IT & Cyber Security 101

IT Best Practices for Small Business Cyber Security and Business Continuity

In today’s technology landscape for business, cyber security and business continuity are paramount to preventing data loss, revenue losses from system downtime, and the worst-case scenario loss of all business data. This can seriously impede a business or as the statics state. At this time there are many ways that bad actors can interrupt your business functions such as but not limited to the following.

• Password Stealing – This is one of the most common as they either figure out your password by various methods (guessing, dictionary attack, brute-force) or they can hack public sites and steal your password for those sites and hope that you use the same password everywhere else.
• Phishing – This is an email born attack where they try to spoof (imitate) someone in the company like the CEO to ask the user to provide financial information of other things like gift cards.
• Ransomware - Malware is written to exploit vulnerabilities int the system. The ransomware then encrypts the target's workstation. Usually, the system is held hostage until you agree to pay a ransom to the attacker, but this is not guaranteed.
• DoS and DDoS Attacks - A denial-of-service (DoS) attack is designed to overwhelm the resources of a system to the point where it is unable to reply to legitimate service requests.

With all these different types of attacks one might ask what can I do to secure our systems and how much is all this going to cost? Well, for some things you can do it will be no or low cost and for others it can cost quite a bit but the benefits far outweigh the consequences. To review here is a list of recommended practices that IT departments should employ to protect the business.

Low to No Cost solutions,

1. Update your software
   Updating software is an easy way to help prevent some forms of cyber attack. Most times this will be free but you should also keep up on maintenance fees for software and have an update plan in place to keep the software current and patch any security vulnerabilities.
2. Create strong passwords and use MFA (multi-factor authentication)
   You should use hard to guess passwords that contain numbers, characters, and special symbols. Passwords should be required to be changed every 2-3 months at a minimum. Your business should also employ MFA which is a second layer to logging in. MFA is getting a code via email, sms, or app after you enter your password but before the system will allow you to log in.
3. Train your employees
   Let’s face it, all the security, anti-virus, firewalls and backups are great but the best frontline defense against an attack is to not fall for the attack in the first place. Some of the other techniques only mitigate the problem where Savy employees can prevent a cyber attack by recognizing key components such as phishing emails and suspicious downloads/attachments.

Medium Cost solutions,

1. Email Spam/Phishing Service
   A good email spam service can filter out a vast majority of phishing attacks and virus laden emails. Since these emails never reach the end user it really helps in the prevention of becoming a cyber attack victim.
2. Anti virus / Malware software
   Anti-virus / Malware software has two main functions, to prevent viruses from getting onto your pc and to remove them if found.
3. Backup
   Backups can come in a variety of forms all moving up the ladder in cost and complexity. From simple to more complex your options are:
   File backup: backing up your database or business files to and external drive or cloud storage. Full Server backup: Backing up your entire server to an external drive or cloud storage. This allows you to restore the server to the backup state from the previous nigh should you have an issue.
   Incremental Server Backup: Backing up this way occurs more frequently during the day to reduce the data loss as backups can be hourly or every 15 minutes or so. Tis way when you restore you can pick a closer time so you lose less data or work.

Higher Cost solutions,

1. DRaaS (Disaster Recovery as a Service)
   DRaaS solutions are better than Backups and offer an important advantage. With DRaaS, all critical components are replicated to the cloud for short-term retention. This includes the application(s), data, and networking. In the event the production data AND physical infrastructure is compromised (i.e. through flooding, fire, cybercrime, etc), the DRaaS environment provides a complete secondary environment to run production applications. Basically, your entire IT infrastructure is copied and ready for use on demand.

All in all, whatever cyber security approach you take from simple to complex a business can no longer afford to ignore this important component of IT.