By: Adam Baer
Today, it is a rarity to make it through a news cycle without reading a headline about the latest cyber-attack. Stories on Viruses, Hackings, Ransomware and the Darkweb clutter our newsfeeds yet many people, especially small business owners, still have the – it can’t happen to me mentality. Well, I am here to tell you it can and the threats are real. I understand this can be overwhelming for those business owners who don’t have an Information Security Officer (CISO) or even a full-time IT staff but don’t worry; I have a few helpful tips that can protect your data.
- Employee Training:
By educating your employees on what a phishing attempt is, how they can detect them and who to go to if they suspect something is wrong can deter them from blindly clicking on a link. In time, they will become more capable of detecting click bait and will not need as much support. For the more advanced companies, I recommend bringing in professional trainers who will train your staff on how to identify potential threats. Uneducated employees are one of the biggest threats to your network. Training them on how to identify threats is a cost-effective way to start protecting your network.
- Backups and Disaster Recovery:
In the event of a Ransomware Attack you have two choices, pay the ransom and hope you get the decryption key or clean your systems and restore your critical data from backups. Option one requires payment in Bitcoin which if you don’t have an account, it takes time to get one and even more time to have enough buying power to fund most hackers requests. I suggest going with option two and making sure you have a solid disaster recovery plan and test it. I recommend making small steps to truly understand what data is being backed up and more importantly understand how to recover it. Bring it back online as a usable system in your network and document every step, repeat the process on a regular schedule and adjust for any changes. Every step takes time, and you will find everything takes even longer in the midst of a catastrophic event.
- Network Security:
It’s important to consider security from all angles and secure all entry points into the network, but your best investment is ensuring you have the right firewall. It’s not only important to have the correct firewall but also to have the right partner to configure your firewall. The right security partner can help you sort through the bits and bytes to determine the best firewall solution. There have been many times that I have surveyed a network and find that the existing firewalls are simply misconfigured, essentially leaving the front door open. Today’ firewalls are much smarter than those from even a couple of years ago. Technologies like Deep Packet Inspection of encrypted traffic, Zero- Day threat protection and virtual sandboxes are helping business owner’s fight against cyber-criminals.
These best practices don’t have to cost a lot of money; sometimes a little focus and planning can go a long way. With a little preparation and some baseline best practices you can protect your business and thwart off many would be breaches.