Protect Your Business from a Cyber Attack With This 15-Point Cybersecurity Plan
Believe it or not, your business is a target of cyber-attack. Yes, your business.
If you use the internet in your business, or if you use email, then you are a target and you are at risk of ransomware or any other type of cybercrime.
If you are like most small business owners, you haven’t given much thought to the security of your computers and other IT systems in your business. You might think that you have an anti-virus and you are “protected”.
However, the days of relying only on a simple anti-virus (or even a very robust anti-virus) to protect you from all the evils out there are gone. Cybercrime of all sorts is so rampant all over the world that it has become larger than the empire of illegal drugs. Basically, if you or any part of your business is utilizing the internet or email, then your business is at risk of a cyberattack. Your business is at risk of a potential catastrophe.
If you want to give your business the best chance possible to be protected from a cyber attack, you need a layered approach to security. We’ve put together a 15-point checklist to help you establish a starting point for a well-rounded security plan. This will give you the best chance possible to protect your business against a cyber attack.
Start at the top of the list and then methodically add as many items as possible to protect your business. The more you’re able to implement, the more difficult you’ll make it for the criminals to break in and steal your money or your time or data.
AZCOMP Technologies is an IT solutions company that helps businesses with all their technology needs, including cybersecurity. Our number one goal is to help businesses get phenomenal results with the technology they use in their businesses. AZCOMP can help your business with any one of these 15 cybersecurity items and much more.
Here is the checklist of 15 points to help you establish a starting point for a well-rounded, comprehensive cybersecurity plan that will keep you and your company safe.
Let’s briefly walk through each of the 15 points:
Passwords are the first line of defense against cybercriminals. That’s why it’s so important to use strong passwords (or passphrases) that are at least 12 characters long and include a mixture of characters to make them complex.
Your strong passwords should be used for sensitive accounts such as your banking login, email, business applications, and CRM tool. You can use less complex passwords for other sites that aren’t as sensitive—for example, the login to your rewards app at your favorite taco shop.
Using the same password across multiple accounts is a big no-no. If hackers figure out your password from one site, they’ll try it on other sites too. This is called credential stuffing.
Password management is equally important. It is very possible that you have 20 or 50 or even 100 different sites that require a login with a password. If you’re doing what you’re supposed to do and have a unique password for each site, and each password is complex, it is unrealistic to think that you’ll be able to memorize each of those passwords.
If you can’t memorize them all then you’ll need to write them down. Don’t store them in a spreadsheet on your desktop! Don’t let your browser store your passwords either! Instead of that, get a good password manager tool. These password management apps are much more secure and easier to use than a spreadsheet or browser storage.
Anti-virus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses and other malicious software like worms, trojans, adware, and more.
Anti-virus software provides protection from known threats to your computer’s security based on their database of virus signatures. As new threats are discovered regularly by the anti-virus companies, it is important to make sure your anti-virus software is up to date so you can stay protected from new attacks.
Anti-virus software is designed to protect your computer, but these days, it’s not enough.
As cybercriminals become more sophisticated, they’ve developed a new breed of malware called ransomware that can’t be detected by anti-virus programs. Ransomware attacks are the most dangerous risks to your computer or network and need to be defended against.
To defend your business against ransomware attacks, add anti-ransomware software to your suite of security tools, and be sure to keep it up to date!
The term “update” is broad. It can refer to software updates, operating system updates, or even hardware updates.
Software updates are important to your digital safety and cyber security. These updates contain “patches” to known security vulnerabilities. If these updates are not installed, then you are leaving yourself open to exploitation.
Believe it or not, one of the hackers’ most effective ways of getting into a computer or a network is through computers that haven’t been updated or patched. Keeping your anti-virus, your anti-ransomware, your operating system, and many other software programs updated is more important than you realize!
Security awareness training programs address the human element of cyber risk, which is often a company’s biggest vulnerability. Most cybersecurity breaches happen because of user error, such as clicking on a malicious link or opening an attachment from an unknown sender.
Training programs for employees can be delivered in several ways, including in-person classes, online tutorials, and interactive simulations.
However you conduct your security awareness training, it is a must for staying safe online!
Number 6 – Intrusion Detection
Similar to a burglar alarm system, an intrusion detection system (IDS) is designed to detect intrusion attempts or misuse by insiders. An IDS also provides information that can be used to implement access controls and identify system vulnerabilities.
Each year, this type of security system for a network is becoming more important. Hackers are getting very good at sneaking around an anti-virus or anti-ransomware system, and then sneaking around in your system in the background while they set up a big attack. An IDS can identify that something suspicious is happening in the background.
Number 7 – Application Whitelisting
Application Whitelisting is software that is designed to stop anything from being installed on your computer without prior authorization.
Most of the time, when an attack is being carried out on your computer or network, a bad program has to get installed onto your computer or server. This application whitelisting software will prevent that bad program from being installed because it is not on the pre-approved list (the “whitelist”).
Number 8 – Web Gateway Security
The secure web gateway is a network security tool that acts as a barrier between the business’s internal network and the internet. It acts as a checkpoint to protect all inbound and outbound network traffic from unauthorized access, such as viruses and malware.
Secure web gateways may also be referred to as web security gateways or content filtering gateways.
Number 9 – Spam Email Protection
Spam filters are software designed to stop spam. It will make email more productive and help to keep inboxes clear of viruses.
Considering that a spam filter is a filter, that means someone must tell the spam filter what to filter out. The filters can look for suspicious email headers, text that contains profanity or other words used by spammers, images that appear to contain text but actually don’t, email attachments that contain executable files or scripts, senders who have been reported as spammers (called blacklists), recipients who aren’t known to the sender (called whitelists), and more
Number 10 – Virtual Private Network
A virtual private network (VPN) creates an encrypted tunnel between your computer and a VPN server. All your data is sent through this tunnel, so no one in between can see what you’re doing online because the data is encrypted. Not even your ISP can see what you do online with a VPN.
This is most important if anyone in your business is working out of the office and needs to access data on the office network. If you’re not using a VPN when working remotely, it makes it super easy for a hacker to infiltrate the office network.
Number 11 – Multi-Factor Authentication
Passwords are an essential part of staying cyber secure. But they’re not infallible. Cybercriminals can use various methods to guess, steal, and compromise your passwords.
Multi-factor authentication (MFA) offers a second layer of security. This means that you need two or more pieces of evidence to verify who you are to log into an account or device. In a lot of cases, the platform you are trying to access will send you a text message with an expiring 6-digit code, or you’ll have to open an app that has an expiring code that is connected to your account.
Once you complete this extra step, you’ll be able to access your account or device as normal.
Number 12 – Encryption
Hard-drive encryption is one of many tools that can help protect your computer from cyber-attacks. It helps prevent unauthorized access to the data stored on a hard drive by encrypting the files and folders.
The primary benefit of hard-drive encryption is that it provides a layer of security against hackers and other online threats. It does this by preventing unauthorized persons from accessing data.
If you are in healthcare, this is a must on all your devices. If you carry a laptop around, this is a must for your laptop.
Number 13 – Security Operations Center
Security operations centers (SOCs) are now a necessity in large, mid-tier, and small businesses. The primary purpose of a SOC is to analyze data and activity happening on a network, detect the risks and then respond to the risks to prevent an intrusion or security event.
SOCs are comprised of skilled teams that use security automation and coordination tools to better detect cyber threats. These skilled professionals also use advanced analytics tools, such as machine learning and artificial intelligence (AI), to identify suspicious activity.
The data being analyzed at the SOC often comes from the Intrusion Detection System we highlighted in an earlier point.
Number 14 – Backups
Backing up your data and systems is a critical layer in the cybersecurity equation. It is the failsafe.
In the event that your other security systems fail, and you encounter a cyber attack, having an up-to-date backup copy of your data and systems and settings will be a lifesaver.
Number 15 – Security Assessment
A security assessment is a process of determining how well a network or computer system is protected against threats or attacks. Security assessments usually involve a combination of automated testing and manual vulnerability testing. The goal is to discover as many vulnerabilities as possible before an attacker knocks on your door.
The most important part of a security assessment is what is done after the assessment is conducted. After the assessment is completed, a list of vulnerabilities and weaknesses will be generated. That is the time to take action and shore up those weaknesses. The assessment is an opportunity to find the gaps in the defense system so you know where to improve.
If you use the internet or email in any way in your business, then the threat of cybercrime is never going to go away. Your business is a target of cybercriminals no matter how big or small you are. There is no way to know when an attack might happen, so staying vigilant and being aware of the threats is a must.
Keep in mind though that when it comes to cybersecurity, there is no such thing as 100 percent safety. The goal is simply to make it as difficult as possible for cybercriminals. You’ve worked incredibly hard to build your business, now it is time to work just as hard to protect what you’ve built. Don’t let the criminals grab data from your servers, steal money from your bank accounts, or shut your business down with ransomware. Use these 15 tips as your roadmap to building the foundation of your digital security plan to protect your investment.
Need Help Implementing Your Security Plan?
Depending on your skill level and the amount of time you’re willing to put into this, you might be able to do some of these things on your own. You might have a really savvy IT guy already helping you out too.
If you don’t want to do this on your own, and if you don’t have a capable IT partner, call AZCOMP! We can help implement any of these tips and more.