43% of cyber attacks target small businesses. Cyber criminals know that most small businesses can’t afford or don’t allocate resources for the level of protection of larger enterprises. For the criminals, it’s easier to infiltrate tens of thousands of small businesses with less security than to try to breach the sophisticated defenses of the large enterprises.
But despite the limitations, it is vital for small businesses to strengthen their defenses. The Network Team has put together a list of network security tips you may not have thought of that can help small businesses without adding too much to the bottom line.
- Use a separate computer for financial transactions. Email and web browsing are common attack vectors criminals use to compromise your computer through malware and phishing attacks. To help limit the risk of them also gaining access to your financial information, have a separate computer that is used exclusively for financial transactions. Ensure the computer is password-protected, and change the password every three to six months. You could also put the dedicated computer on an isolated Internet connection, separating it from the corporate local network.
- Use two-step verification processes for all organization-connected services. The FBI recommends Two Factor Authentication for security. Two Factor authentication, or 2FA, means using two components to access information online. Yes, it will mean an extra step for employees, but it will add a layer of security at little to no cost to your budget. A criminal will not have access to your second source of identification. It usually includes a password or PIN only the user knows and one of the following:
- A device like fob with a code that changes often
- The end user’s fingerprints
- The user’s location at the time of authentication
- Remind employees often of security measures. End-users are one of the biggest holes in cyber security. Small business owners can help close those holes by educating employees on basic security measures. These can include items like updating passwords often, training on how to spot fake websites and malicious emails, and company policy for reporting potential threats. This training should be a regular part of employee onboarding, with refreshers through company newsletters or at company-wide meetings.
If you’re unsure what network security tips need to be included in that employee training, you should attend The Network Team’s Tech Brews Cyber Security Workshop. The free event March 2, 2017 includes drinks, appetizers, and a discussion on cyber security trends, including practical tips on how to help employees keep your network secure. Click below to learn more and register for the event.
2016 was the year of extortion, as ransomware was king, and a major challenge to cyber security. Use of ransomware code jumped 400% between January and September.
We are already into February, and trends are already being reported by the big-name vendors, like Trend Micro. Ransomware is expected to go up by another 25%. Business Email Compromise (BEC) shall grow. Well planned and targeted attacks ae being launched on devices that IT has the least invested in, like tablets and phones. Adobe and Apple vulnerabilities are being discovered at an increasing rate, and their public announcement is undermining the user community that thinks that Apple products are better than Windows based products. Adobe is publicly reporting more vulnerabilities than Microsoft, putting them in the same place as Apple.
Webcams designed to be a part of a security framework are being hacked. The European Union is requiring companies to hire a data protection organization (DPO) or have one internally, but the end of 2016 showed that less than half of all enterprises had one.
Despite the best efforts of folks like TNT and internal IT departments, businesses haven’t adopted a strategy to meet these threats, head on. Our recommendations remain:
- Advanced anti-malware (beyond blacklisting)
- Antispam and antiphishing at the Web and messaging gateways
- Web reputation
- Breach detection systems
- Application control (whitelisting)
- Content filtering
- Vulnerability shielding
- Mobile app reputation
- Host- and network-based intrusion prevention
- Host-based firewall protection
The criminals are getting more targeted and sophisticated with their tactics. They are using social engineering to impersonate bosses, vendors, and clients in order to trick end users into clicking on malicious links and attachments.
Along with the recommendations mentioned above, security experts across the spectrum say businesses are not doing nearly enough employee training to help increase cyber security.
The Network team is hosting an informal, educational workshop Thursday, March 2, 2017 from 4:30 PM - 6:30PM to discuss cyber security. The event includes free drinks, appetizers and time to network as well as the workshop. Seating is limited to 20 participants. Click on the link below to learn more and register.
Post by: Jeff Gaura, President