Recent Posts

Categories

IT 911

As a small business, it is easy to fall into the mind set of – I am too small to be a target. But on the contrary, small businesses often don’t have the security in place and become an easy target. This is why 80% of all cyberattacks are against small business. You don’t have to be an easy target and it does not have to cost you a fortune. Here are some best practices you can implement to mitigate risks of becoming a victim.

Cybercriminals are here to stay! So, you want to Protect Your business. Here are some best practices to follow in cybersecurity.

Use Multi-factor authentication (MFA)

Multi-factor authentication requires users to use multiple ways to login, not just a username and password. They have receive a text, use an application like Microsoft Authenticator, LastPass or Authy, to approve their sign ins, or receive code to a secondary email address.

Microsoft and Google giants have been pushing for biometrics logins, which can be accomplished with right MFA application or service. So instead of remembering a username and password, it is all set up with a finger print or face recognition.

You can couple Single Sign On (SSO) with your MFA, to make it easier on users so they only have to login once and it logs them into all of their applications.

Good Passwords Practices

Too many users are compromised because they use the same; simple password across multiple accounts. It is important to use unique, strong passwords across applications. While this may seem impossible incorporating a password manager makes this easy. In addition, it can add a bio-metric check in, like a fingerprint or face recognition.

Train Your Employees

How can you expect your employees to know what to look for or what your security policies are. While phishing has been one of the biggest problems lately, running phishing simulations and training on what users to look for, can prevent them from falling a victim.

Run Regular Scans & Risk Assessments

There are constantly new vulnerabilities that come up and let’s be real, humans make mistakes. To stay on top of them, running regular vulnerability scans can help you identify the holes and allow you to remediate them. Regular Risk Assessments will make you aware of new risks to help you prevent and react to them.

Audit Access & Logins

Controlling access with the least permission access required is a fundamental of securing your data. With the less people who can access something, the less risk there is. However, auditing these settings and logins, can prevent old users out there, minimizing risks. In addition, it can also help you identify when, where, and how users are logging it to ensure they are legitimate.

Use a Logging Services (SEIM)

Security Event and Incident Management monitors and alerts on security logs generated by devices, including Cloud applications. This allows for real-time analysis and alerting to allow you to quickly identify and stop a threat and stop.

Be Sure to Stay Patched & Up-to-date

Once a vulnerability is known, it is open season for anyone who is not patched for hackers. So, it is important to keep your Operating Systems and Software patched and up to date as quickly as possible.

Use Anti-Virus and Anti Malware Software

Having Anti-Virus and Anti-Malware software may seem like a no brainer, but it is a must. Whether just visiting a website or opening an malicious email, malware and viruses can be downloaded unforeseen to you and reek havoc. This is your last line of defense in protecting your devices.

Use Filtering Services

Filtering services such as Email Filters & Internet Filters will not allow your computer to receive unwanted emails or go to unwanted websites. That includes if there is something on your system that tries to talk to a malicious website behind the scenes. So, stop the attackers at the edge and prevent them from possibly even getting to your network.

Manage & Implement an Incident Respond Plan

Knowing your risk is half the battle. If you have a team who is aware of the threats or how they will handle them you will be able to more quickly identify, prevent, respond, and recover from a cyber incident. A big part of implementing an Incident response plan, is testing it an updating it on a regular basis. This allows your team to know what to look for and how they will respond.

Office Incident Response

Data Encryption

Encrypting your Data where possible is a good policy to have to protect your data. Whether it be in devices for your physical protection, databases, Confidential information to backups it will add a layer of protection so your data is not as easily stolen or manipulated by unwanted parties.

Data Backups

Backups are often your last line of recovery. Backups allow you to recover from ransomware, disgruntled employees, insider threats, and user error. You hope you never have to resort to a backup, but it is a good insurance policy. Never just assume it is working, it should also be monitored and tested on a regular basis.

Check out our CyberSecurity Suite to add to your security stack! Or complete our online form below.

Related Posts

An image of a security operations center watching for threats.

What is a Security Operations Center?

An image of a hand hovering over a dimly lit cell phone screen that reads "Vishing".

What is Vishing in Cyber Security?

An image of connected circles representing business continuity and disaster recovery.

Business Continuity vs. Disaster Recovery