Don’t let your data get hijacked
When it comes to cybersecurity risks, businesses often fall victim to assumptions and oversights
Cybercrime is the new normal, and it’s imperative that businesses of all sizes have IT policies and processes in place and truly adopt a culture of security so they are not the “easy target” for hackers.
Here are five simple tips to help your business protect against the threat and costs associated with an attack.
1. Patching: Patching, the equivalent of a security update that businesses often overlook, is critical for security controls. Many cybercriminals look for businesses with unpatched vulnerabilities to exploit and gain access to network systems. This is often the method used to infect users who visit a website with malicious code embedded in an ad. Use an automated patching tool or service to ensure operating systems and common applications receive regular security updates.
2. Backup today, tomorrow and forever: Backup of data is even more important today than it was a few years ago because of new threats like ransomware. Not only do you need to protect data from a hardware failure, loss, or natural disaster, but you also need to protect it from a cyberattack which could encrypt it. If your data has not been backed up, you may be faced with paying high ransom fees. The best solution is to use a business class backup (not a USB drive, for example) and regularly check to ensure the backup is working. Also be sure that backups are stored offsite in an encrypted format to minimize risk of a data breach due to lost or stolen backup media.
3. Don’t get caught with an unsupported operating system: In the past two years, Microsoft has discontinued support for two widely-used operating systems: Windows XP for desktop PC’s and Windows 2003 for servers, which means that hackers are already finding and leveraging vulnerabilities in these operating systems to gain access to important data. Recently, one of the largest malware attacks crippled organizations that were still running Windows XP. A simple fix is to upgrade to a currently supported operating system like Windows 8.1 or 10 for desktop PCs. Alternatively, evaluate if your Windows 2003 servers' current function could be better achieved with a cloud solution like Office 365 before upgrading to Windows Server 2008 or 2012.
4. Evaluate aging firewalls: Firewalls are another critical IT asset that are often overlooked because they are typically hidden in a computer room or closet even if they are working seamlessly. Most firewalls have two components: hardware and software licensing. If you have had a firewall for more than five years, ask yourself if the hardware is still supported by the manufacturer, and if the licensing is current. If not, you and your network are open to unnecessary risk. Each year as part of your IT planning, your business should evaluate the age and licensing requirements of critical network components like your firewall. Check with your firewall vendor. A lot has changed in the past five years, and it might be time to obtain a more capable and current firewall.
5. Risks of unencrypted email: There is a growing requirement to encrypt emails containing sensitive personal and identifiable information (PII), as well as personal health information (PHI) from state laws to federal regulations like HIPAA. Today, breaches occur more often when an email containing PII is accidentally sent unencrypted or to the wrong party. An additional risk is being out of compliance with state laws related to securing consumer information. If you regularly work with PII or PHI, you need to implement an email encryption solution. The best approach is to have a solution in place which will scan for PII, thereby forcing encryption.
If your business is looking for simple ways to stop data from getting hijacked, know your risks and consider these five best practices. Implementing one or a few could make a big difference and save your company from costly ransoms, lost data, business downtime and broken customer relationships. Keep in mind that there are many resources and experts to rely on to help you up your IT security game.
Mark Benton is the director of product management at Portland, Maine- and Manchester, NH- based Systems Engineering with over 30 years of IT experience. He can be reached at 603-226-0300 or through syseng.com/cybersecurity.