5 essential cybersecurity solutions to protect your business from hackers
“It's not about whether you get hacked, it's about when you get hacked,” says Lowell C Macadam, Verizon CEO. No one knows better about this matter than that. In just four months after his company acquired Yahoo!, they discovered that in 2013, the security of all 3 billion user accounts was compromised in one attack.
Despite the embarrassing situation where these cases occur more often, research shows that most companies are not ready for cyberattacks. According to a UK government survey, 68% of company executives were not trained on how to deal with security breaches.
One problem is that executives are reluctant to invest in expensive technology without knowing that it could be an effective defense. After all, if a tech giant like Yahoo! can't chase hackers, what can a typical company have?
Some defenses aren't cheap. Annual subscription costs for sophisticated monitoring systems such as ProtectWise that log all network traffic and can rewind and replay for security analysis, such as virtual CCTV systems, can start from tens of thousands of pounds.
The good news though is that many cyberattacks can be easily prevented in a simple way. For example, the many WannaCry ransomware attacks this year exploited weaknesses in previous versions of Microsoft software that were already provided by the company with security patches.
There are plenty of other inexpensive solutions too. Here are five factors every business should consider:
1. Antivirus software
Threat detection and management software is expensive, but there are numerous options suitable for small and medium-sized businesses with limited resources. Big companies such as Kaspersky, McAfee, and Symantec offer solutions for small and medium-sized businesses that support up to 20-25 devices with an annual subscription fee starting at £115. Services available include data loss prevention, automatic backup, as well as antivirus and spyware, firewall, and privacy.
You can get what you pay for, so it's important to consider the cost of defense and the cost of potential attacks. Kaspersky's cloud-based Endpoint Advanced product, for example, costs £760 per year for 10 users. However, according to the results of a recent UK Department of Digital, Culture, Media, and Sport (DCMS) survey showing the average cost of cyberattacks, all companies averaged £1,570 and large corporations averaged £19,600. If so, £760 might not be a bad choice.
2. Staff training and free information service
Before considering investing in threat detection software, keep in mind that most security risks originate inside an organization, not a criminal or hostile foreign government. According to data analyzed by Willis Towers Watson, two-thirds of cyber breaches are due to employee negligence or malicious behavior, such as leaving a laptop on a train. Only 18% came directly from external threats, and only 2% of blackmail.
StaySafeOnline.org is a free online resource that provides many advice on how businesses can protect themselves, including employee training skills suggestions. Social-Engineer.com also offers some free advice to admins through podcasts discussed by a panel of security experts. It also sells sophisticated employee training modules that simulate real-world attacks.
3. Web performance and security service
Any company running a website without installing performance boosters like Cloudflare or Incapsula is encouraged to install these boosters right now. Basically, the ‘Freemium’ service with a free and paid upgrade option blocks malicious attackers who could manipulate the website's content or close the website.
Cloudflare comes in 3 levels (Pro, Business, Enterprise) after the free version. However, as we celebrate last month's 7th anniversary, installing the free version is not a bad starting point, as hackers offer free protection against distributed denial-of-service (DDoS) attacks that drive excessive traffic to your website.
Another feature these services provide is to block certain IP addresses or hostile bots by setting up a CAPTCHA that requires visitors to enter distorted image characters that cannot be read by a computer before accessing your website.
4. Identity Theft Protection Service
A suspicious figure pretends to be a senior executive, tricking his subordinates to deposit money into his account. Technically known as Business Email Compromise (BEC), this case is growing at an alarming rate. According to the FBI, these fraudulent losses increased 1,300% between 2015 and 2017.
More than just a spoofing account where the perpetrator actually hacks into the corporate email network, attacks are becoming more sophisticated. An economical way to solve this problem is to introduce strict messaging protocols, such as having employees reply to the CEO in a new email instead of simply pressing a reply button.
For businesses looking for tighter defenses, companies like Experian and Lifelock offer emergency response plans as well as credit monitoring and alerting services when customer data is stolen at an annual fee of £113.
5. Economical but clever smartphone app
Today, a lot of sensitive data is lost or stolen as it moves to a mobile device, so it's important to keep it secure. Fortunately, the world of apps is full of new solutions.
Password managers like 1Password can significantly improve security by remembering hard-to-guess passwords, so there is no risk of a series of security breaches by reusing the same password for multiple logins. You can also create passwords for users.
There are services like Signal that can provide free end-to-end encryption for all communications, so you can protect your most sensitive conversations from curiosity.
Finally, Keeply allows employees to store sensitive information such as passwords and photos on a separate part of the phone. It even provides a'face lock' that closes the app when the phone is turned over, and a'fake PIN' feature that makes the app invisible to unwanted users.
0 Comments