Today’s businesses need to be prepared for threats of all kinds…that’s unfortunately just fact. Modern cyberattacks are not only getting more effective, they’re also able to be a lot less discerning about who they target. This creates exponentially more risk for businesses of all sizes. Let’s go over how you can develop a cybersecurity strategy that helps temper this risk a bit.
If you watch technology news, you might notice that there is one day out of every month that gets a lot of attention from the technology sector, and that day is what is called Patch Tuesday. This is the day each month when Microsoft issues all of their patches and security updates, and it’s important to know when this day falls each month—at least, for your IT team it is.
At first glance, cybersecurity might seem incredibly complicated and difficult to understand, but even a baseline understanding of some of the principles of cybersecurity can go a long way toward protecting your business. Let’s discuss some of the common-sense ways you can keep your business secure, even if you don’t have an internal IT department to ask for help from.
We’re not shy about sharing how important it is for a business to have comprehensive cybersecurity throughout its entire infrastructure. That’s why we wanted to share what some recent data has shown about the importance of having visibility into your infrastructure.
Spoiler alert: it’s really, really important.
Data backup is a critical process that every business that depends on their IT needs to have. If data is the lifeblood of your business, then you need to protect it. Your business most assuredly has data that, if lost, would put you back. Why risk it when a solution for this problem is a simple fix? You need data backup.
We figured it would be most appropriate to discuss the no-go option first, which would be to start monitoring your employees without their knowledge or consent. As you would imagine, this is the shadier side of the monitoring spectrum, and is actually illegal in most cases. Unless you have reason to believe an employee is actively acting out and are investigating them, you are not allowed to use monitoring software to keep an eye on your team without telling them.
You’ve got better things to do than organizing and prioritizing your emails manually. Granted, you’ll still need to respond to important emails, but most email clients have everything you need to set up a system that automatically parses and sorts emails based on a whole slew of different factors. It will take a little time, and likely a few rounds of adjustments to get your inbox to work the way you want it to, but we’re going to show you the tools that will help get you there.
By knowing the value of the data you hold, you will be able to properly prioritize how to protect it. Since IT experts have to create cybersecurity strategies based on how much harm can be done to your operational integrity and reputation, it’s good practice to know what assets hackers would be after if they were to breach your network defenses.
It’s true that there are a lot of businesses that rely on their workforce to show up every day. Many of these businesses were forced to shut down or operate at limited capacity during the pandemic but are just now getting up to speed. Outside of operations, there are a lot of administrative uses of technology, some of which involve protecting employee and customer information. Let’s get into some of the strategies that businesses can use to get the most out of their workforce at this time.
Your business’ backup can be viewed as an insurance policy, but if it isn’t secured, it could be just another piece of a string of errors that takes your business down. In order for your backup to be a reliable contingency, you need to protect it. In order to do that, we suggest using the 3-2-1 rule as a base. That is: three copies of your data, with two being stored and attached to your network, and one saved offsite.
The average employee comes to work and produces. This isn’t a problem until their lack of awareness of other matters hurts the company. Often met with “that isn’t my job”, it has to be explained that security concerns are a part of their job. Employees often can’t see how it is their responsibility, but since 90 percent of data breaches happen because of user negligence, it has to be explained that it could put the entire business in peril. Their cybersecurity efforts can literally save their jobs.
For such an… eventful… year, it started off with little anticipation of the events to come. Businesses had ample time to plan their 2020 technology budgets, but most (if not all) of these budgets were postponed (if not thrown out the proverbial window) with the spread of COVID-19.
Basically, your documentation should be a complete inventory of all the technology you have, first divided between your hardware and software solutions.
The COVID-19 pandemic is the first time many of us have had to deal with this level of threat, and now that businesses start to re-open in an attempt to stagnate a recessionary dive in the economy, there is a lot of ground to cover. Today, we go through the considerations you need to make, and the actions you need to take, to keep your business clear of COVID-19, and what steps to take if the virus makes its way into your business.
To put it bluntly, diversion. With so much attention rightly given to COVID-19 right now, there are many who are remaining in their homes as much as possible to try and prevent the pathogen from propagating. This approach makes the Internet even more important to so many people. Not only are many businesses operating remotely, many rely on support services and other online functions for their in-house processes. Otherwise, people who cannot work remotely are seeking ways to pass the time, turning to social media and other online services for that.
First on our list is the oldest kind of business security, the (sometimes literal) gun behind the counter that helps to dissuade potential attacks. It is only too easy to overlook the fact that data theft can be as simple as someone taking a hard drive, rather than hacking into it. Of course, we aren’t suggesting that all businesses should have an arsenal at the ready. Instead, technology provides assorted alternatives that should be implemented to deter attempted intrusion.
For this week’s tip, we’ll dig into this exact question.
Here’s the thing: with stay-at-home orders and other measures being put into place across the country, a lot of people aren’t as mobile as they once were. As a result, the mobile devices that would travel with them back and forth to the office have effectively become temporary desktops in their homes… and as such, are spending more time plugged in than not.
Let’s face it, your business’ cybersecurity starts and ends with your staff. They need simple, practical directions to follow or they simply won’t pay any mind to it. You don’t want to be the business that deals with significant turnover because security tasks are so demanding that their employees would rather work elsewhere. You will want to take the time to go through every part of your IT and brainstorm potential problems. You will address situations such as:
The first thing that you need to consider is that this thing won’t last forever. Most businesses, if they had no contingencies in place, or if they were forced to close by mandate, probably have been burning through cash for the past month. Those that haven’t are fortunate. Small business owners need to stay proactive during this period, altering their company’s remote work strategies if need be, and searching for low-interest loans to get them through this difficult process. Let’s get into some of the most useful tips on how to get your business through this disaster.
Imagine trying to access your computer (or your network as a whole), only to find yourself locked out and presented with a demand for payment in exchange for your files to be decrypted. This is precisely the scenario that ransomware puts its victims into, usually with a deadline to pay up under threat of the destruction of the encrypted files. If you’ve heard about Cryptolocker, WannaCry, or Petya, they are what we are referring to.
In 2019, a business was infected with ransomware once every 15 seconds, racking up a total of $11.5 million in total losses. Spam and phishing attacks were responsible for infecting 66 percent of affected companies, and in 2017, almost half of companies surveyed were affected by ransomware.
Denial of Service (DoS) attacks, and their more-popular offshoot, Distributed Denial of Service attacks are the most common form of cyberattack. Using automation, an attacker has resources batter a target with the aim of taking it down. The rise in Internet of Things-enabled devices now allows an attacker to take over these devices and turn them against a single webpage. Naturally, this takes the website down.
The biggest DDoS attack on record happened on March 5, 2018, but was fortunately unsuccessful in taking down the targeted ISP… despite clocking in at 1.7 TB/s. On average, one of these attacks costs somewhere between $20K-to-$40K each hour, or in other terms, just under the average American worker’s annual salary. In the UK, businesses lost £1 billion to cybercrime in 2019.
A Man-in-the-Middle attack compromises any communications between a business and their contact. Any and all data can be interfered with, allowing cybercriminals to have their way with personal data, business correspondence, or financial data that is transmitted. It can be intercepted, altered, or redirected, potentially causing more problems than can be counted. The worst part: because Man-in-the-Middle attacks are relatively easy to carry out, they are rising in popularity on a daily basis. They are most commonly used to extract information, whether personal or professional, that otherwise wouldn’t be available. This includes things like login credentials, banking information, or payment card data.
Okay, that wasn’t the worst part. The worst part is that the majority of servers are still vulnerable. As in, 2016 saw 95 percent of HTTPS servers still at risk.
Believe it or not, phishing attacks are ranked as the biggest threat to businesses out there today. Phishing is a kind of social engineering where an attacker will reach out to the victim through some format, from email to instant messaging and beyond, in order to gain access to a secure system by fooling their victim into erroneously trusting them. While phishing emails have been around the block a few times, today’s attacks have grown to be quite sophisticated.
Many statistics surrounding phishing emails demonstrate how effective this relatively simple attack has proved to be. Phishing is involved in 93 percent of all social engineering attacks, and was directly responsible for 70 percent of government network breaches. In the last 12 months, 64 percent of organizations had first-hand experience with phishing, notably, 82 percent of manufacturers. The aforementioned ransomware relies on phishing for 21 percent of its delivery. As recently as 2016, 30 percent of phishing messages were opened.
Abbreviating a structure query language injection, an SQL injection attack does what it says on the box - it injects malicious code into a target’s SQL servers and feeds the database information back to the attackers. While this is another “golden oldie” of an attack, web-based applications that call for database access have given new life to SQL injection attacks and allowed attackers to extract very valuable info.
It should then come as no surprise that 65 percent of all web application attacks are performed through SQL injections. So, if your organization draws information from a database for an application, you could easily be victimized to a significant degree. Even gamers need to be concerned, as 12 billion out of 55 billion detected SQL attacks that Akamai security experts found were leveled at the gaming community.
If only these other attacks meant that attackers didn’t have time to try anything else, but unfortunately, that isn’t the case. Malware attacks still rank among both the worst, and most common, attacks against businesses. Of course, there are many types to consider, including:
There are many ways for malware to be introduced into a system. Again, phishing messages can be responsible, but many attackers will use something called “droppers.” Droppers are specialized programs that will install a virus after bypassing cybersecurity solutions. Since there is nothing inherently malicious about the dropper, protections usually don’t flag them.
Fortunately, there are ways to protect your business’ resources, network, and infrastructure from the millions of different versions of these attacks - and you need them, as your business is actively targeted by these attacks. To learn more about putting these protections into place, reach out to the professionals at Coleman Technologies by calling (604) 513-9428.
Coleman Technologies has been serving the British Columbia area since 1999, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses. Our experience has allowed us to build and develop the infrastructure needed to keep our prices affordable and our clients up and running.
Get the Knowledge You Need to Make IT Decisions
Technology is constantly evolving, and keeping up can feel overwhelming. Whether you want to understand cybersecurity threats, explore automation, or learn how regulations like PCI DSS impact your business, we’ve made it easy to access clear, straightforward insights on key IT topics.
20178 96 Ave C400
Langley, British Columbia V1M 0B2
Mon to Fri 7:00am–5:00pm
