In the Sophos 2021 Threat Report, several major IT security threats were identified that companies need to watch for this year. One of these was ransomware, and another was somewhat surprising. It was the lack of good cybersecurity hygiene.
Despite there being so many warnings and news stories about the rise of malware and other online attacks, many companies simply haven’t adopted or stuck with best practices when it comes to network security.
Companies and users get lax, begin using weak passwords, don’t implement important safeguards, like two-factor authentication, and rarely hold employee awareness training for cybersecurity.
According to the Sophos report, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”
Online Threats Are On the Rise
The online threat landscape continues to get more dangerous every year as attackers take advantage of business changes (like the move to remote employees) and advanced AI and machine learning techniques.
Some of the startling statistics that business owners need to be worried about include:
- In 2020, ransomware attacks increased 485%.
- Firmware attacks have increased 5x in the last 4 years.
- In the last 12 months, there’s been a 27% increase in phishing websites
To keep your business properly protected there are certain network security safeguards you should put in place. Each of them works together to add rings of security around your data, devices, and cloud storage to keep them from being breached.
Do You Have These IT Security Layers in Place?
A layered strategy is a way to protect your company from a devastating malware attack, ransomware infection, or data breach.
The average cost of a cyberattack is $200,000.
These are some of the most important best practices that you should be following to protect your network.
Password Security & Two-Factor Authentication
With most business data and processes in the cloud, passwords have become the main vulnerability. All a hacker needs is an employee’s Dropbox or Microsoft 365 password, and they can access multiple files and do a lot of damage.
It’s important to use a few best practices when it comes to password security. These include:
- Require the use of strong passwords (at least 7-10 characters and a mix of letters, numbers, symbols).
- Have employees use a password manager so they don’t store passwords insecurely.
- Enable two-factor authentication for all logins (it’s 99.9% effective at stopping breaches).
Next-Gen Firewall With Advanced Threat Protection (ATP)
One of the standard network protections that every company should have in place is a next-gen firewall. Firewalls monitor all incoming and outgoing network traffic, apply system-wide security policies, and look for any potential unwanted intruders.
It’s important to use a firewall with ATP because this adds a protective element that can proactively seek out strange network behavior to detect zero-day threats.
Every device used to access company apps, email, and data (including mobile) needs to have a good antivirus/anti-malware program installed.
Managed services add an element that ensures any identified threats are being properly handled and that the antivirus/anti-malware is properly updated and running on all devices.
Remote Team Security
This year, the number of permanent remote employees is expected to double. Telecommuting is a legacy of the pandemic that’s here to stay and companies need to adjust their network security to account for a business network that extends to employee homes.
Some of the remote worker safeguards you should put in place include:
- Business Virtual Private Network (VPN)
- Use of network segmentation
- Remote managed IT support for off-site devices
Email Spam & Phishing Filter
Most malware is spread via phishing emails, which makes it vital to do everything you can to reduce the number of attacks coming into user inboxes.
Using an email spam/phishing filter can drastically reduce your risk of an attack by quarantining suspicious messages, so there are far fewer that make it in front of employees.
Most phishing emails use links to malicious websites rather than file attachments to skirt past anti-malware programs. Another important filter that works hand-in-hand with a spam filter is a DNS filter.
The DNS filter matches URLs against a known list of malicious websites and will block a user’s browser from loading a dangerous site.
Regular Employee Security Awareness Training
Your staff is one of your best weapons against cyberattacks. Knowledgeable employees can spot a phishing attack, know how to manage passwords securely, and don’t do things like email a company credit card number in an unencrypted format.
It’s important to have ongoing security awareness training that’s backed up by regular reminders like posters, short videos, and other awareness efforts. This ensures that employees are armed with the knowledge they need, and it also fosters a culture where IT security is seen as important.
Are You Missing Any IT Security Best Practices? Find Out!
Neuron Computers can help your San Fernando Valley area business identify any potential weaknesses in your IT security and offer commonsense recommendations.
Contact us today to schedule a free consultation. Call 1-818-925-2120 or reach us online.