Security solutions aren’t just for corporations and governments – every business needs to safeguard their systems.
Originally published May, 2018. Updated September, 2021.
After a wave of high-profile attacks, such as the SolarWinds security breach and the Colonial Pipeline ransomware attack, the Biden administration made national cybersecurity a top priority. Tasking companies like Google, Microsoft and IBM with finding the solutions, the country is well on its way to establishing higher standards of security.
So with all this attention on security, why would small businesses need to even care about cybersecurity? Wouldn’t it just be built into everything now? The short answer? No. And it never can be.
Here’s why: The primary method for data security breaches or hacks is through company email and targeting human mistakes. More specifically phishing emails that elicit a click and deliver a ransomware payload. Or, keyloggers on unsecured mobile devices that capture password entries for your company applications or files. And the harder systems are to crack, the more these vectors are going to increase. Consider 2020 – ransomware increased 7-fold from 2019.
With more employees working from anywhere (home or otherwise), there are even more opportunities for security breaches. As employees use personal or company laptops and cell phones to work, they may be exposing you to more risks. Here’s an example: Your accounts receivable manager accesses work email on their personal cell phone, receives an invoice and sends payment to a vendor. They leave their phone in a taxi – with the screen unlocked and the next passenger finds it. That person now has access to your employees email, all of the contacts they email, vendors and payment information.
Personal responsibility will always be a part of cybersecurity. When that lapses, you must have other tools in place.
20 Security Solutions to Prevent A Breach
To protect your business from hackers, you must think about it like protecting a castle. If you focus on just keeping the perimeter safe, like most businesses do with firewalls and antiviruses, you’ll be ill equipped to deal with the inevitable breach. You need affordable, well-rounded security that protects your business. Here are 20 ways Nortec protects clients from hackers.
Guard the Perimeter from Attacks
Keeping the walls of the castle safe from the advanced threats of today is no longer a simple matter. It requires identity-based security and a level of sophistication that outwits the complexities of today’s threats, but also includes ease of use for staff. Even though perimeter security isn’t enough, you still need it. Start with these 7 tips for protection:
1. Enable secure single sign-on for all cloud and on-premise apps
2. Use multifactor authentication (MFA) for sign-ons and transactions
3. Employ secure remote access for on-premise apps (not using a VPN)
4. Make use of identity-based protection software that can learn behaviors to detect threats sooner
5. Protect against ransomware and phishing attacks
6. Automate protection with risk-based conditional access (this is intelligent approval of access)
7. Restrict administrative access on an as-needed basis
Cyberecurity is more than firewalls and antivirus software. After all, there’s always going to be that one employee who clicks the ransomware link or connects to an unsecure Wi-Fi with company devices. Once a threat is on your network, it won’t stop until every computer is infected. This is how you stop it:
8. Classify and protect specific types of data (i.e. vendor credit cards), regardless of where it’s shared
9. Give IT admins and users full visibility to track access to protected shared data
10. Protect corporate data like apps, emails and data on employees’ personal devices (you can do this without disrupting personal data)
11. Use a tool that enforces security policy for mobile devices, apps and PCs with easy-to-use management tools
12. Get automated risk detection, reporting and analytics on an ongoing basis
It can take days, weeks or months to notice when someone is on your network who doesn’t belong there. It took Equifax over 6 weeks to notice their attacker, and we all saw how that went. Here’s how not to be like Equifax. Your security software needs to:
13. Learn to detect suspicious behavior and quickly identify advanced persistent threats on-premises or in the cloud
14. Identify, report and halt any malicious attacks as close to occurrence as possible
15. Relay simple attack timeline with clear and relevant information about the attack so you can focus on what is most important
16. Deliver advanced security reporting to protect against suspicious behaviors and advanced attacks
17. Offer easy reports that give visibility into the integrity and security of your organization
There might be holes in your security you’re not even aware of, or options that you have at your disposal for relatively cheap but don’t know to use them. A security assessment should include:
18. Identifying what devices you have and aren’t using
19. A review of what holes you have in your security that hackers might exploit
20. A whiteboarding session to understand what cybersecurity services are available and which would work best for your specific needs
All these security solutions are easily and affordably available through Microsoft. Microsoft is on the cutting edge of security, offering sophisticated security tools that integrate with all their business-class solutions. But let’s be honest: Microsoft doesn’t do the best job at communicating what these options are and how to configure them. As a Microsoft Certified Partner, we think that should be our challenge – not yours.
As you expand on your security, there are also a lot of potential pitfalls. For instance, if you turn on your multifactor authentication without setting it up on your devices, you won’t be able to login to your apps through different devices. Working with an IT services partner who specializes in Microsoft Security Solutions is the best way to get affordable, sophisticated protection for your business.