Cyber security is defined as “the application of technologies, processes, and controls to protect systems, networks, programs, devices and data from cyber-attacks. It aims to reduce the risk of cyber attacks and protect against the unauthorized exploitation of systems, networks and technologies.”
What does this mean? Is the off the shelf antivirus enough? Is the modem I received from my service provider enough? Short answer, no. Here’s why and what to consider with modern cyber security.
Cyber threats have evolved and continue to evolve daily. The typical off the shelf anti-virus program is no longer a complete solution for emerging threats. For example, advanced malwares hidden inside legitimate website ads or links. Massive exploitations of software using common programming libraries and techniques as Log4j did which also affected network equipment. Ransomware, which has been in the news recently. If you don’t have the proper systems in place, ransomware can down a business for days, weeks, or even months. Google data has also revealed a 350% surge in phishing websites during the pandemic.
All this together to show that it’s worth a review of your cyber security practices to ensure your information and your client’s information is always secure. However your IT is managed, this is a critical consideration as a cost of doing business and there are several tools to consider.
Having an Endpoint Detection & Response (EDR) tool replace traditional anti-virus only is a good first step. This newer type of protection uses artificial intelligence to watch a computer’ processes in the background. If the AI detects behavior that is typical of a virus, malware, or ransomware, it will quarantine it. This type of protection can even talk with other versions of itself at your office and learn from each other!
Another tool to consider is one that protects you and your team from yourselves. We all make mistakes. But a mis click, or phishing attempt can be convincing. Having a tool in place to filter known malicious sites (otherwise known as Content Filtering) is also a strong consideration. These services can be set up by your IT team or MSP to prevent anyone in your office from accidentally or intentionally accessing content they shouldn’t. It has the added benefit of also keeping team members more efficient by blocking entire content categories like social media.
A business class password and multi factor authentication tool is another crucial consideration. This is important no matter the size of your business or even personal use. Having a password manager, generator, and vault for you and your business is not only secure, but it can also increase efficiency. Many solutions have Windows or MacOS applications, browser extensions, and mobile applications. This tool would allow you to use much more complex passwords without having to remember it. Adding in an application based multi-factor authentication (sometimes referred to as two-factor or 2fa) is also important. Avoid the text message-based authentications as possible.
File sharing is another area to be conscience of. With many businesses having moved to the cloud or considering moving to the cloud and away from traditional file servers, its important to understand how a file share service keeps your data secure. Is your data always secure? “End to End encryption” or “Encryption in transit and at rest” are important terms to look for. Ensuring your data is always encrypted. There are other factors to consider when looking at a business class file share service. Again, protect you from yourself or your team members. Your service should allow easy control to who has access to what company data. It should also allow you to securely transfer a file or files via a password protected or limited time link. Transmitting data this way rather than attaching sensitive information over an email will make you much less prone to information falling into the wrong hands.
Lastly and just as important, your IT team should be actively managing your company network. This means that your network assets are being monitored and kept up to date. Without this, a network could be vulnerable to future threats like Log4j which was a huge exploit that made software and hardware alike vulnerable to threats.
As a business owner or manager, it’s important to have the right team in place for questions like these. Talk to your IT team about what you’re doing to protect your business and data from modern threats. It is an essential consideration for keeping your information secure and for continued growth.
Have a question? Schedule a time with me here!