What Steps are You Taking to Secure Your Business?
There are an estimated 1.7 million successful ransomware attacks each day.
What if Your Business is Compromised?
It’s easy to hope for the best and assume you will never experience a Cyber Security incident but the fact is Small and Medium Businesses are targeted twice as frequently than larger organizations. This increase in attacks is largely due to smaller businesses not having the same resources and policies in place to defend themselves. With an average cost for a data breach for small businesses exceeding $200,000, it’s easy to see why over half of businesses compromised close their doors within 12 months of an incident. Not only is there the pure financial costs involved in getting their business back up and running but it will take years to re-build the trust of your client.
Suffering a cyber security incident is simply not the kind of advertising any organization wants.
Securing Business Email & Communication
Email is still the single largest security threat for organizations of all size with over 91% of cyberattacks starting with malicious emails or phishing messages. With many workforces now being distributed across multiple locations and work from home being more common, it makes implementing proper security tools and training even more vital.
Generative AI has made creating new phishing emails that are more customized and harder to distinguish easier than ever. Since the launch of ChatGPT, the amount of phishing emails has increased by 1,265%.
There are many ways to help reduce the risk of phishing and malicious emails such as tightening spam filtering detection rules and ensuring all necessary mail security protocols such as SPF, DKIM & DMARC are implemented fully. At the end of the day, it’s the human-firewall that’s most effective. Providing ongoing training resources and testing to your team ensures they are aware of the latest threats and that security is always on their mind. At the end of the day phishing emails rely on human behavior to make a mistake due to urgency, embarrassment, confusion or some other emotion.
A simple policy change requiring staff to always confirm significant changes through a second communication method such as in person discussion or phone call is a great way to have them stop, think and remove the urgency many scams rely on.
Ensuring staff have Multifactor Authentication (MFA) configured on all work accounts decreases the risk of them being compromised by 99%. With Office 365 it’s easy to set up conditional access policies that give even more control over who can access what data from which devices and locations.
Securing What You Don’t Know About
How confident are you that you have no accounts still active for staff who are no longer working with you? What about a full list of computers in your network and how quickly security updates are getting applied?
When looking at new security policies or tools, it’s critical to make sure you actually know what needs to be secured. If your company doesn’t maintain an accurate device inventory, list of users and permissions and keep these lists updated then those blind spots get more and more vulnerable over time and the worst part is you won’t even know if they are compromised because you didn’t have documentation on the device or account even existing.
Request a Free CyberSecurity Risk Assessment
Acadian is happy to provide a free, no commitment cybersecurity risk assessment to businesses in the greater Kingston, Belleville and Brockville regions. Your cybersecurity risk assessment will include the following key tests and action items so you can be confident of your current security posture and what steps you may want to take to reduce risk.
- Email Impersonation Report: SPF, DKIM, DMARC testing.
- Business Email Configuration Review: MFA, spam filtering, attachment & link scanning
- Website Security Scan: Host security, SSL encryption & application firewall settings.
- Leaked Credential Report: List of accounts involved in public security breaches.
- Asset Risk Report: Internal network discovery report including device age, operating system and known security vulnerabilities found.
- User Account Review: Report detailing active users and permissions for your business email or domain environment.
- Backup Policy Review & Testing: Test recovery of data from your backup system, review backup policies & report.
Updates: Speed Matters
Over 90% of security incidents are only successful because the targeted systems haven’t installed security updates that are publicly available.
Installing critical security updates as soon as they are available and making sure every device in your organization gets updated is key to staying secure.
All too many people will see the ‘restart to apply updates’ message and ignore it over and over again. We know that ‘now’ is never the right time to restart your computer. A properly implemented Remote Management & Monitoring (RMM) tool makes the process painless by applying these updates automatically outside office hours. This removes the choice from end users and gives you a clear report of device health and security across all your work systems.
Most security breaches today rely on hackers obtaining ‘Persistence’ in your network. This buys them time to scope out you entire network, find the most critical data and launch their attack at a later date. The average hacker spends 24 days in a network before being discovered.