Being in the business of helping our customers protect their data, my email inbox is filled with news of cyber breaches and the latest, state of the art, machine learning artificial intelligence cybersecurity systems! I think there is an “arms race” between the security products firms and the cyber criminals. Feels like the criminals are winning, but they have a target rich environment. Those defending against the hackers have to be correct 100% of the time while the criminals only have to find one flaw to break into your network and steal your data.
Most of these state-of-the-art security systems focus on building a stronger wall around your data vault. Others increase the security to the entrance to the vault, in affect tougher locks and screening those who enter. Lastly there are systems which detect the criminals once they have successfully passed through the perimeter defenses. All these systems are expensive to acquire and maintain, and require expertise.
Small to medium businesses (SMBs) cannot afford such systems, so what should they do? First, it is important to understand smaller organizations do not face the kinds of cyber threats Fortune 500 companies face, which are targeted continuous attacks. SMBs are most often attacked by automated systems which continually search and probe computer systems for typical vulnerabilities.
The first step is to “harden” your computer systems. What does that mean? A typical Windows based PC is configured and delivered to enable multiple ways to connect with other systems to provide ease of use and flexibility. That is equivalent to leaving all the doors and windows unlocked or open on your house. It makes it very easy to steal your stuff. How do you harden your PC? There are scanning tools that will check the configuration of your PC and provide instruction on how to lock down your system. Next, turn on automatic updates for your Windows operating system to patch known vulnerabilities or bugs. Cyber criminals keep track of published weaknesses and quickly pounce on them. You should also install a quality antivirus software with automatic updates activated. Many think of antivirus software as their first and only defense, but in my opinion, it is fourth behind user training.
Creating the human firewall through training is essential. Phishing emails have grown into an efficient way of getting past your cyber defenses. Most ransomware is delivered via phishing emails. Training your users to recognize such emails, fake websites, suspicious on-line advertising and other such malware is critical.
The last line of defense is management enabling these steps to happen. These steps are not costly and can be implemented easily. Management placing the priority on these steps sends a clear message that cyber security is a priority and is necessary in today’s connected world.
Contact us at support@thirdrock.com if you’d like more information or some help to protect your organization’s data and systems.