Your business’ overall cyber security posture starts well before threat detection software removes unwanted activity on your networks. Cyber security strategy takes various forms, both online and in the physical world—all designed to prevent cyber threats before they ever happen.
In this world of high-stakes hacking, phishing, identity theft and malware, the best defense is a good offense. Here are just a few ways to be proactive against harmful cyber threats and to reduce the risk of falling prey to an attack.
Many cyber threats start with a vulnerability somewhere in the office. Of course, this is where business is done; employees need access to sensitive data to do their jobs, after all. Because the workplace can’t be locked down like Ft. Knox, the goal here is to limit your exposure to unnecessary risk, and bring your overall state of security to an acceptable level.
Take a look around your place of business. If you see any of the following, you may want to consult your IT service provider about what changes are needed.
- Unattended computers left unlocked, or with no password protection
- USB drives that are unsecured, left on desks, accessible to public
- Printed documents containing business (or customer) information—such as usernames, passwords, alarm codes, etc.— on desks, on counters or un-shredded in the trash
- Whiteboards or other presentation materials left in empty meeting spaces
- Security badges, credit cards, wallets, bags and backpacks left open/unattended
These are just a few of the ways people who want to do harm to a business find their way to the sensitive information they need. In reality, online hackers aren’t the only threat; those who we call “bad actors” could be disgruntled former employees, customers, or others that interact with your business.
By putting processes in place to cut down physical access to sensitive information and access, one giant pathway to your business’ data will be more secure.
There are new and effective cyber attacks being deployed every day, and the route most will take to your business is through email and Internet access. It only takes one click on the wrong email or website for a hacker to have access to your network, which means that your entire staff must be properly trained to understand the attack vectors that are used. Here are just a few you should know:
This surprisingly low-tech approach to obtaining access to networks is all about manipulating and exploiting human interactions to learn user names, passwords, internal processes, and more. Simply, attackers pretend to be a trusted individual or have a trusted position, and use that deception to get unsuspecting workers to provide sensitive information. Avoiding social engineering traps requires proper training and knowledge. Employees need to know how to identify these scams and the process to report them in your organization.
Essentially, phishing is social engineering through the use of electronic communication, via email, chat, text messages, etc., and one of the most effective techniques that hackers use. It uses the guise of appearing as a legitimate communication from a trusted source, such as a business partner, co-worker or CEO, masking their intent with clever email addresses and urgent language. The more official and authoritative they look, the more they succeed.
Mitigating the risk of phishing attacks requires a combination of employee training and software solutions. Instill a company culture of caution when it comes to suspicious emails, and be sure to verify links whenever possible. Additionally, never navigate to suspicious website URLs, or enter personal information on unknown, un-trusted sites. Phishing attacks require you to take an action that you otherwise shouldn’t, so understanding when to pause and refrain from clicking links/entering information is of utmost importance.
The web is like the open ocean: it’s large, sprawling and ever changing, and web site threats are volatile and well hidden. It’s not just fraudulent sites that pose as legitimate, attempting to capture your information in a form or login screen: fake ads and links shared on social media can install malware and spyware with just a click.
In addition to software that your MSP will install to manage and filter access to suspicious or dubious sites, the two best ways to avoid website cyber attacks are to:
- Avoid clicking suspicious links from untrusted social media accounts and ad
- Always look for proper SSL encryption on SSL encryption will be noted as a green lock or trusted symbol in your browser, and helps protect
You MSP has the tools to keep your business well defended from all types of cyber threats, and the ability to eliminate attacks that break through the defenses. They have a true picture into the security posture of your business, and can patch, maintain and update systems as needed to keep it up to date through a combination of software and solutions, including:
- Remote monitoring and management software
- Antivirus applications
- Firewall software
- DNS filtering
- Mobile device management solutions
- Backup and disaster recovery
- and more
However, there is more to managed security services than software solutions—your service provider will also be able to offer security training to you and your staff, which is essential to developing the proper processes and techniques to avoid threats and lower the risk of a security breach on a day-to-day basis.