The Easiest Way To Disaster-Proof Your Cyber Security

The Easiest Way To Disaster-Proof Your Cyber Security

Though no one would dispute the increasing prevalence of cyber-attacks on businesses in recent years, many small-business owners believe themselves and their business to be immune to such cyber attacks. Broadly speaking, many small-business owners are likely to think that cybercriminals will go after the bigger fish. However, the fact of the matter is that cyber-attacks are crimes of opportunity, and small businesses often have access to a good amount of sensitive data without many major safeguards. In other words, they’re low-hanging fruit, ripe for the picking. 

Back in 2019, two-thirds of respondents to a survey about cyber security didn’t believe that their small to mid-size business (SMB) would fall victim to a cyber-attack. Consequently, only 9% of respondents said cyber security was a top priority for their business, and 60% didn’t have any sort of plan for deterring a cyber-attack. All of this, despite the fact that, according to a report from CNBC, SMBs endured 43% of reported cyber-attacks, and according to data from the Ponemon Institute and Keeper Security, 76% of SMBs in the U.S. alone reportedly endured a cyber-attack within the previous year. 

Every small-business owner should have some plan for deterring cyber-attacks so they don’t end up as another statistic. Here are a few strategies for keeping the cybercriminals at bay. 

Boost Your Cloud Security

Storing data in the cloud is easy and cost-effective, but you should take care to find the most secure cloud storage platforms. Not all cloud platforms make security a priority, but some do. A few of the top-rated, most secure cloud platforms, according to Cloudwards.net, include Sync.com, pCloud and Icedrive. 

Secure All Parts Of Your Network

Our computers and the many smart devices hooked up to our network can become weak spots for hackers to get in. Taking steps to safeguard each device in your network with strong passwords and robust authentication measures will go a long way toward keeping the hackers at bay. In fact, one of the most basic security measures you can take for your network is to restrict access to your WiFi with a strong password. 

Invest In Extra Security Measures

Virtual private networks (VPNs) and firewalls are tools that are highly effective in protecting against cyber-attacks, even if they can’t prevent 100% of them. 

Pay Attention To Updates And Upgrades

When you get notified that one of the technological tools that you use has a new update, it’s easy to ignore it. However, you should commit to regularly updating and upgrading these tools because developers will often add patches to their programs that make them more secure against attacks with each update. So, it behooves business owners to regularly install updates for their tech tools. 

Back Up Your Data

With one of the most common forms of cyber-attacks being ransomware attacks, where hackers will hold your company data hostage until you pay them a ransom amount, having your company data stored on multiple backup solutions can ensure that your business won’t crumble due to your data’s inaccessibility.

Limit Employee Access To Your Network

As much as we’d wish it were true, many cyber-attacks don’t come from outside of your company. Instead, they originate from within. If you want to limit the amount of damage that someone inside your company can do in a cyber-attack, the best course of action is to limit their access to different parts of your network. 

Train Your Employees

At the same time, just as many cyber-attacks occur not because of an employee’s malicious intent, but because of their ignorance. They click on a link in a sketchy e-mail and fall for a phishing scheme, volunteer their password info without thinking about it or choose a weak password for their computer. That’s why you need to dedicate time to training your employees on best practices when it comes to security. 

Set Up A ‘Security Culture’ At Your Workplace

You need to make cyber security a top priority, not just for your IT department, but for every department at your business. When everyone works together to protect their workplace from a cyber-attack, you have a better chance of actually succeeding. 

Will protecting your business from a cyber-attack require a good amount of time and money? Absolutely. Can you afford to ignore the prevalence of cyber-attacks any longer? Statistically, no. The sad truth is that 60% of SMBs that fall victim to a cyber-attack end up shuttering within six months. Don’t put yourself in that kind of position. Instead, take your business’s cyber security seriously. 

MANAGED IT SERVICES

CYBERSECURITY | HELPDESK | UPDATES | BACKUPS

WHY DO YOU NEED MANAGED SERVICES?

Want To Make Sure Your Business Is Protected From A Data Disaster?

Want To Make Sure Your Business Is Protected From A Data Disaster?

Did you know that 93% of all businesses – that don’t have a disaster recovery plan in place when they experience a data disaster – go out of business within a year of that disaster? And yet, 68% of businesses don’t have a disaster recovery plan in place. 

Losing access to your business’s data in this day and age could very well mean losing everything. That means that as data becomes an increasingly important commodity to businesses of all types and sizes, so does having a plan for if or when your business experiences a data disaster. 

The thought of protecting your business against a data disaster might be daunting, but don’t worry. By following the steps listed below in this article, you can make sure that your business is ready to take on the challenge. 

However, before we actually get into those steps, there is one distinction you should understand: the difference between a business continuity plan and a disaster recovery plan. A business continuity plan is primarily proactive, in that it is a strategy by which a business can continue to operate no matter what kind of disaster or setback befalls it. A disaster recovery plan is primarily reactive and has to do with how a business acts immediately following a disaster of some sort – in this case, a data disaster. 

So, now that we’re clear on what a disaster recovery plan is, here are the steps your business can take to create one that works for you and your employees. 

Step 1: Rally The Troops And Assess Your Equipment

In the fight against data disasters, everyone has to be on board. Otherwise, there will always be holes in your defense plan. That’s why executive buy-in – getting everyone in the company, from the CEO to the entry-level employees – is crucial. You need everyone to collaborate cross-functionally in order to fully protect your business. 

From there, you need to thoroughly analyze each of your business’s systems, applications and data sets, as well as how they’re physically accessed, in order to suss out any potential vulnerabilities. Then you should determine which systems are absolutely critical to the operation of your business and for getting products and services to your customers. These are the functions that will need to stay up and running, even after a data disaster. 

Step 2: Create Your Disaster Recovery Strategy

Once you have everyone on board and an understanding of your equipment and assets (as well as their vulnerabilities), it’s time to actually formulate your disaster recovery plan. To do this, you should take a look at your budget, resources, tools and partners in this endeavor. When you understand how long it takes your business to get back online and the cost for doing so, you’ll have a good idea of how to move forward. 

Step 3: Test Your Strategy

No great plan is complete without first testing it to see if it will work. Put your disaster recovery plan through a trial run to see how quickly your team responds to solve the problem and see if there are any improvements that need to be made to the process. Then, by the time an actual data disaster occurs, your business will know how to shut it down and keep running with no problem at all. 

While the steps themselves aren’t difficult to understand, preparing your business to combat data disasters takes a lot of work. In the end, though, the work is worth it if it means protecting your data. As a recap, here are the four main action steps that you need to take in formulating a disaster recovery plan: 

  1. Get executive buy-in for creating a disaster recovery plan.
  2. Analyze and evaluate your business’s systems, applications and data to understand how they could be impacted.
  3. Find out which systems you need to keep running and prioritize them during the fallout of the data disaster.
  4. Test your plan before you actually need to put it in action.

Follow these steps, and your business’s data will be safe from any threat that comes your way.

BACKUP IS CRUCIAL FOR YOUR BUSINESS

Learn More About Backup

How To Keep Your Password Secure

How To Keep Your Password Secure

  • Make sure your password is long and strong. That means at least 12 characters. Making a password longer is generally the easiest way to make it stronger. Consider using a passphrase of random words so that your password is more memorable, but avoid using common words or phrases. If the service you are using does not allow long passwords, you can make your password stronger by mixing uppercase and lowercase letters, numbers, and symbols.
  • Don’t reuse passwords you’ve used on other accounts. Use different passwords for different accounts. That way, if a hacker gets your password for one account, they can’t use it to get into your other accounts.
  • Use multi-factor authentication when it’s an option. Some accounts offer extra security by requiring something in addition to a password to log in to your account. This is called multi-factor authentication. The “something extra” you need to log in to your account fall into two categories:
    • Something you have — like a passcode you get via an authentication app or a security key.
    • Something you are — like a scan of your fingerprint, your retina, or your face.
  • Consider a password manager. Most people have trouble keeping track of all of their passwords. The longer and more complicated a password is, the stronger it is, but a longer password can also be more difficult to remember. Consider storing your passwords and security questions in a reputable password manager. To find a reputable password manager, search independent review sites, and talk to friends and family for ones that they use. Make sure to use a strong password to secure the information in your password manager. KeeperSecurity & LastPass are just a couple options.
  • Pick security questions only you know the answer to. If a site asks you to answer security questions, avoid providing answers that are available in public records or easily found online, like your zip code, birthplace, or your mother’s maiden name. And don’t use questions with a limited number of responses that attackers can easily guess — like the color of your first car. You can even use nonsense answers to make guessing more difficult — but if you do, make sure you can remember what you use.
  • Change passwords quickly if there’s a breach. If a company tells you there was a data breach where a hacker could have gotten your password, change the password you use with that company right away, and on any account that uses a similar password.

Why businesses need DNS protection

DNS Protection

What is DNS protection?

Before we talk about DNS security, you need to understand the DNS. The domain name system (DNS) works like a phone book for the internet. When a user enters text into a browser, DNS servers take that input and translate it into the unique internet protocol (IP) addresses that let the browser open the desired site. But DNS protocols were never designed with security in mind, and are highly vulnerable to cyberattacks, such as cache poisoning, DDoS, DNS hijacking, botnets, C&C, man-in-the-middle, and more.

By redirecting users’ web traffic through a cloud-based, DNS security solution, businesses can finely tune and enforce web access policies, ensure regulatory compliance, and stop 88% of threats at the network’s edge—before they ever hit the network or endpoints.  If your business is like many others that have embraced remote workforce DNS Protection should absolutely be part of your network security plans.  DNS Protection can also secure your mobile workforce without interfering with the VPNs, firewalls, and other security tools you already use.

Why businesses need DNS protection

Uncontrolled internet access is a high-risk activity for any business, regardless of size.  DNS Protection helps protect you from wasted bandwidth, malware from sophisticated attacks such as ransomware and other cybercrime.

Per a report from EfficientIP, the average cost of a single attack was $715,000 USD. When you do the math, it’s clear how DNS Protection for servers, endpoints, and other networked devices could make all the difference to a business’ success (and survival).

What DNS Solution is best for my business?

Choosing a DNS protection solution doesn’t need to be hard.  There are several reputable options we can work with including Webroot DNS Protection & Cisco Umbrella.  These are 2 great solutions that offer up a DNS layered security to protect your workforce.  Don’t wait call us today. (561) 404-9251

Why use two-factor authentication (2FA) or Multifactor (MFA) with your VPN connection?

What is a VPN?

Virtual private networks (VPNs) have been a popular way for companies to provide their employees remote access to their private servers and network resources. VPNs create secure connections between remote machines and your servers allowing your users to stay productive when out of the office. VPNs reduce the risk that hackers can find and enter your servers while your employees securely work from home or anywhere for that matter.

While VPNs are great, they are far from a perfect solution and are subject to security threats, such as phishing attacks. For example, an attacker will often send a legitimate looking email to one of your employees and invite them to log into their account via a link in the email to update their information, pay a bill, or other…. The hacker only has to wait for the unsuspecting employee to enter their username and password. Once in possession of valid credentials, the attacker will be able to connect to your VPN as a legitimate user, gain access to your network, steal information or cause other types of damage such as deploying ransomware.

How 2FA two-factor authentication secures your VPN network

Two-factor authentication (2FA) reduces the risk that hackers can access your network using these stolen or compromised credentials. 2FA requires users to validate their identity by presenting a second security factor in addition to their password. When connecting to a corporate network, users must first enter their computer or VPN credentials, followed by a time-based one-time password (TOTP). This TOTP (usually a 6 digit numeric code) is displayed on users mobile phone in an application called an authenticator. Google Authenticator and Microsoft Authenticator are 2 popular and free apps compatible with both iPhone and Android devices.

2FA makes it extremely difficult to impersonate a user without having access to this second factor. This means that even if hackers were to steal all of your employees’ usernames and passwords, they still wouldn’t be able to access your VPN because they don’t have the 2FA code generated in the authenticator app.

How can I enable 2FA for my company’s VPN?

Every firewall and network is a little different and thus the configuration can vary dramatically. If you are interested in securing your network with 2FA please reach out to TMD Technology Services to assist you in determining the best path forward.

Aside from your VPN we highly recommend using 2FA on all your important accounts including email, banking, website and social media.