Cyber Security Why You Should Care

What Is Cyber Security? Cyber Security is the technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.

Why is Cyber Security important to my business? This year 40% of small to medium size businesses who manage their own networks will have their data accessed by a hacker. 50% of these will not even know they were attacked (Source: Gartner Group) 20% of small businesses will be hacked within one year (Source: National Cyber Security Alliance) You can be held liable for your clients data A data breach can be devastating to your business The result of a cyber attack on your business could cost you thousands…or even your business. (60 percent of small companies go out of business within six months of a cyber attack.) Your data is the only thing that your insurance CANNOT replace 71% of all data breaches are waged against companies with less than 100 employees (www.inc.com). The average cost to recover from these attacks was $7500 - $36,000. Depending on your industry and your client base you may be required by law to be compliant (PCI, SOX, HIPAA, etc…) It is best practice to be take the same measures to protect your data – Even if you are not required to by law. You are still responsible for your clients data.

Why ME? I’m not Target or Home Depot! In almost all cases Cyber Attacks are not targeting your business. Cyber Attacks are a crime of opportunity. Hackers have software that automatically tests random websites and networks for vulnerabilities while logging the results so that the hacker can attempt to break in later. In most cases they are not even aware of who they are attacking until they have gained access to your your data. There is a 100% chance that 1 out of 10 users will click a malicious link sent via email infecting your network with a virus.

Common Types of Attacks Intrusion Attempts – A hacker tries to penetrate your network using various methods. Successful attempts are usually the result of a known vulnerability that could have been prevented by simply updating your software. RansomWare – An infection that is typically spread through infected emails or websites disguised as legitimate. These infections encrypt or lock your data requiring that you pay a ransom to regain access. These infections typically infect a users workstation and then spread to shared network resources such as your server. Denial of Service Attack – An attack that sends useless traffic to a specified network overloading the networks capacity which in turn brings the network to a halt. Virus – An infection that can have varying payloads ranging from nothing more than a nuisance to deleting or damaging data. Malware – Malicious software that may have been installed under false circumstances. Malware can be a nuisance, damage or delete data or collect data and provide it to a third party all while creating a major performance deficit on your machine. Man In The Middle Attack - A hacker intercepts data between two users and manipulates the data. The users are not aware. This is commonly used to intercept communications including payment information allowing the intruder to change account numbers or routing numbers sending the payment to an alternate location.

Important Facts In the early days of Cyber Attacks a good solid antivirus program was all you needed. In todays environment, a multi-tiered approach to Cyber Security is required. No one solution is sufficient. Not all security products are created equal. Patching your software and operating system is critical. Employing a true enterprise firewall is critical in the protection of your data. Encryption is no longer optional. In fact – some organizations are required by law to use encryption. An enterprise spam filter is a must in preventing viruses and other malicious data into your network. Backup is a non negotiable necessity! Antivirus still plays an important role in protecting your data. Web content filtering can help protect your network while also increasing the efficiency of your users.

The 8 Must Haves Of Security Antivirus Firewall Patching Web Filtering Encryption Enterprise Email Filtering BACKUP Real Time Monitoring

Antivirus Antivirus is very much required although it is now considered the last line of defense. Antivirus needs to be monitored and updated regularly to remain effectiveness. Scheduled scans as well as real time scans can help catch a threat before it becomes active. Remember – All security products are not created equally. This includes antivirus products. Enterprise monitored antivirus products can cost as little as $24/year.

Firewall Firewalls prevent exposure to attacks. Firewalls play an important role in security by monitoring incoming and outgoing traffic for your network. Firewalls inspect this traffic identifying potential viruses and malicious attacks and take action automatically. Firewalls need to be monitored and maintained ensuring they are up to date and have detailed rulesets defined for maximum security. Small routers such as Linksys, Netgear and D-Link are not sufficient firewalls and have no intrusion prevention system or virus scanning capabilities. These devices should never be used to protect your business. New generation firewalls in most cases include web content filtering allowing you to restrict access to website categories or specific websites greatly improving network security and employee efficiency. These devices are very economical. It is best practice to have your firewall monitored as well as regular reporting to alert you of anomalies.

Actual Data From Firewall Report

Patching Even if your systems are working fine – You must patch! By not patching you are leaving the door open for malicious software or exploits to take advantage of newly found flaws in your software or operating system. On average more than 20 new vulnerabilities are identified each day. It is estimated that more than 80% of all pc’s are missing critical patches or updates. Patching should be done routinely. Patching should be monitored and confirmed.

Web Content Filtering Web content filtering prevents exposure to malicious software and websites. Content filtering prevents access to potentially dangerous websites. By creating filtering policies you are able to gain control of your network allowing increased security and efficiency. Reporting allows you visibility into your security. You are able to use the report data to improve policies and employee efficiency.

Encryption Encryption is a method of protecting data using a series of keys to code and decode the information. Encrypted data is completely protected…well almost.. even it is stolen. 256-bit AES encryption would take a hacker a lifetime to crack using the brute force method. Even the hacker’s grandchildren wouldn’t live long enough to decode the data. Email encryption allows you to transmit data securely. (Man in the middle attack). Who is looking at your email when in transit? Ensure compliance - All compliances require data to be encrypted.

Enterprise Spam Protection

Backup Your backup should require no human interaction. Your backup should be monitored and tested weekly! Over 50% of companies managing their own networks. is the MOST important part of your security plan. 93% of companies who lost access to their data for more than 10 days files for bankruptcy within one year. 50% filed immediately. 31% of companies who lost their data completely went out of business within 1 year. Backup is your last resort. Your data cannot be replaced. 77% of users who backup their own data had backup failures when tested. 100% of all hard drives crash! You must have a sound disaster recovery plan.

Things You Can Do Immediately Use strong and secure passwords Purchase Cyber Insurance (Do everything in your power so that you never have to use it!) Have your network security tested Budget for IT! Your data and network infrastructure is critical to your business. Consult with an expert to determine where your weaknesses are.