Contrary to popular belief, the majority of successful cyberattacks on businesses are due to forgetting to address basic cybersecurity issues.
Often when people think of cyberattacks, they visualise the stereotypical Hollywood hacker, deftly navigating through a business’ network, using high-tech custom devices built just for the attack.
But in reality, cyberattacks are usually far less “exciting”, with companies leaving doors to their IT unlocked for the most opportunist hacker to enter.
Businesses often forget to update or patch software, they forget to set up Two Factor Authentication and VPNs, and they forget to educate employees on passwords and cybersecurity, they don’t install the latest Endpoint Security.
To mitigate this issue, The States of Jersey Cyber Security Task Force recommend that all small and medium enterprises endeavour to meet the Cyber Essentials standard. This government backed scheme outlines the measures you can take (such as mentioned above) to protect your devices and reduce the risk of data breach. But how can you make sure devices are ‘up to date’ while maintaining minimal disruption to the business?
Updates and patches
Updating and patching is the single most effective measure to block hacker attacks on vulnerabilities in systems and software.
But despite the importance of this task, the standard response to an update notification popping up on a screen is to ask the system to remind them later. This process repeats itself over and over increasing the risk of a hacker or malware attack.
It’s this kind of attitude that allowed WannaCry ransomware to cripple NHS systems, and numerous others, last summer. WannaCry propagated through a known vulnerability Microsoft had released a patch for two months earlier, that many organisations simply hadn’t applied the patch.
According to a recent IBM X-Force report, 99% of exploited vulnerabilities had a patch available for over 1 year.
Businesses with the latest patches and software updates installed greatly reduce the attack footprint of their network, stopping attacks before they begin.
For some businesses patch management requires operational downtime, or IT overtime, to roll out patches and updates across multiple and diverse devices.
Businesses need a single solution capable of updating software across the whole network as and when updates are released by the software provider. This will streamline the patch management process, reduce operational downtime and allow the IT team to focus on the more important aspects.
Education on cybersecurity
For years cybersecurity has been considered an IT issue – but the fact is it’s a business-wide issue. If employees follow cybersecurity best practice (using strong passwords, VPNs, avoiding spoof emails and so on) they will be able to reduce the number of cyberattacks on the business significantly.
Running training sessions or even enlisting the help of a specialist cybersecurity professional to provide in-depth training on induction, reinforced on a monthly basis will help businesses to not only educate employees but get them to buy into the importance of cybersecurity.
According to a PandaLabs report, 81% of illicit access occurred because of insecure passwords or the direct theft of passwords, and a June 2018 survey by OpenVPN revealed that 25% of employees admit that they use the same password for every business system they access of a regular basis.
External employees should ensure the use of a VPN to connect to company assets, avoiding public WiFi, and Two Factor Authentication (2FA) whenever possible. Using 2FA, VPNs, strong password policies and employee training should be incorporated into every businesses cybersecurity strategy.
Installing a cloud-based security solution that combines both traditional Endpoint Protection with advanced Endpoint Detection and Response will provide the final layers of protection across all your devices to protect against all types of threats.
It is also now more common for employees to bring personal mobile devices to the workplace. If permitted to use on a corporate network, these devices can become potential entry points for security threats. Endpoint security is designed to secure each endpoint on the network created by these devices.
Selecting a solution such as Panda Adaptive Defense 360, of which leading technical publication ITPro.co.uk commented “Panda’s innovative cloud endpoint protection service fills the gaps other security solutions leave behind” offers SME’s the perfect cloud-based service and support.
Galaxy CI are the first Elite Panda Partner throughout the Channel Islands, certified to provide the full range of solutions. With offices in both Jersey and Guernsey, Galaxy CI are ideally placed to help provide a pan-island IT support service.
Galaxy CI is striving to be a centre of excellence for cloud based and emerging technology and is harnessing this technology to deliver three things to modern business. Improved security, reduced costs, advanced business continuity and sustainability.
For more information contact us here
Managing Director, Galaxy CI