Keep Your Data Safe From Phishing Attacks!
Cybercrime is on the rise, and hackers are using any opportunity to take advantage of an unknowing victim to gain access to personal information for financial gain. One commonly used tactic is phishing. Phishing messages are crafted to deliver a sense of urgency or fear with the end goal of capturing a person’s sensitive data and can result in wire transfer fraud, credential phishing, malware attachments, and URLs leading to malware spraying websites. Phishing scams are getting more sophisticated on a daily basis, thus harder to detect and avoid. Here are five different types of phishing attacks to avoid: 1. Spear Phishing Attackers pass themselves off as someone the target knows well or an organization that they’re familiar with to gain access to compromising information (e.g., credentials or financial information), which is used to exploit the victim. 2. Whaling Whaling is a form of spear phishing with a focus on a high-value target, typically a senior employee within an organization, to boost credibility. This approach also targets other high-level employees within an organization as the potential victims and includes an attempt to gain access to company platforms or financial information. 3. Mass Campaigns Mass phishing campaigns cast a wider net. Emails are sent to the masses from a knock-off corporate entity insisting a password needs to be updated or credit card information is outdated. 4. Ambulance Chasing Phishing Attackers use a current crisis to drive urgency for victims to take action that will lead to compromising data or information. For example, targets may receive a fraudulent email encouraging them to donate to relief funds for recent natural disasters or the COVID-19 global pandemic. 5. Pretexting Pretexting involves an attacker doing something via a non-email channel (e.g., voicemail) to set an expectation that they’ll be sending something seemingly legitimate in the near future only to send an email that contains malicious links. What to do if you think you’ve received a phishing email? First, to help identify it as a phishing email, check to see if the signed-by field was generated by a DomainKeys Identified Mail (DKIM) or a service. For example, if you received an email from name@datto.com, you would see a DKIM in the signature that looks like this: datto-com.20150623.gappssmtp.com. This is how all emails through a domain are processed. Emails shared through a service (e.g., Drive, Calendar, Dropbox, Box, etc.) do not have a DKIM. Instead, you would see the signature of the provided service (i.e., signed-by dropbox.com). If you receive a file, and it is not signed by google.com, gmail.com, dropbox.com, it is likely phishing – delete it immediately. It’s important to remain vigilant and proceed with caution in these circumstances. Source: https://www.datto.com/resources/phishing-attacks-how-to-recognize-them-and-keep-business-data-safe
Common Cybersecurity Threats for Small to Medium Sized Businesses
October marks the beginning of Cybersecurity Awareness Month, a month-long campaign to raise awareness of the need for a collective and proactive approach to cybersecurity. The campaign comes when the threat to businesses is greater than ever. According to the FBI, since the beginning of the pandemic, there has been a 300% increase in reported cybercrimes, with a majority targeted at small-to-medium-sized businesses (SMBs). This increase is likely due to the global shift to remote work, with employees accessing company infrastructure from their home network and IT teams maintaining it remotely. Common Threat Vectors for SMBs A threat vector is a pathway or method used by an attacker to access the target system. These attackers can then steal data, information, or money from individuals or businesses by exploiting these vulnerabilities and gaining access to the system, such as the company’s IT infrastructure or employee’s email). Once they gain access, they are able to remotely control the IT infrastructure, install malware or ransomware, or steal data and other resources. Weak or Compromised Credentials Bad actors obtaining access to user credentials is one of the most common ways for cybercriminals to access target systems. There are several ways for them to obtain these credentials, such as when users fall victim to phishing attempts and provide their usernames and passwords to authentic-looking websites or use common/weak passwords that can be easily guessed. However, it is not only users who can have their passwords compromised. Network devices and servers also have credentials that can be compromised, where one compromised server can allow machine-machine movement throughout the network. To help avoid this risk, make sure that effective password policies are in place to avoid weak/common passwords and usernames, and enable multi-factor authentication (MFA) to reduce the possibility of breaches. Malicious Insiders A malicious insider is usually an unhappy employee who aims to sabotage or damage the organization that they work for. This type of threat is particularly difficult to protect against as employees need access to critical systems and sensitive data in order to operate the business. An employee with bad intentions can potentially disrupt business operations with actions such as deleting critical data or backup or providing secret information to a competitor. To try to mitigate this threat, limit access to critical systems to a minimum number of employees, monitor data and network access, and keep frequent backups of critical infrastructure Phishing Emails & Ransomware Phishing is a tactic used by cybercriminals to gain access to users’ credentials, banking details or to convince users to download potentially malicious malware or ransomware onto their machines. Many phishing emails share common features, such as attention-grabbing offers and statements, portraying a sense of urgency, and unexpected attachments. Even attachments with familiar file types should not be clicked on unless the authenticity of the sender is known, as it may contain viruses like ransomware. Ransomware is a growing concern for SMBs. Not only is ransomware becoming more and more prevalent, but the ransom to be paid is increasing as well. There are numerous ways ransomware can infect a system, from phishing attacks that depend on user error to more targeted attacks that depend on exploiting vulnerabilities in a business’s network. In the fight against ransomware, it is important to keep operating systems and applications patched and up-to-date to minimize vulnerabilities—install proper antivirus software and implement a solution for business continuity to quickly failover in case of a ransomware attack. Focusing on Cyber Resilience It is almost impossible to eliminate these attack vectors completely. As user error is a large component of all these common threat vectors, cybersecurity measures alone are not enough. Implementing a proper cyber resilience strategy to quickly and effectively recover from attacks is the only way to ensure that your business does not become the victim of a cybercrime. Datto’s Unified Continuity solutions can enhance your cyber resilience strategy by providing point-in-time restores to quickly recover and minimize downtime from events like disasters, malicious insiders, and ransomware. Interested in learning more about our Cybersecurity solutions? Give us a call or shoot us a message here: https://boring.com/contact-us/ Source: Nina Novak, Datto Blog
Helpful Tips About Disaster Recovery
The Truth About Disasters They can happen to any business at any time and the downtime they cause is truly catastrophic, many of which never recover. The strength to avert disasters and effectively handle the ones that occur starts with knowledge. Downtime is Common 90% of companies experience some form of downtime, which may result in loss of data, security, productivity, and revenue. (Down) Time is Money An hour of downtime costs $8,000 for a small company, $74,000 for a medium company, and $700,000 for a large enterprise. Planning Ahead The most powerful and flexible disaster recovery plan is local virtualization for SMBs and enterprises with physical or virtual servers. Disastrous Situations Disasters that cause downtime may be a result of hardware failure, human error, software failure, or natural disaster. Recovery is Painful The average time it takes a business to recover from disaster is 18.5 hours, but 43% of companies never totally recover. What could happen? Disasters of all kinds cause downtime that is damaging to a business. Disaster planning must encompass disasters of all types and sizes: fires, floods, fraud, ransomware, cyber-attacks, power or IT system failure, human error, acts of terror, and other unthinkable scenarios. While the type of disaster varies, the impact is typical: data and operational downtime that is truly disastrous. The devastating effect of downtime caused by disaster include irreparable damage to data, reputation, customer relationships, income, and business vitality. The best offense is a good defense; you must protect your business by understanding your vulnerabilities, safeguarding against the risks, and preparing for the worst possible business disruption with a plan for business continuity and disaster recovery that will shield your data, protect your business, and keep your systems available and reliable no matter what happens. Solutions They can happen to any business at any time and the downtime they cause is truly catastrophic, many of which never recover. The strength to avert disasters and effectively handle the ones that occur starts with knowledge. Datto SIRIS Disaster Recovery as a Service (DRaaS) for local, virtual and cloud environments, within a single platform. SIRIS is the leading BCDR platform for businesses. Datto ALTO Datto ALTO is the only continuity solution designed specifically for small business. Using image-based backup and a hybrid cloud model, ALTO delivers enterprise-grade functionality at a small business price. Datto NAS Data backup, recovery and business continuity for local, virtual, and Cloud environments, within a single platform. Keep every file safe and accessible with Datto NAS. How can I protect my business? Your disaster recovery plan must ensure that your entire business infrastructure can be recovered within seconds. You need a holistic, integrated disaster recovery plan that is reliable, simple, and quick. DRaaS offers a disaster recovery plan that is visible, scalable, and affordable. Business-critical data, systems, desktops, servers, and the entire infrastructure must be protected and recoverable. With secure local virtualization solutions, if disaster strikes, your entire infrastructure (physical or virtual) is virtualized instantly, empowering you to continue your business operations without losing any data, incurring any damage, or experiencing any downtime. Get DRaaS With Datto Datto SIRIS Disaster Recovery as a Service (DRaaS) for local, virtual and cloud environments, within a single platform. SIRIS is the leading BCDR platform for businesses. Explore Datto SIRIS Datto ALTO Datto ALTO is the only continuity solution designed specifically for small business. Using image-based backup and a hybrid cloud model, ALTO delivers enterprise-grade functionality at a small business price. Explore Datto ALTO Datto NAS Disaster Recovery as a Service (DRaaS) for local, virtual and cloud environments, within a single platform. SIRIS is the leading BCDR platform for businesses. Explore Datto NAS Need help learning about preparing for a disaster? Give us a call and we’ll examine your existing systems and see what will work best for you. Lakeland office: (863) 686-3167 | Tampa office: (813) 289-8805 Source: Datto.com
Five Things Your Company Needs To Do Now To Prepare For A Hurricane
June 1 marks the official beginning of the Atlantic hurricane season. Most people do some prepping on a personal level but is your business ready? Here is a list of five things your company needs to do in June before the first storm heads our way. Establish a plan. If you have not already created a disaster plan, now is the time to get it done. This plan needs to include the various scenarios you might encounter should you be at ground zero. Some of the items you need on this plan include: Will you need to close and evacuate? How do you notify your staff and customers? Do you have an alternate location to operate your business should your building be without utilities or be inhabitable? How will you access company data such as customer or patient records? Check your backups. It is so easy to get complacent with backups. Whether you are backing up to media or backing up to the cloud, now is the time to evaluate it. Not only do you need to ensure you are getting proper backups, you also need to ensure you are backing up everything critical. More than once, we have helped a company recover a backup only to learn a critical directory or database was left out. If you are still backing up to media, you need to do a test restore to be sure the backup is valid. Develop a communications plan. If there are power outages, landline phones, and cell phones may not work. If your business is mission-critical, you need to ensure you have an alternative means of communication such as satellite phones. Texting is also a great means of communication after storms. When bandwidth is scarce, you might not be able to make a phone call, but you will likely be able to send texts. Create an emergency response team (ERT). It is good to define a skeleton crew that can carry out your disaster plan. You must develop clear roles and responsibilities for each team member. You must also ensure the team has contact information and instructions on how to proceed should they be unable to reach someone on the ERT. Once the storm passes, you should have the ERT contact your entire staff to ensure they are safe and do not have any immediate needs. Be sure to not only train this team but consider doing some role-play exercises to be sure everyone is on the same page. Secure your building(s). Before leaving for the storm, it is smart to walk through your building and unplug any mechanical or computer equipment to protect it from surges. You may also want to consider covering key equipment with plastic tarps or bags in case of moisture intrusion. Also, if you have confidential paper files or portable media, be sure these are stored in a locked cabinet or safe. Should your building become insecure, you want to know your data is safe. Depending on your location, you may also want to install hurricane shutters. If you have a generator, be sure you test that early in the season and insure you have fuel ready. This is by no means an exhaustive list but should give most small businesses a good start. If you would like help developing a comprehensive list, we’d love to help. Contact us for a free consultation.
What is Business Continuity & Disaster Recovery?
What Is Business Continuity? Business continuity is the process, policies, and procedures related to preparing for recovery or continuation of business infrastructure critical to an organization after a natural or human-induced disaster. Whether the business is small or a global enterprise you need to know how you can keep going under any circumstances. Business Continuity Vs Disaster Recovery Disaster recovery is a subset of business continuity. While business continuity involves planning for keeping all aspects of a business functioning in the midst of disruptive events, disaster recovery focuses on the IT or technology systems that support business functions. A Complete Disaster Recovery Solution A proper business continuity solution should proactively protect clients’ systems and data against disasters of all type. An MSP should offer a business continuity solution that can rescue businesses and get them back online within minutes of any of these disasters: Hardware and software failures Natural disasters Unintentional human error or malicious actions Ransomware and other cybersecurity threats What to Look for in a Business Continuity a Solution? Here are some more key things to consider when looking for a solution: Hybrid cloud backup: A hybrid approach fixes the vulnerabilities that a cloud-only or local-only possess. Superior RTO and RPO: Think in terms of business continuity rather than simply backup, and calculate how much downtime your business can endure and still survive (RTO) as well as how much data you can afford to lose (RPO). Image-based backup: Make sure that the backup solution takes images of all data and systems rather than simply copying the files. Interested in learning more about our Business Continuity & Disaster Recovery Solutions? Give us a call or shoot us a message here: https://boring.com/contact-us/ Source: Datto Blog
Are your credentials in the Dark Web?
Digital credentials are at risk 39% of adults in the U.S. use the same or very similar passwords for multiple online services, which increases to 47% for adults ages 18-29. Passwords are a twentieth-century solution to a twenty-first century problem. Unfortunately, usernames and passwords are all that stands between your employees and vital online services. A good security practice is to use a completely different password for every service. How are credentials compromised? Phishing – Send emails disguised as legitimate messages. Malvertising – Inject malware into legitimate online advertising networks. Watering Holes – Target a popular social media, corporate intranet. Web Attacks – Scan Internet-facing company assets for vulnerabilities. How does a hacker use credentials? Send spam from compromised email accounts. Deface web properties and host malicious content. Install malware on compromised systems. Compromise other accounts using the same credentials. Exfiltrate sensitive data (data breach) Identity theft Data is sold at auction For those who make credentials available on the Dark Web, the financial rewards can be significant. A criminal dealing in stolen credentials can make tens of thousands of dollars from buyers interested in purchasing them. And by selling those credentials to multiple buyers, organizations that experience a breach of credentials can easily be under digital assault from dozens or even hundreds of attackers. The numbers are staggering The average number of data records per company, including credentials, compromised during a data breach is 28,500! Protecting against compromise While there is always a risk that attackers will compromise a company’s systems through advanced attacks, the fact is that most data breaches exploit common vectors such as known vulnerabilities, unpatched systems and unaware employees. Only through defense in depth – implementing a suite of tools such as security monitoring, data leak prevention, multifactor authentication, improved security awareness and others – can organizations protect their credentials and other digital assets from seeping onto the Dark Web. We keep you out of the Dark Web Small businesses need Dark Web Monitoring for today’s cybersecurity risk. Protect your business and secure your assets. We make Dark Web Monitoring affordable enough for small businesses to take advantage of enterprise-level actionable intelligence. Contact us to learn more about our Dark Web Monitoring services.
5 Common Social Engineering Scams
Social engineering scams have been going on for years and yet, we continue to fall for them every single day. This is due to the overwhelming lack of cybersecurity training available to the employees of organizations big and small. In an effort to spread awareness of this tactic and fight back, here is a quick overview of common social engineering scams. Managed service providers (MSPs) have an opportunity to educate their small and medium business clients to learn to identify these attacks, making avoiding threats like ransomware much easier. Phishing Phishing is a leading form of social engineering attack that is typically delivered in the form of an email, chat, web ad or website that has been designed to impersonate a real system, person, or organization. Phishing messages are crafted to deliver a sense of urgency or fear with the end goal of capturing an end user’s sensitive data. A phishing message might come from a bank, the government or a major corporation. The call to actions vary. Some ask the end user to “verify” their login information of an account and include a mocked-up login page complete with logos and branding to look legitimate. Some claim the end user is the “winner” of a grand prize or lottery and request access to a bank account in which to deliver the winnings. Some ask for charitable donations (and provide wiring instructions) after a natural disaster or tragedy. A successful attack often culminates in access to systems and lost data. Organizations of all sizes should consider backing up business-critical data with a business continuity and disaster recovery solution to recover from such situations. Baiting Baiting, similar to phishing, involves offering something enticing to an end user, in exchange for login information or private data. The “bait” comes in many forms, both digital, such as a music or movie download on a peer-to-peer site, and physical, such as a corporate branded flash drive labeled “Executive Salary Summary Q3” that is left out on a desk for an end user to find. Once the bait is downloaded or used, malicious software is delivered directly into the end users system and the hacker is able to get to work. Quid Pro Quo Similar to baiting, quid pro quo involves a hacker requesting the exchange of critical data or login credentials in exchange for a service. For example, an end user might receive a phone call from the hacker who, posed as a technology expert, offers free IT assistance or technology improvements in exchange for login credentials. Another common example is a hacker, posing as a researcher, asks for access to the company’s network as part of an experiment in exchange for $100. If an offer sounds too good to be true, it probably is quid pro quo. Piggybacking Piggybacking, also called tailgating, is when an unauthorized person physically follows an authorized person into a restricted corporate area or system. One tried-and-true method of piggybacking is when a hacker calls out to an employee to hold a door open for them as they’ve forgotten their ID card. Another method involves a person asking an employee to “borrow” his or her laptop for a few minutes, during which the criminal is able to quickly install malicious software. Pretexting Pretexting, the human equivalent of phishing, is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker or a figure of authority well known to an end user in order to gain access to login information. An example of this type of scam is an email to an employee from what appears to be the head of IT support or a chat message from an investigator who claims to be performing a corporate audit. Pretexting is highly effective as it reduces human defenses to phishing by creating the expectation that something is legitimate and safe to interact with. Pretexting emails are particularly successful in gaining access to passwords and business data as impersonators can seem legitimate, so it’s important to have a third-party backup provider. For all employees to be aware of the various forms of social engineering is essential for ensuring corporate cybersecurity. If users know the main characteristics of these attacks, it’s much more likely they can avoid falling for them. Aside from education and awareness, there are other ways to reduce the risk of being hacked. Employees should be instructed not to open emails or click links from unknown sources. Computers should never be shared with anyone, even for a moment. By default, all company desktops, laptops, and mobile devices should automatically lock when left idle for longer than five minutes (or less). Lastly, ensure your business is prepared to quickly recover from this kind of attack in case an employee does fall victim to one of these schemes. Humans are humans after all. By leveraging a solid backup and recovery solution, everyone can rest easy. Source: Datto.com, Courtney Heinbach
Humans And Cybersecurity Practices
Based on a comprehensive survey of 5,000 IT managers across 26 countries, Cybersecurity: The Human Challenge provides brand new insights into the state of cybersecurity skills and resources across the globe. It reveals the realities facing IT teams when it comes to the human-led delivery of cybersecurity, and explores how organizations are responding to the skills challenges they face. The study also exposes unique insights into the relationship between an organization falling victim to ransomware and their day-to-day cybersecurity practices. Key findings IT teams are showing progress in many battles IT teams are on top of patching. Three-quarters of IT teams apply patches to desktops, servers, applications, and internet-facing assets within a week of release. Servers and internet-facing assets are patched most quickly, with 39% of respondents patching them within 24 hours. Prevention is prioritized. On average, IT teams dedicate nearly half their time (45%) to prevention. After that, 30% of time is spent on detection and the remaining 25% is spent on response. IT managers are keeping up to date with cybersecurity. The majority (72%) say that they and their teams are up to date with or ahead of cybersecurity threats. Just 11% think they are significantly behind. Improving cybersecurity requires people – who are in short supply There is an urgent need for human-led threat hunting. Forty-eight percent of respondents have already incorporated human-led threat hunts in their security procedures and a further 48% plan to implement them within a year. The cybersecurity skills shortage is directly implementing protection. Over a quarter (27%) of managers said their ability to find and retain skilled IT security professionals is the single biggest challenge to their ability to deliver IT security, while 54% say it is a major challenge. Organizations are changing the ways they deliver security Improving operational efficiency is a key priority. Four in ten (39%) respondents said that improving operational efficiency and scalability is one of their biggest priorities for the IT team this year. Outsourcing IT security is rising fast. Currently, 65% outsource some or all of their IT security efforts. This is set to rise to 72% by 2022. The percentage of organizations that exclusively uses in-house staffing will drop from 34% to 26%. Ransomware victims display different behaviors and attitudes than those who haven’t been hit Ransomware victims are more exposed to infection from third parties. Twenty-nine percent of organizations hit by ransomware in the last year allow five or more suppliers to connect directly to their network – compared to just 13% for those that weren’t hit. Ransomware damages professional confidence. IT managers whose organizations were hit by ransomware are nearly three times as likely to feel “significantly behind” on cyberthreats than those that weren’t (17% vs. 6%). Being hit accelerates implementation of human-led threat hunting. Forty-three percent of ransomware victims plan to implement human-led hunting within six months, compared to 33% for those that didn’t suffer an attack. Victims have learned the importance of skilled security professionals. More than one-third (35%) of ransomware victims said recruiting and retaining skilled IT security professionals is their single biggest challenge when it comes to cybersecurity, compared to just 19% who hadn’t been hit. Download the full PDF report for more findings, including results for each of the 26 countries surveyed. About the survey Sophos commissioned specialist research house Vanson Bourne to survey 5,000 IT managers during January and February 2020. Sophos had no role in the selection of respondents and all responses were provided anonymously. Respondents came from 26 countries across six continents: Australia, Belgium, Brazil, Canada, China, Colombia, Czech Republic, France, Germany, India, Italy, Japan, Malaysia, Mexico, the Netherlands, Nigeria, the Philippines, Poland, Singapore, South Africa, Spain, Sweden, Turkey, UAE, the UK, and the US. Fifty percent of respondents were from organizations of between 100 and 1,000 employees, and 50% were from organizations of between 1,001 and 5,000 employees. Respondents came from a range of sectors, both public and private. Source: Sophos.com, Sally Adam
Break-Fix vs. Managed Services IT Support
In recent years, managed services has become the go-to model of IT management, offering a number of key advantages over the older break-fix model. For companies looking for a more effective and affordable approach to IT management, managed services certainly has a lot to offer. Below, we’ll take a look at the key differences between these two models of IT management in order to help you determine which one is right for your company. The Benefits of Managed Services over Break-Fix IT Management For many years, break-fix was really the only model of IT support that companies were able to purchase. Under this model, the company would have to wait until a piece of hardware or software malfunctioned before they were able to call in an IT service to fix it, hence the name “break-fix”. With managed services, though, companies are able to take a much more proactive approach to IT management. Rather than paying for costly repairs every time something breaks down, managed services enables companies to pay a monthly fee for ongoing IT management and support. The benefits of this new model are numerous. First and most important, the managed services model allows companies to actively prevent IT issues rather than just responding to them as they happen. This helps companies avoid the costly downtime that IT issues can cause as well as often times avoid the cost of repairs. The managed services model is also a much more comprehensive approach to IT management. Under the break-fix model, IT service providers have no real incentive to invest in network management tools, no real incentive to make your network as stable as possible, and even no real incentive to protect your network against future issues. After all, every time there’s a problem, they make money. With managed services, though, this is not the case, as managed services providers are paid a monthly fee to offer comprehensive IT support that remains the same regardless of how many issues they must repair. Taking Advantage of Managed Services The proactive approach of managed services, the fact that managed services providers are incentivized to keep your network operating as best as possible, and several other key benefits make managed services the go-to model of IT management for most companies. If you would like to learn more about how we are able to help you and your company take advantage of all the benefits that managed services has to offer, we invite you to contact us today. Boring Business Systems is a managed service provider in Tampa, Lakeland, and surrounding areas.
2020 Cybersecurity Resolutions – Cybersecurity Tips
You’ve probably decided on your New Year’s resolutions at this point. Maybe you’re one of those who simply chooses a word to define your year. But what about your business? You’ve likely considered your revenue goals, but have you considered how you’re going to protect your business in 2020? There is a magical word – prevention. Here are eight cybersecurity actions you should take to protect your business in 2020. Identify your risks: If you don’t know where your risk lies, then you cannot take the steps to mitigate them. Go back to the basics. Consider what devices, processes or gaps your company might have. Review and test your backups: It is essential for every business to have a good backup strategy. Even if you fall victim to a ransomware attack, if you have a good backup, you can roll back and get back to business. You need to think ahead and consider all the critical data and ensure you are getting frequent backups should you have a breach. For example, if you’re only backing up weekly on Fridays and you have a breach on a Thursday, you’ve lost up to six days of data. Combine this with an event like a month-end or fiscal year-end and now you’re really in trouble. Install Anti-Virus / Malware Protection Software: You need to ensure you have a reputable and fully updated version of malware protection software on every device in your organization. Be sure that it is fully licensed and that it’s updating as it should. You should implement systems to alert you if a device is out of compliance. Train your Employees: Your employees are your weakest link. You should implement ongoing training for your staff. Be sure your users know the basics like how to spot fake URLs and attachments. Staff at all levels need to be adequately educated from the C-suite down. You’d be surprised how often executives skip this training then wind up being the target. Secure your infrastructure: In many small businesses, this is often a challenge because the budget does not allow for a full-time IT staff person that is adequately trained in all the needed disciplines. You need to ensure your servers, routers, switches and all network devices are secure. If you don’t have the staff to do this, this is where a managed service provider can really help your company. Implement Multi-Factor Authentication (MFA): Going back to number four above, your employees are your weakest link and inevitably some of those employees will have weak passwords or worse yet, share those passwords. By enforcing MFA, you can help minimize this risk. Identify your threats and make a plan: It’s important for a company to determine all its risks. Whether it be those bring your own devices or outdated software. Even if you have a known risk that you just can’t get around, by identifying it you can at least put systems in place to reduce the risk. Not only do you need to consider prevention, but you need to know what you will do in case of a breach or malware attack. Be sure you have a disaster recovery plan in place and key personnel who know how to execute it. Measure and report: Many times, a company goes through the steps above but then files it away in a drawer never to revisit the plan. You should regularly look at key security metrics. Then at least annually, you should review your disaster recovery plan to ensure it’s still relevant. You should also consider penetration testing. This is simply the act of figuring out what could a hacker do to harm your business in a real-world scenario. This will give you peace of mind in identifying your weaknesses. It’s much better that you find through penetration testing before a hacker finds your deficiency. If these tips have you feeling a little uneasy about your company security, Boring Business Systems would be happy to meet with you and help you get into compliance. Boring is a Managed Services Provider in Tampa and Lakeland and also a cybersecurity company. Contact us today for a free consultation.
