Prosource’s National Cyber Security Awareness Month (NCSAM) Campaign kicks off October 1 with the theme, “Can Your SMB Withstand a Cyber Attack? Tools You Need to Safeguard Against Cyber Attacks”. We have packed our inaugural week full of double (14) the cyber security tips and tricks.
The use of advanced tools has made SMBs easy targets for cyber criminals. It’s important to remain vigilant and take additional steps to protect your business against cyber attacks.
[You Might Also Like: Ebook - "Cyber Security Toolkit"]
Using only one security program will leave security flawed and devices at risk to other threats. Layered security refers to security systems that use multiple security programs to protect your computer. These security programs work together, providing a layered protection to keep your business safe from cyber attacks. Here are 14 cyber security tools that will help keep your SMB from today’s leading cyber attacks.
Tip #1: Conduct a Security Assessment
1 in 5 small businesses will suffer a cyber breach this year.[1]
When was your last security assessment? An unbiased, comprehensive review of your entire network will give you a clear, accurate picture of the health of your network, allowing you to protect your IT infrastructure from issues that may arise.
Tip #2: Install Proper Spam Email Filters
45% of all emails sent are spam.[2]
Ransomware attackers hide their malware in common attachments like text documents, invoices, faxes, etc., and an infection often starts with someone clicking on what appears to be an innocent email attachment. Most ransomware attacks originate in your email, so it’s important to secure your email and reduce exposure to attacks on your staff via email.
[You Might Also Like: Blog Article - "How to Spot Common Cyber Scams"]
Tip #3: Apply Password Security Policies on Your Network
81% of all breaches happen to SMBs.[3]
It’s important that your users create strong passwords as a first line of defense from scammers and hackers. Enable enhanced password policies such as password history limits, maximum age, minimum age, length, and complexity requirements.
Tip #4: Educate and Train Your Users on Cyber Security
In 2017, the average cost of a data breach in SMBs was $117,000.[4]
Most ransomware enters your network by a user clicking on a link in a phishing email. IT administrators play a more critical role than ever in educating users about the security risks they face. Training employees on cyber threats and what they should look for to avoid falling victim to an attack is the top component of a successful cyber security protection program.
[You Might Also Like: Blog Article - "Keeping Your Business Secure Starts with Educating Employees About Cyber Security"]
Tip #5: Deploy Multi-Factor Authentication to Increase Login Credential Security
81% of hacking-related breaches leverage stolen and/or weak passwords.[5]
Multi-factor authentication mitigates the ripple effect of compromised credentials by requiring additional evidence that confirms your identity. Utilizing multi-factor authentication wherever you can, such as on your network, banking websites, and social media, adds an additional layer of protection to ensure that even if your password is stolen, your data stays protected.
Tip #6: Protect Against File-less and Script Based Threats with Advanced Endpoint Detection and Response
7 out of 10 organizations report their endpoint security risk has increased significantly during the past 12 months.[6]
Any device, such as a smartphone, tablet, laptop, servers, workstations, and modems, provide an entry point for threats. File-less attack techniques are on the rise and current solutions aren’t stopping them. More than just antivirus, endpoint detection and response combined with enterprise grade antivirus provides a security operation center to monitor and remediate alerts.
[You Might Also Like: Blog Article - "How to Prevent Common Cyber Attacks"]
Tip #7: Update Your Software When Prompted
85% of all target attacks can be prevented by applying a security patch.[7]
Most ransomware attacks exploit security vulnerabilities that have already been resolved through a patch or security update. Skipping software updates is a mistake that makes it easier for hackers to access your information. Since updates include security fixes, it’s important to install updates whenever you are prompted.
Tip #8: Get Familiar with the Dark Web
57% of classified contents on the dark web host illicit material.[8]
The dark web is a collection of websites that exist on an encrypted network. It isn’t visible to search engines and requires the use of an anonymizing browser called Tor to be accessed. You can buy credit card numbers, guns, counterfeit money, stolen subscription credentials, hacked Netflix accounts, and software that helps you break into other people’s computers. Knowing what passwords and accounts have been posted on the Dark Web will allow you to be proactive in preventing data breaches.
Tip #9: Discover Hackers During the Breach, Not After with SIEM
97% of breaches could have been prevented with today’s technology.[9]
Security Incident & Event Management (SIEM) collects and aggregates log data generated throughout a business’s technology infrastructure, from host systems and applications to network and security devices such as firewalls and antivirus filters. This helps protect against advanced threats, allowing you to uncover hackers during the breach rather than days, weeks, or months later.
[You Might Also Like: Blog Article - "Layered Security Key to SMB Cyber Protection"]
Tip #10: Protect Data Stored on Mobile Devices
One laptop is stolen every 53 seconds, and 80% of the cost of a lost laptop is from a data breach.[10]
Over 50% of business PCs are mobile, and the increase in Internet of Things (IoT) devices poses new challenges for network security. Mobile device security fully protects data on portable devices, such as smartphones, tablets, and personal computers and the network connected to the devices.
Tip #11: Enable Enhanced Firewall Security
54% of companies experienced one or more successful attacks that compromised data and/or IT infrastructure.[11]
Turning on Intrusion Detection and Intrusion Prevention features, as well as sending log files to a managed SIEM will help you uncover intrusions such as exploitation attacks or compromised endpoint devices.
Tip #12: Keep Unsecured Traffic from Entering Your Network with Web Gateway Security
64% of SMBs have experienced web-based attacks.[12]
Web gateway security protects users from accessing and being infected by malicious Web traffic, websites, viruses, and malware. This cloud-based security detects web and email threats as they emerge and blocks them on your network within seconds – before they reach the user.
Tip #13: Make Your Data Unreadable and Unusable with Encryption
43% of organizations now have a consistent, enterprise-wide encryption strategy.[13]
Encrypting your files at rest, in motion (email), and on mobile devices keeps sensitive information protected. By encrypting your files, your data will be unreadable and unusable until a password is provided.
[You Might Also Like: Blog Article - "5 Types of Social Engineering Scams"]
Tip #14: Backup Your Data Frequently, in Multiple Locations
On average, small companies lose over $100,000 per ransomware incident due to downtime.[14]
When it comes to preparing for a disaster, you can never be too careful or prepared. Backup your data locally and in the cloud frequently, and have an offline backup run every month. Be sure to test your backups to make sure they are working properly.
Check back next week for week 2 of Prosource’s NSCAM tips and tricks: “How Does the Mind of a Cyber Criminal Work? Understand How Cyber Criminals Plan Attacks”.
About Prosource NCSAM: As declared by the U.S. Department of Homeland Security and the National Cyber Security Alliance, October is National Cyber Security Awareness Month (NCSAM). The cyber security experts at Prosource created their own version of NCSAM to help SMBs across the United States increase their understanding of common strategies used by cyber criminals and ways to keep their SMBs protected against cyber attacks.
Every Monday in October we’ll send out an email with the week’s 7 cyber security tips and tricks to help your business become more vigilant against cyber threats. You can also check our Facebook, LinkedIn, and Twitter pages for daily tips and tricks. To sign up to receive our weekly emails, click here.
[1] Carvir [2] https://www.spamlaws.com/spam-stats.html [3] Carvir [4] https://www.csoonline.com/article/3227065/security/cyber-attacks-cost-us-enterprises-13-million-on-average-in-2017.html [5] https://www.pingidentity.com/en/company/blog/2017/08/07/what_is_multi-factor_authentication_mfa.html [6] https://www.barkly.com/2017-endpoint-security-statistics-infographic [7] https://www.zdnet.com/article/in-patches-we-trust-why-software-updates-have-to-get-better/ [8] https://www.csoonline.com/article/3249765/data-breach/what-is-the-dark-web-how-to-access-it-and-what-youll-find.html [9] Carvir [10] http://www.channelpronetwork.com/article/mobile-device-security-startling-statistics-data-loss-and-data-breaches [11] https://blog.barkly.com/2018-cybersecurity-statistics [12] https://www.cybintsolutions.com/cyber-security-facts-stats/ [13] https://www.thalesesecurity.com/2018/global-encryption-trends-study [14] https://money.cnn.com/2017/07/27/technology/business/ransomware-malwarebytes/index.html