some of the cybersecurity myths hurting your ability to protect your business.

A Security Breach is a Source of Embarrassment

An important prerequisite to fighting security breaches is the company’s mindset. It’s difficult (if not impossible) for any company to eliminate the opportunity for a hacker to breach their system. If you believe that being hacked is something better swept under the rug, you’re limiting your ability to prevent breaches and handle the situation if hackers attack your company.

Divider

Related: 3 Data Loss Horror Stories

Bottom Divider

All companies benefit from pooling their knowledge with others. Keeping cybersecurity concerns and experiences a secret will only make everyone more vulnerable. In addition, trying to hide a breach will result in more damage over the long term.

After all, would you trust a company that didn’t tell you if your data was at risk?

Using Antivirus Software is Enough

Antivirus software was a blessing 20 years ago. Today, however, it will only protect against an unenthusiastic hacker. Most hackers have found ways around antivirus software and can easily hide an attack from an unsuspecting user.

Antivirus icon

In other words, today’s sophisticated and quick attacks are no match for antivirus software.

A cybersecurity strategy must include preventing access, but it’s also necessary to recognize that you need a more proactive stance. You must protect against the known threats that antivirus software can spot.

But, it may be even more important to have the ability to spot unusual and unauthorized activity on a network and initiate appropriate action. If you can’t stop all attacks, at a minimum, your security system should work toward minimizing the damage.

My Company Will Never be Interesting to a Hacker

Anyone who believes it will never happen to them is almost guaranteeing that it will. For example, many small businesses think they’re immune to cyberattacks. That’s a prime cybersecurity myth, as research shows quite the opposite:

Hacker Icon

Another issue to consider is that companies of every size store data that shouldn’t become public, or fall into a hacker’s hands. Whether it’s confidential customer information or trade secrets, there’s a hacker out there who would be interested.

You need to protect your network and your servers, but you also need to protect local PCs, mobile phones and other devices that access your network. Any device that connects to your network is a potential doorway for hackers to breach your systems.

It’s Just an IT Problem

It’s true that your IT department has the technical knowledge needed to implement security strategies. However, the users of your IT systems present the biggest internal threat – one that IT can’t control.

The problem isn’t an employee planning to steal sensitive information. The biggest threat the users present is an innocent action that has unintended consequences. For example, ransomware attacks usually start with a malicious email sent to one of your employees with a file attached.

Hackers are becoming very creative in making an email look like it’s coming from a reasonable source, and that its attachment contains an order, invoice, or some other important document. When the employee opens the attachment, they realize that it’s not real. By then, it’s far too late.

Did you know?

Training employees on cybersecurity, and educating them in how to spot a suspicious email is critical. It’s also important to have senior management support to make cybersecurity awareness part of the company’s culture.

Furthermore, the impact of a security breach takes it out of the realm of a technical problem. The financial damage makes the potential of a security breach a problem that the most senior management in the company needs to address.

Addressing Cybersecurity is Just Too Expensive

Every company faces the challenge to encourage growth as they allocate funds internally. However, if funds become limited, cybersecurity may fall down the list of priorities. This big mistake is often the result of a mindset that considers cybersecurity spending to be something a company should do after funding all other “important” programs – programs that are considered critical for success.

Top Divider

Helpful: A Guide for Crafting a Small Business Data Backup Strategy

Bottom Divider

It’s easy to dispel this myth by looking at the impact of a cybersecurity attack. As stated earlier, SMBs have a 50/50 chance that a hacker will attack. Besides that, the financial burden that follows a successful attack can cripple or put your company out of business. In light of those facts, funding cybersecurity projects will always be the most cost effective approach.

I Don’t Need Anything Else Because I Have Great Security

This may be the biggest cybersecurity myth of all.

In fact, 35% of SMEs believe that they don’t need to fund cybersecurity because they have great security. That may be true in the moment, but consider that hackers are creating new ways to breach your security every day.

Establishing an active and ongoing cybersecurity strategy is the only way to do everything possible to protect your systems.

Cybersecurity Myths, Dispelled

The importance of addressing cybersecurity isn’t a trend that will fade away over time. If anything, it will become more important to the future of your company as time goes on.

If you have questions about the effectiveness of your cybersecurity strategy, you don’t want to wait until you’re faced with a breach. We can help you evaluate and update your security systems. Contact us today for more information.

9 Things You Can Do to Outsmart Ransomware Attacks

It won’t matter if you consider your company an unlikely target for ransomware attacks. If just one ransomware attack hits your network, it will still cripple your business.

Take the time now to prepare for and take precautions against ransomware attacks.

1. Create a Device Inventory

You need to have an up to date inventory of all devices on your network, and you need to monitor those devices on a regular basis. The list should include all security devices, access points and network devices to ensure that you are tracking every possible place a cybercriminal could access your network.

2. Automate Software Updates

All of your endpoints need the latest software to thwart exploits to the greatest extent possible. Automating software updates and patches is the best way to keep everything current. Your updated device inventory will help you to ensure that all of your endpoints are covered.

3. Segment Your Network

You need to minimize the impact if you do get hit with a ransomware attack. Segmenting your network is one way to close some doors that an attacker would otherwise use to travel throughout your network.

Once you have identified the flows through your network, you can plan segmentation to minimize the number of traffic flows that need to cross segment boundaries.

4. Keep the Network Clean

Develop a policy controlling the devices that anyone adds to the network. Check all devices to ensure that they meet basic security requirements, and will allow you to actively scan for unpatched or infected devices and data flow.

5. Use Access and Application Controls

Controlling access can include limiting admin accounts, and limiting users to only the access they need. For example, if a user only needs read access, don’t allow write access.

From an application standpoint, implement controls that prevent an application from executing from a known ransomware location such as temporary folders related to internet browsers.

6. Create a Dynamic Disaster Recovery Plan

It may be virtually impossible to put enough controls in place to stop any cybercriminal. They change their tactics often and get smarter every time. The best defense is to have a disaster recovery plan that allows you to ignore the demands for ransom and get your systems back up and running quickly.

7. Establish Off-Network Backups

Ransomware attackers count on the fact that you’ll be desperate to get your data back, and will quickly pay the ransom. You can avoid that situation by creating an off-network backup for at least critical systems. Restoring your systems as quickly as possible will definitely frustrate the cybercriminals.

Related: The 3-2-1 Backup Rule: Why It’s Important

8. Get Management Support

The fight against ransomware attacks requires the support of management. Senior executives need to make cybersecurity a priority and communicate that company-wide. In addition, a comprehensive approach to stopping attacks will require the financial support that only a dedicated senior management staff can provide.

9. Train the Staff

Many cyberattacks start from a phishing email that lets an unsuspecting employee introduce a threat. Another common source is the surfing employees do on the internet. That’s where they can inadvertently visit a website or download something that introduces a threat.

Train employees on how to identify and avoid suspect emails. Besides that, educate them about the purpose for their browser identifying suspect websites and the importance of taking the warnings seriously.

Your Organization’s Next Steps

You may find other actions you can take to avoid ransomware attacks. However, if you haven’t addressed the issues listed above, you’re particularly vulnerable.

If you want to get started on making your system more capable of frustrating ransomware attacks, contact us to learn how we can make your organization ransomware-proof.

Include These Key Steps and Elements to Create a Solid Cybersecurity Strategy

Being aware of the most recent cybersecurity trends is imperative when planning for the future. It’s especially true when you take into account the more than 7 in 10 U.S. organizations that were impacted by a data breach over the past few years.

The majority of those affected are small-to-medium sized businesses.

Understanding the associated threats is the first step towards the development of a solid cybersecurity strategy. This will allow you to take a proactive approach, creating a reliable security plan before any issues arise.

SMBs Face Significant Cybersecurity Threats

In the headlines, you often hear of security breaches in regards to large corporations.

Naturally, they’re significant enough – they involve the personal information of thousands (if not millions) of customers. Still, you seldom hear about the more common victims — those who own or operate small businesses.

It makes sense, as from a hacker’s point-of-view. A small business will have more digital assets than a random individual, and they also have fewer security protocols in comparison to larger organizations.

They’re the unfortunate perfect target for these cybercriminals. But all hope is not lost.

In addition to working with a professionally managed service provider, you must be aware of best practices for your business. Start with the basics and continue to invest in vulnerable areas, focusing on firewalls, two-step authentication, data backup solutions, encryption software, etc.

Divider

Related: 8 Business Benefits of Having Managed Services

The Elements in Your Cybersecurity Strategy

When it comes to the current and future success of your business, cybersecurity is a serious issue — and the stakes are higher than ever before. If you are ready to get serious about cybersecurity, be mindful of the following elements and recommended steps.

Step 1: Get (and Stay) Informed

When it comes to a solid cybersecurity strategy, there is one element you need to be aware of — human error. The human component can significantly weaken your level of security, especially if training is not a key priority.

Within your company, you should assign the role of Chief Information Security Officer. This individual (or team of individuals) will have authority and funding to ensure the protection of company data and the IT infrastructure. Although there should be levels of hierarchy, you should provide training for each person within the organization.

From spotting phishing emails to avoiding possible malware attacks, remember that knowledge is power. The key here is due diligence and overall awareness. In addition, if a breach does occur, team members should already know how to respond.

Pointing right finger

Tip: Be sure to hold regular meetings and training sessions in regards to software updates, data backup plans, and overall security measures. When you create a culture of cybersecurity in the workplace, you will be able to implement a more effective, proactive strategy.

Step 2: Create and Implement Your Strategy

In order to create a solid cybersecurity strategy, you need to first be mindful of vulnerabilities.

For example, what threats do you currently face in relation to network security? How can you perform your due diligence in regards to cloud security or application security? Do I have the right hardware and software in place to adequately defend my data?

These are the types of questions you must ask yourself.

These elements will coincide with your disaster recovery plan, which you can read all about here. To ensure best practices, depending on your industry, you can rely on some of the latest industry standards, including ISO/IEC 27001 and HIPAA.

Pointing right finger

Tip: It is important that you customize your cybersecurity strategy based on the specific threats and vulnerabilities your company faces. In the latest framework, presented by the National Institute of Standards and Technology, you may view key areas to consider (in addition to suggested guidelines).

Step 3: Monitor and Test Your Infrastructure

Creating a cybersecurity strategy is only half the battle. In order to ensure that it’s solid, you must monitor its activity and perform regular tests to ensure that it works. While monitoring your IT infrastructure, be sure to generate incident reports that showcase unusual activity.

By building a threat intelligence base, you will gain greater insight and improve your ongoing strategy. Remember, as technology continues to evolve, new threats will likely surface. Your cybersecurity strategy will need to adapt to these changes, improving overall risk management.

In addition, you must implement a comprehensive response plan — just in case a breach does occur. Once you have developed your disaster plan, you should run a drill to better understand and/or refine your current procedures.

Pointing right finger

Tip: If you discover a potential risk, it is important that you have a response checklist prepared. For example, you should record the date and time that the potential breach was discovered, before re-securing the equipment or systems in question. To ensure that no data is lost, always follow the 3-2-1 backup rule prior to any problematic incidents.

AppSolute Protects SMBs Around the Clock

As Neil Rerup, famed cybersecurity architect, once said, “True cybersecurity is preparing for what’s next, not what was last.”

At the end of the day, everyone is at risk when it comes to cybersecurity. As an SMB, it’s imperative that you take action before a problem arises, as a data breach could potentially put you out of business.

If you have any questions regarding your company’s security needs, please contact us today. We can work to protect your data and your clients with next-gen solutions and experience technicians.