What are the Basics of Cyber Security?
What is the bare minimum I should do to protect my business, employee and customer data? That’s a great question! Although cyber security is a hot topic these days, which brings with it all sorts of new and complex strategies, there are common threads across the spectrum that every business should be doing. The bare minimum* that we would recommend to anyone wishing to protect themselves against the most common cyber threats (phishing, ransomware, malware, etc) is as follows.
- A supported operating system with the latest updates installed
- Any device used to access your data should be updated on a regular basis. If automatic updates can’t be turned on because it might break one of your business applications, then a set schedule should be created and followed to ensure these devices will be protected from the most known threats.
- AntiVirus/AntiMalware software installed
- We’ve all heard of it, and there are a dozens of options for this out there. This is a basic front line defense to both prevent and detect malicious software from being installed and affecting your servers and workstations. Malicious software can slow down performance, steal personal information, encrypt/delete files, or use your computer to attack others. Antivirus won’t protect you from everything, but it will at least protect you from older and more common threats.
- A web filter
- This is like a babysitter for your employees browsing the web inside your network. The filter knows what the worst websites are out there and blocks them in real time. As long as this service is running, your users won’t be able to access the really bad stuff through their browser, whether they were intentionally seeking access to something inappropriate or not.
- An email filter
- This is the similar to the web filter but for email. The filter knows the worst attachments which are common viruses and blocks your users from opening them. It also knows the worst links in the email and checks the link before your user can click on it. It knows the common spammers out there (and their strategies) and keeps them from getting into your employee’s Inbox.
- A firewall
- Firewalls are network security devices which were typically located in your building but are now available ‘virtually’ for cloud applications as well. They create a barrier between your internal network and the internet. Firewalls are configured with rules to allow the good traffic inside your network and keep the bad traffic out of your network. Features include the ability to look at network traffic and block common threats, as well as filter bad websites from being accessed by your users. New threats are continuously appearing on the web, therefore a well designed firewall is being updated 24/7 to block such threats from accessing your network.
- Daily offsite backups of key business data
- A backup is critical because even the best protection may not work if a sophisticated hacker has infiltrated your network. Some of the hackers out there can gain access to a network in less than a minute. It would be virtually impossible to respond to all perceivable threats quickly enough. If an attack ever happened to you, a good backup is your last line of defense. You can tell those ransomware thieves to get lost when you are able to restore from yesterday’s backup after they’ve locked you out of your data. This is the last line of defense but absolutely one of the most important.
- Annual penetration testing
- Penetration testing is done by a specialized company who attempts to gain access to your network and applications to show you where you are most vulnerable to an attack. They find the open ports on your firewall, discover which systems haven’t been updated in a while, and can even perform social engineering whereby phishing emails are sent to employees (who are not alerted beforehand) to see if they can be fooled into a legitimate phishing attack. Typically, this is done on an annual basis and gives you the information necessary to determine where your vulnerabilities lie.
- Employee training
- Most employees don’t realize how easily a good phishing email can fool them. Training is essential to raise their awareness of the problem and help them to think twice before giving the hackers sensitive information. It could be an email from the company’s CEO asking them to send money to a vendor, or an email from IT support asking for their password for their records. Too many well-meaning people will comply with this without thinking twice. We’ve seen this happen with our clients first hand! A good training program for your current staff, as well as training for new employees, is an investment worth making in today’s environment.
- Forced Dual Factor Authentication with Unique Passwords
- Having unique passwords means not using the same password for multiple applications or websites. The reason for this is you don’t want Steve in accounting to have his LinkedIn account hacked, and the same email and password is used for his login to Sharepoint. Suddenly a hack your company could do nothing about (his LinkedIn), has spilled over into a major business cyber security risk. Unique passwords mitigate this risk by containing the threat to only the application or website that was breached.
- Here at Unicom we have services which tell us which of our client’s emails and passwords have been leaked out onto the dark web. You wouldn’t believe how common it is for your employee’s passwords to be floating around out there on the web. We get reports on this every day! Most business applications have dual factor authentication (getting a text message with a code to login or using an app like Google Authenticator to login) available but not all of them require you to use it. Dual Factor Authentication is the #1 prevention from giving someone access to your account. Even if one of your users has their login and password leaked, without the secondary code the hacker can’t gain access to your systems. Whenever possible, require all users on all applications to setup dual factor authentication to make it as difficult as possible for a hacker to breach your security measures.
We will dive deeper into each one of these products and services in subsequent posts.
*For companies sensitive to compliance regulations (banks with the FDIC, healthcare with HIPAA, etc) or under threat of foreign intellectual property theft, the ‘bare minimum’ is a bit more involved. These companies would consider the following as essential basics for their cyber security concerns:
- Security Operations Center (SOC)
- Many businesses have heard of a Network Operations Center (NOC), whereby a centralized group of dedicated staff and specialized software monitor the network functions of the business (or many businesses) and proactively keep a network up and running smoothly. The Security Operations Center does the same function but on the security side. SOCs are designed to proactively monitor the network for security risks and provide immediate notification of security-related issues. Software is monitoring the traffic flowing through a business’s networks and devices, and anything out of the ordinary is flagged whereby an automated process to stop potential threats is invoked. Employees at the SOC are alerted to the threat and determine if it is legitimate. Verified threats are contained and mitigated. A post-incident review is delivered to stakeholders giving recommendations to prevent similar issues in the future.
- Dark Web Monitoring
- Whether it’s Steve in accounting or the CEO, employee credentials in the hands of the wrong people pose a major risk to your business. Dark Web Monitoring is a service which continuously scans hacker websites (the ‘dark web’), searching for registered domains and login credentials for a company’s emails and passwords. Specific administrators at the company are notified when the credentials are leaked out onto the web, and can reset passwords immediately while also notifying the employee of the incident.