Cyber-Attack! Are You Prepared?
Companies are constantly under attack. Malware, Ransomware, Phishing, and Password attacks are just some of the ways that the bad guys try to gain access to your systems to wreak havoc on your operations and threaten the security of your data. The top 10 common types of cyber-attacks also include MitM and SQL injection attacks.
Have a Plan
Have a plan for when it happens. Build a team, identify vulnerabilities, prioritize systems, and define roles so everyone knows who is accountable for what actions once exposure has occurred. Define and document the key objectives of the plan, establish baselines, and set a cadence for reviewing, updating, and testing the plan. Ensure you include communications as part of the strategy for not only if/when you need it, but also to communicate and educate proactively to help prevent an attack from being successful. Your company is not too small to be at risk! Even if your organization isn’t large enough to have a CISO, someone must be accountable.
If you haven’t already, strongly consider implementing two-factor—or multi-factor authentication across your organization. This requires anyone trying to access your systems to verify that they are who they say they are through another process other than just typing in a password.
It happens all the time. Employees are tricked into opening an attachment, clicking a link, or taking another action based on a request that appears to be from a known source, putting your company at risk. The cybercriminals have gotten bolder and better at making emails look legitimate; even hovering over hyperlinks requires more attentiveness.
Educate your employees continuously with a training service like KnowBe4, a security awareness training program, to keep your last line of defense (your users) aware of the tactics used by cybercriminals. I say “continuous” because consistency is key in keeping security top of mind. It is important to train people to understand that careless actions can have harmful and lasting consequences.
KnowBe4 also provides simulated phishing attacks, so your IT department can quickly identify individuals that are more vulnerable, as well as the overall effectiveness of the program for your company.
Leaving password security up to your users is risky. Consider standardizing on a password management tool so employees only have to remember one password, making it less likely that easily accessible documents storing passwords get into the wrong hands.
Also note that even when encrypted, password databases that are compromised as a result of an attack are an asset to criminals. This is where two-factor/multi-factor authentication becomes a huge benefit.
Consider Azure Backup
In the event of a ransomware attack, you don’t want to be in a position of having no choice but to pay the ransom. And when it comes to business-critical systems like your ERP, you could very well end up there. Consider a secure, cloud-based backup service like Azure Backup, which is secure, simple, and gives you access to your software and data whenever you need it.
Keep the cybercriminals from being successful! Protecting your company is not a one-and-done practice. The threats are real and become more sophisticated every day. And while this post isn’t all-inclusive, the hope is that it has provided you with some basic steps you can take to get started protecting you (and your customers) from a malicious attack.
Learn more about ArcherPoint, a Microsoft Dynamics Gold certified partner.