The FBI reports a 300-400% increase in cybersecurity incidents since the pandemic began and Google reveals 18 million COVID-related phishing emails are now being blocked, daily. Risks and threats have rapidly multiplied as hackers prey on disenfranchised organizations and unplanned remote work. As a business in today's climate, you most likely have security baked into your IT plans, but those plans need to be re-evaluated and assessed on an ongoing basis. You need to stay vigilant. But what if you're experiencing constrained IT resources and strict budgets? Here are 7 actions to help your organization's security
1. Review security plans – preparation is key
A cybersecurity event is hard to contain and extremely costly. The average lifespan of a breach is 314 days and typically ends up costing a company $3.4 million, according to IBM. It’s only after something like this happens that companies wish they had better plans and stronger prevention measures in place. Hindsight is 20/20. Explore solution options and provider offerings to get the right safeguards in place. Along with prevention, you should be considering detection services to mitigate damages, should an incident occur, offering quick responsiveness, disaster recovery and business continuity.
2. stay up-to-date on the threat landscape and latest solutions
One of the best ways to stay current is to take advantage of the many available resources. Are there websites that you frequent and view as trusted resources? Get on their email list to receive relevant industry information. Attend the abundance of free webinars happening now; find those hosted by trusted providers or involving industry leaders and subject matter experts. Use an IT consultant if possible. You should also be thinking about managed security solutions to offset tasks and responsibilities into the hands of experts. Have the expertise of trusted security witnessing and responding to all the latest threats will handle the heavy task of monitoring and remediation, while keeping you and your IT staff alerted. Since many are cloud-based, solutions are easy to deploy and offer affordable pricing structures.
3. Think access - enable Multi-factor Authentication & Virtual Private Networks
As many states relax their shelter in place orders and public places start to open up, such as restaurants and cafes, employees still working out of office and those needing a change of scenery, might venture out to these establishments to work. They, then unknowingly, open themselves up to risks via public and shared Wi-Fi connections, creating major security concerns. Employees should be using Virtual Private Networks (VPNs) to safely access the corporate network. VPN solutions are now very affordable, with many available through various ISPs and cloud providers. Equally important is the use of Multifactor Authentication (MFA), requiring employees to use at least three or more layers of authentication before accessing sensitive company data. Combinations of password, RSA token, SMS, OTP (one-time password), QR code, push notification, and biometric modality (such as fingerprint or iris recognition) can all be used in tandem. Many organizations are also deploying identity access management (IAM) frameworks to better identify and manage user access in their network with the use of MFA and VPNs to move towards a zero-trust security model.
4. Employee training – provide education and learning resources
Employees should be aware of the role and responsibility they play in cybersecurity. IBM reports that 95% of breaches are caused by human error. Employees should receive security training to understand best practices, how to recognize common threats like phishing emails, and how to use video conferencing tools in a secure manner. Email scams have become extremely sophisticated and harder to detect. Employees should be reminded to be on the lookout for suspicious emails and know what to do if received, not to open and contact IT, immediately. Keeping employees aware and with their guard up goes a long way. Use our Securing a Remote Workforce document to help inform employees of their role and involvement in security.
5. Consider physical security – keep the office and employees protected
While your security plans may heavily focus on network and cybersecurity, physical security is also a critical component. Look into reputable physical security providers that offer protection, monitoring and controlled access, keeping your resources, employees and equipment safe. Solutions include video surveillance, secure entry points like gates and doors and alarm systems. If you are without adequate security personnel and tools, keep critical assets like IT infrastructure and servers as safe as in a highly secure datacenter.
6. Allow for maintenance -- focus on software updates and patches
The 2020 Cyber Hygiene Report found that almost 60% of data breaches in the past two years were caused by missing patches. Keeping up-to-date with security patches and updates is challenging and even more so when employees are working remote. Many IT security teams have not been able to deploy updates and patches on a regular basis, either because they cannot connect to the corporate domain without a VPN, lack remote access capabilities for employees, or they were just spread too thin. Cyber attackers are fully aware of this and ready to pounce. IT security teams should have monitoring in place such as endpoint protection or a SIEM capable of identifying out-of-date software and patch versions; Security Magazine found that over 70% of breaches occur at endpoints. Businesses should have a regular schedule for auditing and deploying software patches and updates, a consideration for some to outsource. Having Managed IT experts handle this can take a huge weight off of in-house IT, making sure all updates are being done and in a timely manner.
7. Take advantage of free audits, vulnerability scans and penetration testing from providers and IT consultants
Vulnerability scans can be used to detect and classify system weaknesses in computers, networks and communications equipment and provide ways to remedy the issues. This gives a proactive approach to close any gaps and maintain strong security for systems, data, employees, and customers. A penetration test—known as a pen test or "ethical hacking"—safely identifies and exploits vulnerabilities in appliances, operating systems, services, employees, and applications, to replicate what a hacker could exploit. Providers and many IT consultants offer these services free of charge.
If you need help finding security audits and assessments, email firstname.lastname@example.org and our accredited solution engineers and Tech Gurus are available. Our experts offer testing and assessments, identifying any holes in your security postures and recommending proper remediation. Our teams will even identify appropriate safeguards to limit or contain the impact of a potential cybersecurity event - free of charge.