October is Cybersecurity Awareness Month and there is nothing scarier than thinking your business is protected, while in reality there are vulnerabilities that could have been prevented. But let’s start by defining what Cybersecurity means, how the landscape has changed in 2020, and some tools needed to monitor and protect you and your employees.
Plan, Detect, Respond
According to a recent study, over 60% of small to medium sized businesses adjusted their IT security policies due to the Covid-19 pandemic. Important measures like remote access and updating privacy policies. It’s certain that more secure environments are not just for enterprise-level organizations and businesses of all sizes are being forced to move quickly to up their security game.
Healthcare systems and hospitals are some of the more recent sectors to see large-scale attacks. It was reported on October 29, that extremely forceful and harmful ransomware attacks had been reported against some of the nation’s largest hospital systems. The U.S. Cybersecurity and Infrastructure agency warned of “an imminent and increased cybercrime threat to U.S. hospitals and healthcare providers.” (source) These attacks are the largest reported and have been increasing since the start of the global pandemic earlier this year, leaving millions of Americans sensitive healthcare data at very serious risk.
Protecting your business, regardless of the industry, needs a layered approach to ensure all bases are covered. Like any other piece of strategy, you must first formulate a plan. How will you protect your most sensitive data? Where is this sensitive data and how much is accessible to internal and external parties?
According to a Ponemon report from this year, a breach can cost an enterprise up to $1.4 million per incident. Organizations need resilient prevention against the most advanced cyberattacks – known and unknown – to effectively prevent viruses and malware. What’s more, this level of protection is needed for every endpoint, server, mobile device, network and operating system. Threat protection must ensure that attacks are identified and blocked before any damage can be caused.(source)
Do your end-users know how to best respond to a critical error or breach? Having a network monitoring system in place helps lay a foundation for your plan, and can also allow for faster responses to issues. But the monitoring tools won’t be enough to respond to the breach after security has been restored. We recommend the following steps be taken after to help protect our business’ reputation and further your future strategies:
Restore your data
- Identify what data has been lost and the impact of losing that data
- Successfully continue operations
- Communicate the incident with key stakeholders
- Ensure compliance with applicable laws
- Report the breach to appropriate agencies
Covid-19 Poses New Cybersecurity Concerns
CIOs and technology executives have long been expecting a work from home revolution but this year’s Covid-19 pandemic has ushered in the boom even sooner than expected, leaving many businesses of all sizes vulnerable to attacks. Sending the workforce out to be able to “remote-in”, collaborate, and work from anywhere can be seen as a benefit during these challenging times, but it is also quite the stressor on infrastructure. Tools like Zoom and other meeting software were not initially prepared to handle the security needs of most companies. (Read more about some recent changes to Zoom’s security protocols here). Outside of tools needed for your employees to communicate, how else should you be enforcing a more secure workplace, regardless of where your team is working?
- Multi-factor Authentication
- Multi-factor authentication goes beyond just a password for login but offers you a way for users to log in with a second form of identification like a token or key, after the credentials have been verified. It’s important to have a universal authenticator setup so that all employees will be using the same methods to log in, allowing your security and information teams to track logins across devices, and prevent logins when the incorrect tokens are used.
- Providing all remote staff access to a virtual private network (VPN) is a great way to help protect your most sensitive data and resources. This allows employees to login to a company network to access tools, rather than use their own home networks.
- DNS-level security
- As employees visit websites, a cloud service can block malicious domains, IP addresses, and cloud applications—before the connection is established. DNS-level protection helps prevent malware, phishing, and ransomware.
Cybersecurity is a crucial part of any business strategy throughout the year. As our tech landscape continues to change, and systems get more sensitive to malicious attacks, it is important that you plan, protect, and monitor. Working with a trusted managed services provider can help you implement and monitor these important protocols. Read more about the risks to your company’s sensitive data in this infosheet and contact us for a free preliminary Dark Web Scan.