News of another devastating data breach seems to be in the headlines every other week. Naturally, that causes organizations of all sizes and industries to wonder if they’ll be next. According to the research and advisory firm Gartner, 95% of CIOs say that they expect cyber threats to increase in the next three years.
While the IT security landscape is constantly evolving and new hazards emerging all the time, there are a variety of common-sense protections that you can enact to make your organization safer.
Let’s take a look at some of the most important factors to consider when evaluating your cybersecurity.
1. Phishing attacks
By imitating reputable people and companies, attackers hope to trick their targets into revealing sensitive information such as passwords, credit cards, and Social Security numbers.
So what’s the best defense against phishing attacks?
Educate your employees on how to recognize them. Use additional email security solutions that include strong filters against spam, infected attachments, and fraudulent domains. To assess whether your company is prepared for a phishing onslaught, you can even run a simulated attack on your employees’ inboxes to see if anyone takes the bait.
76% of IT security professionals report that their organization was the target of a phishing attack.
2. IT security policies
39% of organizations have a written “bring your own device” (BYOD) policy, allowing employees to use their smartphones, tablets, and laptops at work. Many other companies have similar allowances, but have not made them a formal part of the employee handbook.
Check this out: Wi-Fi Security: 4 ways to secure your wireless connection
An informal BYOD policy is convenient, but also dangerous. People are unlikely to follow the same stringent IT security standards that you require for work-owned devices. Have clear rules about exactly which devices are permitted, as well as which apps are required or banned. If you’re unsure where to start, seek the many different BYOD policy templates for free online.
While perhaps less frequent than other threats on this checklist, the prospect of ransomware can bring your business to its knees. Ransomware rose to global prominence with the spread of the “WannaCry” software in May 2017, which infected computers in 150 countries and caused an estimated $4 billion in damages.
As the name suggests, ransomware is malicious software that locks down your files and data and holds them for “ransom” — refusing to give back access until you send the attackers a hefty sum of money. In many cases, hospitals, banks, and utility companies chose to pay the WannaCry ransom to avoid crippling their operations.
Because ransomware is often spread through phishing emails, all the recommendations above apply here as well. In addition, install strong antivirus and anti-malware software, and protect the perimeter of your enterprise network with a good firewall. Consider backing up your mission-critical data into the cloud at regular intervals. Thay way, you can recover it even if you suffer a ransomware attack.
4. Cloud computing
Cloud computing isn’t just a tool to protect your information in the event of data loss or disaster. It’s also in and of itself a well-established business best practice.
“96% of organizations now use the cloud in some shape or form.”
Gone are the days when most companies worried about whether their information was secure in the cloud. Nearly two-thirds of IT professionals now agree that the cloud is a safer storage method for their data than legacy on-premises systems. The top public cloud providers all have strict security measures. They make it very difficult for malicious actors to hack in and exfiltrate information.
For one, data in the cloud is redundant: it’s stored in multiple physical locations. You can continue to use it even if one data center goes down. Sharing data is also easier and more secure. Instead of making copies or putting a thumb drive in the mail, you can simply provide access over the Internet to exactly the people who need it.
5. Insider threats
Surprisingly, the biggest threat to the integrity of your business information may be your own workforce. Three-quarters of cyber incidents are due to “insider threats”: employees who inadvertently or intentionally expose files and applications to malicious actors.
Other helpful stuff: Your company’s 5-part guide to mobile security
To reduce the risk of insider threats, install monitoring and alerting software that can detect suspicious activity. That should include a system that alerts you to an employee’s repeated attempts to access unauthorized files. Keep your applications and hardware up-to-date with security patches and upgrades, so that you’ll have some built-in protections even in the case of human error.
Unfortunately, far too many companies don’t think about cybersecurity until it’s already too late. According to the National Cyber Security Alliance, 60% of small and medium-sized businesses will permanently shut their doors in the 6 months following a cyber attack.
The good news?
This doesn’t have to be you. By following the checklist above and partnering with the right IT managed services provider, you can do a great deal to protect your organization from the most dangerous cybersecurity threats.