Humans love to be comfortable. We'll always choose convenience over anything else! But when it comes to your cyber security environment, complacency can mean big problems.
When is the last time you thought about cyber security?
Perhaps not on the top of your to-do list, but it should be - we all need to be hyper vigilant against the growing number of sophisticated cyber attacks against small and mid sized businesses.
You've read the statistics:
- 43 percent of cyber attacks target small business
- Only 14 percent of businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective
- 60 percent of small companies go out of business within six months of a cyber attack
Yet most business leaders, who don't have internal cyber expertise, are so overwhelmed with where to even start, they end up doing nothing!
To help you get started, we've come up with a check list of 5 important questions to ask yourself regarding your cyber security practice.
Ideally, you should be able to answer “yes” to all of these!
Video: Best Cyber Security Checklist - 5 Questions!
1. Are Your Endpoints Protected and Secure?
Endpoints are the devices we use every day. Any hardware you use (your computer, phone, and tablet) to access a network is an endpoint. This is, of course, the most common place for a security breach to take place!
Most businesses have moved to a model that uses technology outside of the office. Physical firewalls beside your cubicles won’t protect you anymore. You need real-time protection running 24/7.
Anti-virus software isn’t enough, and automated systems can lead to countless false positives that dull your sense of awareness. You need the intelligence and persistence of AI mixed with the skill of an experienced security technician monitoring your network for real threats every minute of every day.
No business is too small for Endpoint Detection and Response. Thanks to Managed IT Service Providers who offer "security as a service", what once was only viable for large organizations is now commonplace for small to mid-sized businesses.
2. Are You Using Two-Factor Authentication (2FA) Whenever Possible?
It’s hard to keep track of dozens of different passwords. Everyone gets lazy eventually and settles for the same one, or a similar variation, for most of their accounts.
While this may make life easier, it also means that if an attacker gets a password for one site, they might gain access to your data everywhere.
The simplest way to work around this is two-factor authentication, or 2FA. Also known as MFA, this easy-to-use security method stops password theft in its tracks.
When logging in to an account with 2FA, you type in your normal username and password combo, followed by a second account verification on your phone. This secondary code helps ensure that you’re really who you say you are.
Even a stolen password can’t take you down if you have 2FA in place. A simple code keeps your data and accounts protected. Using your phone as your out-of-band authentication verification token guarantees that a thief can’t simply hack your computer and gain access to your data.
2FA is a low-cost option with a huge ROI for your data security!
3. Are Your Regularly Checking for Network Vulnerabilities?
The larger your network, the more vulnerabilities you have. Even in a small business, one person can have several endpoints, including their phone, work, and home PCs.
Do the math on your entire business, and the probability of risk is incredibly high!
Vulnerability scanning can help you find any holes in your security. Out-of-date PCs, simplistic passwords, and unsecured WiFi networks are just the beginning. A full vulnerability scan will inspect your entire network and flag all potential hazards.
Of course, once the hazards are marked, you’ll need to fix them. With a managed security services provider (MSSP), you can rest easy knowing that every vulnerability flagged is resolved immediately.
Vulnerability scanning and remediation keeps your network in check. With this service in place, you’ll know that there are no holes in the digital protective fence surrounding your data!
4. Is Your Data Center Secured in Every Way?
Where is your data stored?
Whether your entire business exists on one small network, or you’re using a hosted cloud solution complete with off-site data center, you need to know it’s protected.
All of the things we’ve mentioned so far are crucial to securing your data center. But you also need to be sure that things like physical security are taken care of as well.
- Does your data center have redundant power and backup service?
- Are there physical barriers in place, such as door locks and verification systems to prevent hardware tampering?
These are important, and often overlooked, pieces of the overall security puzzle.
Think of the data center as the nucleus of your entire network. You may be guarding the outer walls of the cell with endpoint protection, but is the center of your network being monitored just as closely?
In today’s world, your business data is everything. You can’t take any shortcuts when protecting the devices that host that data for you!
5. Are Your Employees Trained and Aware of Security Risks?
All of the security procedures and policies in the world won’t stop a cyber attack without educated employees.
Untrained employees can destroy your business’s finances and reputation. They should be aware of best policies for every piece of technology they use in the business.
All it takes to prevent a phishing attack is to simply do nothing , e.g. NOT click on that link or download that doc. Your employees need to be trained to spot and react appropriately to phishing emails.
Social engineering and spear phishing have made the emails even harder to spot, and one slip from an untrained employee can spell disaster.
No spam filter can stop every phishing email, and no anti-virus software can keep you safe from the viruses that are spread through phishing.
The only method to prevent your business from falling prey to an attack is employee phishing prevention training.
Don’t be another victim. Don’t let all of your other security preparations go to waste. Train your users.
Check out our Cyber Security Solutions Webinar to learn more or contact us to set up an appointment to discuss your cyber security needs.