We recently hosted a Lunch & Learn on Ransomware, which has become one of the most widespread and potentially damaging cyber security threats that companies face today. Attendees agreed that the growing sophistication and (unfortunately) the success of Ransomware attacks was eye-opening.
But Ransomware is really just the tip of the iceberg when it comes to overall Cyber Security. The reality is that threats come in many forms, and we must all use a multi-layered approach to defending against them. Some of these include:
Controlling Physical Access. You should make sure you restrict access to your hardware and network devices (like servers, switches and firewalls). I can’t begin to count how many times we have found server closets unlocked and available to anyone who felt like walking in.
Controlling Network Access. Doing this right means employing a combination of systems (like Microsoft’s Active Directory) and policies (like requiring strong passwords and automatic logoff after a period of inactivity). And a Guest Wi-Fi system should be in place to prevent outsiders from gaining access to your network backbone.
Network Security. Business-grade systems need to be in place. These include anti-virus and malware monitoring software system, ransomware monitoring software, and a real, business-grade firewall.
By the way, if you’re wondering what a firewall really does, it monitors and controls the traffic on your business network – both incoming and outgoing – based on predetermined security rules that are defined uniquely for your organization. The firewall establishes a barrier between your trusted internal network and the outside world (think Internet). A firewall does much more, but the important thing is that, without one, it’s like leaving the front door of your house unlocked while away all day.
User Education. Help your employees understand the common methods that hackers use to gain access to their workstations and to your business systems. These include:
- Spoofing, in which communication is sent from an unknown source but is disguised to look like a source known to the receiver. This happens often in e-mail, with the “From field” appearing as if it’s from someone you know.
- Phishing, which is the attempt to get to sensitive information (like user names, passwords, and credit card details) directly from you. Phishing is typically carried out by e-mail spoofing, directing users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
To make matters worse, security keeps getting more and more complicated, with our increasing reliance on Wi-Fi, Bluetooth and the growth of “smart” devices, from smartphones, to televisions, and onward to the millions of devices (like thermostats, refrigerators and washing machines) that are now part of the Internet of Things.
So… what should you do?
First, I recommend you engage an IT Managed Services Provider (MSP) to perform a periodic information technology Security Assessment. A security assessment determines the degree to which information system security controls are correctly implemented, whether they are operating as intended, and whether they are producing the desired level of security.
Performed at the same time should be a Vulnerability Assessment that identifies the weaknesses inherent in your information systems that could be exploited, leading to information system breach. The deliverables here should include both the results of the testing (assessment) and recommendations for remediation.
Next (and admittedly I am highly biased here) you should engage the MSP to work with you to prioritize the recommendations and provide the necessary network security and access controls to plug any identified cyber security gaps, putting in place proactive monitoring and management of your network infrastructure. This proactive monitoring detects and provides the opportunity to correct most problems before they cause significant impact on your business.
Want to talk more about your organization’s cyber security? I’d love to hear from you. You can reach me at 973-944-5000, x1002.
About The Author
Evan Berk is Managing Partner at Certus Technologies, an IT Managed and Cloud Services firm that specializes in helping clients dramatically improve their business productivity.
Evan is passionate about simplifying and demystifying complex Information Technology systems and believes that the best IT systems should make our lives easier and more productive, both in the workplace and at home. He can be contacted at EBerk@CertusTechnologies.com or at 973-944-5000.