October – Cyber Security Awareness Month
Written by Scott Miller, Director of Professional Services
Since 2004 the US President has declared October as Cybersecurity Awareness Month.
On one hand it’s great that attention is being drawn to it, but in reality, it’s a shame that cybersecurity doesn’t always get the attention that it requires.
One of the largest breaches last year cost T-Mobile $350 million dollars. This year has already seen Toyota, Samsung, Cisco, Apple, Twitter, Uber, American Airlines and Meta breached and those are just a small sampling of the reported incidents.
A Rounded Cybersecurity System environment
Unless your business only uses pen/paper or a stone tablet with a chisel and passes on the use of computers or the internet, there is currently not a single product that magically protects your environment.
There are, however, cost effective solutions that can be teamed together to aid in protecting your office.
Business Class Firewall – All firewalls are not equal. Ideally a company needs a business grade firewall that has built in Anti Virus, whitelisting, blacklisting, DNS filtering and Botnet scanning.
AI based Antivirus software – Many antivirus software products still use indexes on a computer that keeps records of known viruses. If a computer is breached and has the local file compromised, then the system is effectively shut down. An AI based system monitors the computer and detects if something out of the ordinary is happening and quarantines the files that are disrupting the normal workflow.
Dark Web Monitoring of emails – Many breaches start by capturing credentials outside of your company walls because our human nature is to simplify things. Often times, employees use the same passwords for both internal and external systems. Having a system that can monitor if a company email address is breached at a third party site can give you an early warning system to change credentials and keep things secure.
Cyber Training and Phishing Tests – Even though the majority of breaches occur with the involvement of an employee, training employees often takes the back burner due to time constraints and the hassle of tracking the education. Its an interesting approach when cybersecurity training is needed for many compliance programs including Cyber Security Insurance, HIPAA, and NIST. Trainings can be as quick as a 30-minute video and many systems track if an employee completes the training. Following up the training with a test to see if they follow what was taught is icing on the cake.
Security Operations Center (SOC) – The thought of a Security Operations Center can make many small/midsize businesses cringe, but the reality is that there are many companies now providing the same offerings as a service. The Security center will monitor all devices on your network, your firewall, and cloud-based environment for any nefarious activities or breach attempts. Many of the systems will be able to lock down a single device immediately if it is breached and will also provide the required resolutions for the incident to your computer technician.
Companies are constantly being targeted by entities that are trying to breach and acquire the data that resides on computer systems and many companies are left unprotected.
The main reason we have seen that companies are not protected is either a lack of awareness in what’s needed or that the company feels that the cost to implement security systems would be to costly.
While the reality is that the cost of going out of business would be worse than implementing a solution… the truth is implementing needed security systems to prevent a cybersecurity breach is not as expensive as most fear.