You have client or customer data in your possession. It is part of running your business in a digital marketplace. If that data is breached, it could permanently damage your reputation. We talked in an earlier blog about types of malwares. There are many steps that you can take to protect your systems and data. Here are a few suggestions to protect your business from malware.
Consider a Managed Security Service Provider (MSSP)- Cybercriminals are very sophisticated and every day are releasing new, cutting-edge tools to attack businesses and individuals. Small- and medium-sized businesses do not have the resources to staff an IT department sufficiently to be aware of all the newest tools and technologies needed to protect a business. For example, a business owner cannot possibly keep up with the changes and details of tax laws. Doing it themselves, they would likely overlook important tax advantages or inadvertently break some IRS rule. As a result, tax preparation and accounting above the level of basic bookkeeping is outsourced to an outside accounting firm. You should consider looking at IT in the same way.
Updates- Always update your software. There will always be vulnerabilities in every bit of software that you use. Creators of software are constantly upgrading to close holes that could be exploited. Being attacked by malware because you are behind in upgrades is an avoidable error. That said, given the sheer volume of software applications accessing your network, you should consider outsourcing the administration and enforcement of this process.
Multi-factor authentication- Everyone is increasingly encountering MFA. This tool requires a second level of authentication to access an account or use a program. Generally, it involves entering a password then following up with a token you might be sent via text or email, or using a biometric measure, such as a fingerprint. An MSP can provide applications that can set up MFA to protect your data.
Access Control- You don't give out keys to your house to everyone you know. Why allow all employees or vendors to access all your databases or programs? Instead, follow the Principle of Least Privilege. That is, everyone only has access to accounts, databases etc. that are necessary for them to do their assigned tasks.
Backups- Everyone knows they need to do backups, but handling these is more than just downloading data to a hard drive every evening. An MSP can provide you with the tools needed to handle backups appropriate to the needs of a business operation.
Employee education- This one cannot be emphasized enough. The individuals in your organization are your first and most critical line of defense against malware. As mentioned above, many types of malwares need user action to get into your systems.
Here are some areas where training can help.
Phishing emails. These are mails that appear to come from legitimate sources but are faked. Because the reader trusts the sender, they naively open a link that might be attacked which then downloads some forms of malware.
"Lost" USB.- Too often, individuals will find a USB drive left near a desk or dropped somewhere. The temptation to insert it into their computer to see what's on it can be very hard to resist. (This was part of what caused the Target data breach)
Password etiquette- Define standards within your organization about acceptable passwords. An MSSP can help you set up programs that require employees to create passwords that meet your defined criteria. Also, consider fostering a culture that makes the sharing of passwords a performance issue that will be addressed by an individual's supervisor.
Endpoint Detection and Response (EDR)- This is a solution an MSP can provide you with. At its basic level, EDR is a proactive approach to anti-malware software. EDR constantly looks at all the endpoints in your network, tracks behaviors and identifies anything out of the ordinary. For an individual, anti-malware software may be sufficient. For a business that has multiple endpoints, this is not sufficient. (Think dozens of employees connecting remotely via their own computer or smartphone). In a sophisticated business's IT infrastructure, there are many endpoints which need to be evaluated.
In summary, there are many ways that an SMB can approach defending itself against malware. Some of these, such as employee training, can easily be done in-house. Others require a depth of experience that only your MSP can offer.
To learn more about how SafePC can help, Contact Us