2020 saw significant rises in all types of cyberattacks. Attackers took advantage of the disruption of the pandemic, remote worker networks, and the fears surrounding COVID.
70% of organizations with data in the cloud experienced a security incident over the last 12 months, and there was a 667% increase in spear-phishing attacks in March 2020.
The Sophos 2021 Threat Report, which looked at the most prevalent attacks last year and their causes, found that businesses not following cybersecurity best practices was a contributing factor to many security incidents.
The report states, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”
Often small businesses just aren’t sure what needs to be done to protect their business. Several layers make up basic IT security, all working together to keep data, endpoints, and networks from being hacked. If one of those layers is missing, that’s a security vulnerability.
Successful cyberattacks cost businesses of all sizes an average of $200,000 each.
Pro Tech Guy has put together an essential Small Business Cyber Security Checklist below that you can follow to ensure you have all the pieces in place to keep your business protected.
Essential Small Business Cyber Security Checklist
Virtual Private Network (VPN)
The rise of working while mobile along with the large increase in remote working has left a big security vulnerability when employees are connected to unsecured networks.
Since the pandemic began, approximately 20% of companies have experienced a security incident caused by a work-from-home employee.
A must for keeping your data secure, no matter where employees are working from, is a business VPN. A virtual private network encrypts internet connections, making them secure even if on a public Wi-Fi network.
Endpoint Protection
Devices that access and store company data through a network are called endpoints. Those devices (desktops, laptops, mobile devices, etc.) need to have endpoint protection to ensure they’re secure from hackers.
This includes any employee-owned devices that are used to access work data. It’s easy for ransomware or spyware to spread from an infected endpoint through to a synching cloud storage platform. So, just one infected device could end up causing a major compromise throughout your network.
The basic endpoint protection that you should have in place include:
- Antivirus/Anti-malware
- Patch & update management
- Device screen locks
- A way to remotely lock or wipe a lost or stolen device
DNS Filtering
Malicious phishing websites have become a major threat. As soon as an unsuspecting user visits one of these sites through a phishing email link, it can inject malware onto their device or fake a login page and steal their credentials.
88% of phishing emails now use links to malicious sites instead of file attachments to perpetrate attacks. This is because links can often get by anti-malware software.
DNS filtering (also known as web filtering) protects users from visiting a malicious phishing site. It reviews each URL that a user is trying to visit, and if it finds a problem the user is redirected to a warning page instead. This can prevent a network infection even after a user has clicked a malicious link.
Backups
One of the major forms of malware that the Sophos 2021 Threat Report noted was ransomware. Ransomware attacks have become more prevalent and are now being adopted by large underground criminal organizations as a money-making scheme.
When users have a cloud backup of all their data, it’s much easier to recover from a ransomware attack and much less costly. Businesses can avoid paying a ransom and don’t have to lose any time deciding what they should do.
Backups also protect companies from data loss incidents due to natural disasters, hard drive crashes, and more.
Email Spam/Phishing Protection
Phishing emails are the main conduit for all types of cyberattacks. Phishing continues to be a successful way for an attacker to get in front of a user and trick them into downloading malware or sharing their password or credit card details with a fake site.
The increasing sophistication of phishing attacks includes tactics like spoofing the domain of a legitimate company as the sender. These emails commonly trick users, even if they’ve been through awareness training.
An important safeguard to reduce the number of phishing emails making it into user inboxes is an email/spam phishing filter. This application can detect suspicious emails and keep them in a quarantine folder on your mail server instead of delivering them to users.
This can significantly decrease your company’s risk of falling victim to a phishing attack.
Get Complete Cyber Security Protection with Pro Tech Guy
Through our Cloud Care Pro™ and other support, our team of experts can help your Framingham business put cybersecurity best practices in place to keep your data, network, and endpoints protected.
Contact us today to learn more. Call 508-364-8189 or reach us online.