These past few years and particularly these past few months have proven that cybercrimes and cyber-attacks are on the rise. We have seen some of our customers get their e-mail hacked and spoofed which caused some additional fallout along the corporate chain. In order to better protect you and your teams, while hardening your networks beyond the physical layer, we would like to make some recommendations:
Confidential Data
Confidential data is secret and valuable. Common examples are:
- Unpublished financial information
- Data of customers/partners/vendors
- Customer lists (existing and prospective)
All employees should be obliged to protect this data.
Creating a structured backup policy and possibly utilizing an incremental backup platform keeps more than the current day’s data secure.
Protect Personal and Company Devices
When employees use their digital devices to access company emails or accounts, they introduce security risks to our data. We advise staff and employees to keep both their personal and company-issued computer, tablet, and cell phone secure. You can do this if you:
- Keep all devices password protected with Strong Passwords.
- Keep your antivirus software up to date and running
- Ensure you do not leave devices exposed or unattended
- Install security updates of browsers and systems monthly or as soon as updates are available
- Log into company accounts and systems only through secure and private networks that are authorized by your company
- Turn on Two Factor Authentication on all devices and applications
We also advise staff and employees to avoid accessing internal systems and accounts from other people’s devices, or lending their own devices to others. Don’t let your spouse or kids use your company device for their own purposes.
When new hires either receive company-issued equipment or bring their own devices they should receive instructions for:
- [Disk encryption setup]
- [Password management tool setup]
- [Installation of antivirus/ anti-malware software]
- [Two Factor Authentication and Setup]
They should follow instructions to protect their devices and refer to our IT Support or Network Engineer if they have any questions.
Keep Emails Safe
Emails often host scams and malicious software (e.g. , worms). To avoid virus infection or data theft, employees should be instructed to:
- Avoid opening attachments and clicking on links when the content is not adequately explained (e.g., “watch this video, it’s amazing.”)
- Be suspicious of clickbait titles (e.g., offering prizes, advice.)
- Check email and names of people they received a message from to ensure they are legitimate.
- Look for inconsistencies or giveaways (e.g., grammar mistakes, capital letters, excessive number of exclamation marks.)
- Look for the wrong website links than what the e-mail states
- Never respond to a link or contact in the e-mail but rather create a new e-mail direct to the actual sender or call the sender on their published number and confirm that they are the actual sender
If an employee isn’t sure that an email they received is safe, they can refer to our IT support or ask a colleague.
Manage Passwords Properly
Password leaks are dangerous since they can compromise your entire infrastructure. Not only should passwords be secure so they won’t be easily hacked, but they should also remain secret. For this reason, we advise your staff and employees to:
- Choose passwords with at least eight characters (including capital and lower-case letters, numbers and symbols) and avoid information that can be easily guessed (e.g., birthdays).
- Remember passwords or use a secure password manager instead of writing them down. If employees need to write their passwords, they are obliged to keep the paper or digital document confidential and destroy it when their work is done.
- Exchange credentials only when absolutely necessary. When exchanging them in-person isn’t possible, employees should prefer the phone instead of email, and only if they personally recognize the person they are talking to.
- Change their passwords every two months.
- Activate Two Factor Authentication on their major accounts and devices.
Remembering a large number of passwords can be daunting. Possibly purchasing the services of a password management tool that generates and stores passwords. Employees are obliged to create a secure password for the tool itself, following the abovementioned advice.
Additional Measures
To reduce the likelihood of security breaches, we also instruct our employees to:
- Turn off their screens and lock their devices when leaving their desks.
- Report stolen or damaged equipment as soon as possible to HR Department.
- Change all account passwords at once when a device is stolen.
- Report a perceived threat or possible security weakness in company systems.
- Refrain from downloading suspicious, unauthorized or illegal software on their company equipment.
- Avoid accessing suspicious websites.
- Activate Two Factor Authentication
- Use authorized VPNs
Remote Employees
Remote employees must follow these policy’s instructions too. Since they will be accessing your company’s accounts and systems from a distance, they are obliged to follow all data encryption, protection standards and settings, and ensure their private networks are secure.
Transfer Data Securely
Transferring data introduces security risk. Your staff and employees should:
- Avoid transferring sensitive data (e.g., customer information, employee records) to other devices or accounts unless absolutely necessary. When mass transfer of such data is needed, we request that you ask our IT Support for help.
- Share confidential data over the company network/ system and not over public Wi-Fi or private connection.
- Ensure that the recipients of the data are properly authorized people or organizations and have adequate security policies.
- Report scams, privacy breaches and hacking attempts.
Our IT Support/ Network Engineers need to know about scams, breaches, and malware so they can better protect your infrastructure. For this reason, we advise your staff to report perceived attacks, suspicious emails, or phishing attempts as soon as possible to our specialists. Our IT Support will investigate promptly, resolve the issue, and advise if we need to send a companywide alert.
Additional Services
While these measures will help to protect you and your assets, we are able to offer additional services that will harden your network further in an attempt to take and make reasonable precautions to today’s threat. While there is no way to prevent every possible attack, we can at least minimize and possibly mitigate if something were to occur.
Some of the additional services include:
EDR – Endpoint Detection and Response
Keep Your Business Safe from the Latest Threats
Hybrid work is a growing trend that expands your efficiency and improves your employee’s work/life balance, but it comes with cyber risks you need to manage.
You want to protect your organization against cyberattacks that put your employees, customers, and your business reputation at risk. Here’s why Managed Endpoint Detection and Response (EDR) is the best choice now for your IT security and business continuity.
| Managed Endpoint Detection and Response | Anti-Virus Solutions |
| Gain freedom from ransomware by rolling back devices to their pre-infection state. | Can’t roll back to a pre-infection state, increasing your ransomware risks. |
| Use artificial intelligence (AI) to detect and prevent both current and emerging threats, with continual updates to the platform. | Use signatures to identify threats, meaning capabilities lag cyber-attackers’ latest strategies. |
| Configure automated system remediation for fast threat incident response. | Manually gather information / investigate the health of the endpoint and remediate any misconfigurations or unwanted system changes. |
| Monitor processes before, during, and after execution, to prevent new threats from slipping in. | Fly blind during execution, creating an entry point for new threats from savvy attackers. |
| Monitor your systems in real-time. | Rely on daily or weekly scans, increasing your risks. |
| Keeps device performance fast with continual monitoring. | Can slow down your device performance with long scans. |
Risk Intelligence
Risk Intelligence enables companies to quickly and easily perform ongoing risk assessments of Windows computers within their IT environment, calculating the real-time risk of a data breach and assigning a monetary value to it. This is achieved through scans on the target device including the system PCI DSS, Data Breach, Expanded Data Breach, and Security Scans along with the option to create your own custom scans.
DNS Filtering
Stop web threats earlier. Thousands of harmful websites are created each day, and malicious advertising, phishing sites, and other security threats can bypass legacy web filters. DNS Filtering gives stronger protection against these threats, greater network visibility, and user-based reporting from within our dashboard.
Web Protect
As the number of web-based security threats multiply – from Phishing sites, proxies, websites pushing Malware to spyware, adware and botnets – it is vital that you take control of your web security to avoid users accidentally straying onto malicious websites.
With the Windows only Web Protection we can deliver web security, web filtering, and web bandwidth monitoring for our clients anyplace, anytime and all configured and managed directly from our Remote Management Dashboard.
Using UTM Firewall software
Unified threat management (UTM) describes an information security (infosec) system that provides a single point of protection against threats, including viruses, worms, spyware and other malware, and network attacks. It combines security, performance, management, and compliance capabilities into a single installation, making it easier for administrators to manage networks.
Unlike antivirus tools, a UTM system does not just protect personal computers (PCs) and servers. It protects an entire network and individual users by scanning all network traffic, filtering potentially dangerous content, and blocking intrusions. Many small and medium-sized businesses (SMBs) have adopted UTM systems, finding it easier to handle their infosec with a single system, rather than several smaller ones.
We use next-generation firewalls such as the Meraki with the Security appliance software installed to protect our customers from the five primary kinds of threats:
- malware
- phishing and social engineering
- viruses, worms and Trojans
- hackers
- denial of service (DoS)
Back Up and Incremental Back Ups
Our offsite backup service finds and backs up critical business documents on workstations, helping protect you from data loss when full workstation system backup is not an option. It’s the easy, automated, and affordable way to provide basic protection for your important business documents.
Key details:
- Document backups are stored in a private cloud
- Unlimited storage space is available
- Backups automatically run twice per day
- Backups are verified; automatic 28-day retention provides you with 56 restore points for recovery
- Your employees can retrieve files from the cloud on their own without needing to call our help desk ; however, our help desk technicians are always available to assist if needed
The experts at PSN have the skills and experience to help. Please contact me for more on how PSN Technology can help your business.
Philipp Emma | philipp@psntech.com | 313-792-8082 x 202
Recent Comments