By Steve Fox
The words “cyber attack” have become part of our American vernacular. Unfortunately, there isn’t a standalone silver bullet that can keep your business safe from hackers and their seemingly ubiquitous malware. Preventing a cyber attack requires multiple layers of defense.
Here are 10 cybersecurity measures every business should practice:
-
Keep up with software patches and updates
Software providers such as Microsoft, Adobe, and Java—to name a few—release software updates and patches each month to address newly discovered security lapses. Don’t neglect them. If you do, you could create system vulnerabilities that hackers could easily exploit.
-
Run an antivirus program
Your antivirus program should scan your files in real time and your system on a weekly or, preferably, daily basis. Be sure to install antivirus software on all workstations (i.e., anything your end users operate on) as well as your server.
-
Employ a third-party spam filtering company
It’s nearly impossible to keep spam emails out of your inbox. There are numerous ways to block them, but the most effective solution is almost always a third-party spam filtering company. These companies receive your emails, scrub them using the latest spam-skimming filters, and then deliver the spam-free emails to your inbox.
-
Implement cloud-based malware protection
Cloud-based malware protection companies divert data going to and from your computer to their domain name system (DNS) servers. (The DNS is like an address book for the Internet.) These companies have real-time scanning capabilities that check the web or IP address your computer is trying to reach against known malicious addresses. If the address is bad, the company blocks the connection, preventing your computer from “talking” to the bad guys.
-
Maintain a corporate firewall
Most businesses have this basic cybersecurity measure in place. Nevertheless, it’s worth a mention. A firewall on the outside perimeter of your network is critical to filtering and blocking data. Think of it as the gatekeeper of your network.
-
Establish backup and disaster recovery protocols
Daily system backups have become antiquated. Today’s backups are image based: when the backup runs, it takes a snapshot of the entire system—typically on an hourly basis. If your system crashed or your hardware became disabled, you can simply take the snapshot to a different system and restore it to a new piece of hardware.
It’s important to test your backups regularly. Through our managed backup services, we test backups on a weekly or monthly basis, depending on our client’s needs. An entire disaster recovery test—during which all company servers are shut down—can help to ensure your system can be restored if needed.
-
Use password management and authentication methods
It goes without saying that your password shouldn’t be “p-a-s-s-w-o-r-d” or one that matches your name. Password management—promoting the use and regular updates of strong passwords across your organization—can help your company avoid this all-too-common mistake. You may also want to consider dual authentication, which requires end users to provide a second method of authentication, such as a code sent to their cell phone via text message, in addition to a password.
-
Manage the use of file-sharing applications
Many employees rely on file-sharing applications such as Dropbox and Google’s OneDrive to keep their files readily accessible. Obviously, this practice can lead to security deficiencies relating to company data. Are your employees using file-sharing applications? If so, consider developing a policy to address potential security lapses.
-
Train employees in cybersecurity
The end user is the weakest link in preventing a cyber attack. For instance, if an employee uses a weak password or falls for a phishing email scam, there’s little your cybersecurity measures can do. Training your employees on how to recognize and respond to potential threats can keep your business from becoming a victim.
-
Monitor, monitor, monitor
Keeping an eye on everything we just talked about—the software updates and patches, antivirus program, spam filtering, data backups, etc.—is critical. If you’re not monitoring them, they could go offline or fall behind on updates and you’d be none the wiser.
Actively maintaining a layered defense can help you thwart a cyber attack—and keep your business name from ending up as a late-night TV punch line. If you have questions or would like to learn how a managed IT service provider such as Minnesota based cyber solutions can help, give us a call today.