A recent report by research firm, CyberEdge Group, found that 85.7% of Canadian organizations experienced at least one cyberattack within a 12-month period in 2021. The reality of this statistic is that for most organizations, no matter their size, it is only a matter of time before an incident impacts their business. The best strategy to have, as an organization, is to be prepared for an incident.
As IT Service Providers, here are some of the areas that MicroAge recommends our clients implement to prepare their organization for defence against cybersecurity attacks.
Having a consistent and effective patching process is an important part of mitigating the risk of a cyber-incident. Patching remediates vulnerabilities in operating systems and applications. Additionally, organizations should be aware that older technology may be a security risk when it is no longer supported by the developer or manufacturer. Since the technology is no longer supported, no patches to remediate any bugs or vulnerabilities are released. Bad actors will find and exploit these open doors.
2. Configuration and Management
Many of the attacks that have taken place in the recent past have been the result of misconfigured firewalls or mismanagement of the technology on a network’s edge. It is important to ensure that organizations have the right technology that is properly configured, monitored, and managed to ensure that they continue to be updated, properly configured and secure.
3. Protect Email
Phishing is still one of the leading causes of system breaches. Ensuring that the right technology such as, email spam and malware filtering, blocking of nefarious websites, employee cyber awareness training and testing programs as well as other solutions and services, are put in place as they are crucial to the security of organizations.
4. Endpoint Protection and Monitoring
It is important to have an endpoint protection and response solution to watch for abnormal behaviours and responding to events. Just as important is monitoring the endpoints to make sure that malicious events are taken care of quickly and effectively.
5. Website Usage
As pointed out earlier, a solution is needed to block nefarious websites as well as websites that are known to be infectious such as gambling or adult entertainment sites. However, extending that to putting in policies internally so that local administration accounts cannot surf the internet in addition to good patching hygiene must also be put in place.
6. Password Policies
Requiring complex and minimum length passwords is important to a good password management policy but remember that as the sophistication of bad actors increases, these requirements change. Staying up to date on these requirements is important. You can also invest in a secure password management solution. Adding multifactor authentication (MFA), and least privilege solutions and policies make it even harder for cybercriminals to gain access to systems and applications. All these policies and solutions must also apply to any remote desktops (RDP) or virtual desktops. Do not leave them vulnerable.
7. Restrict Traffic
Do not allow unrestricted traffic through your virtual private network (VPN). It is very dangerous and a big security risk to have VPN accesses without multifactor authentication, access controls, segmentation of the VPN and zero trust policies.
Whenever and wherever possible segment networks, specific machines, and processes to protect your environment and avoid widespread infection to critical systems, applications, and processes.
9. Limit what your own people can do
If your internal people are given accesses to all of your systems, then, if a cybercriminal gains control of their account, they will have access to all of your environment and can cause widespread damage. Limiting accesses internally can limit the damage done by cybercriminals.
These are but a few of the tips to ensure your business minimize the risks of a cyber incident. There are other services, solutions, and policies such as documentation and log preservation, that can help in preparing for an incident.
Call MicroAge today to learn more about how we can help you.
If your system goes down?
If your system goes down, will your business continue? Sometimes you don’t stop to think about this until it’s too late; if your business is…
3 Reasons To Trust MicroAge With Your Cybersecurity
Cybersecurity has always been a concern for businesses, but the threats we all face are only expected to increase. By 2020, the average cost of…
3 ways to control your IT costs this summer
As the COVID-19 pandemic took the world by storm a few months ago, one of the results from the forced confinement by authorities was the…
Why Data Backups Are Vital To Protect Your Business Data
When you lose data on your home computer, you may lose receipts, banking statements, and treasured memories. However, when you lose data on your office…
Key Cybersecurity Requirements for Cyber Insurability
When an organization or business becomes a victim of a cybersecurity incident, having cybersecurity insurance can help with some of the costs that are associated…