Enhance Your Cyber-Hygiene: The Sequel

Any organization that neglects cybersecurity is taking a considerable risk. Just look at what happened this month in Las Vegas. My bet is that most of us can't afford to gamble with our business. It was reported that Caesars paid $30 Million to the hackers just to get them to "promise" not to public the information they stole! Cyber insurance will cover part of that, but as we know, you need to have excellent cyber-hygiene to even apply for cyber insurance.

A cyberattack can have serious consequences, causing some businesses to shut down completely. These are incredibly high stakes. As mentioned in our previous edition, there are several straightforward and affordable methods for protecting your business.

In full disclosure, Crown Business Solutions, our company's Business Solutions division, offers these and other technologies for all sizes of businesses.

For those of you who missed our last (extremely informative) overview towards great Cyber-Hygiene, here is a recap of those first four recommended solutions: (The original article is also available on LinkedIn and at www.crowngroupus.com/blog )

·??? Multi-factor Authentication (MFA)

·??? Endpoint Detection and Response (EDR)

·??? Secured and Tested Backups

·??? Privilege Access Management (PAM)

?

Below are the remaining eight steps to help you sleep better knowing your business is protected:

1. Email filtering and web security - The Majority of successful hacks are achieved by sending a file via email to employees and hoping that one of them unknowingly allows the nefarious file to load onto the network. This backdoor gives the hackers free rein to all sorts of files and information. This is one of the top defenses you should have in place at any company... even at home.
2. Patch Management & Vulnerability Management - A turnkey system that remotely scans all your hardware and applies the latest security patches, while also scanning for any known threats.

1. Cyber incident response planning & and testing - Like any important project - "PPPPPP" - Prior Planning prevents P!$S Poor Performance. You wouldn't release a product, launch a business, or open a new location without a proven and tested plan; the same goes for your data and network. You need to have a plan of response should an incident occur, and like a fire drill, you need to practice and test it regularly. Luckily, there are services that provide this system for you.
2. Cybersecurity awareness training and phishing testing - Awareness training is a very effective tool. Our workforce population ranges in age and technological savvy. One should not assume that all their employees are really savvy in how the criminal element works, especially when it comes to technology. It could be a costly mistake. The testing aspect of this service sends emails that should be identified as suspicious to see if they get past filters and employees. If so, we know where additional training or resources are needed.
3. Hardening techniques, including Remote Desktop Proposals (RDP mitigation) - Remote working and remote file storage is a blessing and a curse. By allowing us the freedom to access files from anywhere, it frees us from having to work at a specific desk or location, but it also makes those systems more vulnerable to unauthorized access. This technology helps to identify real users and limit their access to the files they need. This is an oversimplified explanation, but enough for this overview.
4. Logging and monitoring/network protections - Like any restricted area, monitoring who accesses it and when is critical to maintaining the safety and security of what is inside. Think about the keycard vs. the mechanical key; now apply that to data instead of your office door.
5. End-of-life systems replaced or protected - Simply put, the older the technology in use is, the more vulnerable it is. But when does it justify the cost of replacing that hardware versus keeping it in service? Some of us lease a new car every few years just so we never have to worry about this. Others maintain and repair it for as long as it makes sense to keep it. Do you need to upgrade your computers and servers? There is a formula that can tell you when old is too old, for technology.
6. Vendor/digital supply chain risk management - This is a simple solution to implement. Essentially, it is a risk management assessment of purchased technology packages that you have in place. It identifies when a solution might be at risk and if it needs to be updated or replaced. This is usually an add-on service included in many cyber-hygiene packages.

While many companies offer cyber solutions, there is no one vendor that can do it all. A Technology Solutions Broker, like us, can help integrate the multiple solutions needed so you don't have to figure out what applications, software or hardware work best together to help protect your business.

Depending on if you have your own in-house IT person, a full IT department, a part-time or "on-retainer" IT service, or no one at all, will determine which solution packages are the most appropriate for your business. The great news is that solutions are available for all of those scenarios. In the end, taking action to improve your business' cyber-hygiene will ultimately save you money and headaches while giving you the peace of mind you need to grow your company.

David I. Bacall is a renowned security expert. He currently serves as the Chief Solutions Architect for Crown Business Solutions, a division of the Crown Group of Companies, where he consults with business owners on physical and cyber security solutions and offers telecom, call center, data, and security technology solutions. Crown's experts collaborate closely with you to decrease your vulnerability to cyber threats while watching your budget and needs.

#cyber #cybercrimes #cyberhygiene #business #businessowner #pam #edr #mfa #ransomeware #mentalhealth #trauma #terrorism #it #forbes #digitallandscape #tips #tech #technology #antivirus #smb #security #executive #risk #data #breach