Optimum Networking Cybersecurity Blog 2021
Much has been communicated about cybersecurity over the past several years. Blogs, whitepapers, workshops, and entire conferences have been dedicated to this subject. The information ranges from highly technical to alarmist “scare tactics”. This blog will strive to deliver the information in layman terms and realistic threat parameters. The question remains for the small to mid-sized business owner: “what reasonable steps do I need to take to protect my employees and clients?”
The answer to this question varies greatly, depending on your industry, regulatory requirements, how much personal information (PI) you handle. The proprietary nature of your business is also a factor.
ALL businesses, including yours, must address these key areas:
- Layered Security
- Cyber Liability coverage
Cyber threat awareness is the most basic element, and it can be the most overlooked. You as a business owner may be very conscious of the threats out there, but what about you employees? Your vendors? Even your clients? We know that human error is the #1 cause of all security breaches. Think of it this way: you could spend thousands of dollars on the most secure vault in the world, and it will not do any good if someone leaves it open or puts the combination on a sticky note next to it. You educate your employees about many things from customer service to company policies. Cybersecurity awareness training may be the most critical point you address today.
It is also incumbent on you as a business owner to understand the regulatory requirements of your industry. Whether it be HIPAA for health care companies or CMMC for DoD related industries, you and your security provider must be to be up to date on the ever-shifting rules and regulations and be prepared for reviews and security related audits.
You, as a business owner, might be looking for the “magic bullet” to address all their cybersecurity needs. You may say “I have a firewall”, or “we have installed antivirus”. “Isn’t that enough?” The truth is that unless you have a multi-tiered approach that fits your business and how it operates, you probably need to do more. Here are some points important to consider:
Is your firewall considered “next-gen”? Is it up to date on current threats, policies and patches? If it is five or more years old, chances are it is not. Firewalls require constant policy updates and patches to remain secure. Monitoring the firewall on an ongoing basis is also critical. Despite this, a firewall is helpless to protect employees working from home or remote locations. If these employees are breached, the bad guys can use them to bypass your firewall and violate your most valuable digital assets.
Antivirus is also a necessary layer of protection; however, unless it is updated and monitored on an ongoing basis, it will not stop an attack. Additional layers of desktop protection are available including DNS protection, malware scanning and detection, internal monitoring, and most important Multifactor Authentication (MFA). We’ve all experienced MFA when we log into a secure site online and the system sends a code to our mobile device. Some consider this an inconvenience while others see this as important protection from a cyber-breach. MFA tools are available for all business and are an essential layer to your cybersecurity platform.
The need for secured, monitored, offsite backups has always been a reality. Hardware has a risk of failing. Systems age and can experience failure. Environmental hazards come into play. Human error occurs with alarming regularity.
Now, with additional cyber threats, backups have become even more critical. A ransomware attack—a hacker’s tactic of locking down systems and demanding payment–can be thwarted with a proper backup strategy. At minimum, a local backup is needed. This backup needs to be replicated offsite and the process needs to be monitored and tested on a regular basis. For more information about backups and data recovery options, click HERE for a previous Optimum Networking Blog Entry.
Cyber Liability Coverage:
Cyber liability coverage is another basic requirement. If you are in business, your facility, your equipment and even your key employees should be insured against a natural disaster. Why? Because if you lost any of these things, or any of them were damaged for a considerable amount of time, you could lose your business.
The same is true, and even more critical for your information systems. Your business relies on them, and they are not only under the same threat of natural disaster, but they are also under relentless attack (see the cyber threat awareness section). Please contact your business insurance provider to make sure you are covered, and if you still have questions, we can put you in touch with experts who can help.
Awareness, layered security, backups, and cyber liability. This may seem overwhelming, but rest assured, we’ve got you covered. The cybersecurity plan offered by Optimum Networking covers cybersecurity awareness training and layered security. It also includes secured, monitored backups. You will find that this protection will help reduce the cost of cyber liability insurance. Someday soon, services like this may be required for all business to qualify cyber liability insurance.
Please remember that you are not in this alone. Click HERE (Please provide link to Free Network Assessment Form) for a free network assessment or call/email us at [email protected] 720-248-3580 x2.