Individual, small businesses, and up to global corporations are all a target for ransomware, phishing, and advanced persistent threats. A successful attack can be terrible costly, and not just financially. Brand reputations and professional reputations can be damaged beyond repair. The good news is, there is a lot you can do to reduce the risk.
- Understand the targets: A common misconception is that small and medium businesses (SMBs) are not attractive attack targets. This is not the case. Research suggests the opposite. Everyone is at target and no company or bank account is exempt.
- Secure all internet threat vectors: Modern, advanced attacks exploit multiple attack vectors including user behavior, applications, and systems. The six main attack vectors are email, web applications, remote users, on-site users, the network perimeter, and remote access. A comprehensive security posture should extend across all these vectors.
- Secure all attack surfaces: The clear business benefits of migrating to virtual and cloud environments means that hybrid networks are increasingly the norm. Effectively securing cloud or SaaS-based applications like Office 365 requires a comprehensive solution designed to centrally ménage hybrid networks.
- Educate your users: User behavior can be your single greatest vulnerability. Good security is a combination of enforcement monitoring, and user education – especially against threats like phishing, spear phishing, typo-squatting and social engineering.
- Don’t forget your remote workforce: The mobile revolution drives productivity, collaboration, and innovation, but it means much of your workforce is outside the network perimeter – often connecting via personal devices. This creates a huge potential gap in your security if not properly protected.
- Keep your systems updated: When vulnerabilities in platforms, operating systems, and applications are discovered, vendors issue updates and patches to eliminate them. Always make sure you’ve installed the latest, on all potential attack surfaces. And never use obsolete software that is no longer supported with security updates.
- Detect latent threats: Clean house! Your infrastructure likely contains a number of latent threats. Email inboxes are full of malicious attachments and links just waiting to be clicked on. All applications must be regularly scanned and patched for vulnerabilities.
- Prevent new attacks: With today’s evolving threat landscape, sophisticated, targeted, zero-day attacks are coming your way. To stop them, you need advanced, dynamic protection with sandbox analysis and access to up-to-the-minute global threat intelligence.
- Use a good backup solution: A simple, reliable backup systems lets you recover from many attacks within minutes or hours, at a very low cost. When data is corrupted, encrypted, or stolen by malware, simply restore from backup and get back to business.
- Keep management simple: As both networks and threat landscapes grow more complex, it’s easy to let security management become a major burden on IT staff. And with complex, disjointed management come more oversights that cause security gaps. Minimize both risk and cost with a simple, comprehensive solution that provides security administrations and visibility across your entire infrastructure.
Some of these tips may be more challenging to implement than others. Training all your users to practice safe computing – and maintaining that training and awareness over time – may be the most difficult, but it may also bring the greatest benefits.
JOIN THE CONVERSATION
Share your thoughts and questions in the comment section below. To get the latest news from PCM, follow @PCM on Twitter, join us on Facebook, or connect with us on LinkedIn. To get the latest news sent straight to your inbox, join our newsletter.