End-User IT Security Options
At Precision IT Consulting, we deploy a multilayered approach to IT Security. This involves making sure our users have the right EndPoint Protection on there computers and servers that protects them against the latest virus and ransomware threats. This also includes making sure our clients have the best network security in place to help protect them from network security threats. We also make sure the right security policies are enabled on our client's network and that documented policies are in place for end-users.
But, technology alone can not prevent all of the threats small businesses face today. Today ransomware is the most dangerous IT security threat that oftentimes gets companies and government agencies in trouble and on the news for all the wrong reasons. Ransomware uses phishing emails to target end-users so this makes end-users the most vulnerable to IT security threats. Whatever technology you implement with anti-ransomware protection, it is not 100% full proof and there is always going to be an email that gets by your security defenses.
One way how phishing attacks work is an email is sent out with a link to a website that has a virus on it. Once your end-user visits that site, it then now has access to your end-users system and then eventually your network where they can do damage. They often times will encrypt your companies data and make you pay a ransom to decrypt this. Hopefully, your company has a good backup system so you do not have to pay any bitcoin to the hackers but if you do not, then training can help reduce the risk you get ransomware in the first place.
Awareness and End-user training
The lack of awareness by businesses that they are not a target for IT security issues is one of the first steps a business has to overcome to reduce the risk that their business will be hit with ransomware. End-user security training is key to building awareness. For end-user training, you do not have to pay for expensive training, you can implement a solution that is cost-effective and does a good and fun job of training your end-users.
Sophos Phish Threat
Precision IT Consulting is a Sophos partner so the training program we provide our clients is Sophos's Phish Threat solution. Along with complementing the security features of Sophos EndPoint and Network security, what this program does is send out emails to your end-users that resemble phishing emails. It will send them out randomly and keep sending them making them out to your users and if they click on it, it will notify a supervisor and automatically enroll them in online training. See below a video about Sophos Phish Threat in more detail.
The SANS Institute is an excellent resource to learn more about end-user security awareness. They have courses you can pay for or you can just bookmark there resources section. Here is a newsletter they wrote with more information on email phishing and how you can protect yourself against it.
Also, bookmark their video of the month as well.
To learn more about end-user IT training, contact us at (877) 800-6710 Option # 2.
Precision IT Consulting Support Desk
Ransomware, or malware designed to lock up your computers and devices in a way you can’t undo yourself, comprises a threat to businesses large and small. This malware lets attackers hold your devices hostage until you pay them what they demand, compromising your ability to communicate with customers, access files and take orders. These hackers typically demand money, and sometimes, lots of it.
For instance, many attackers use the most recent Locky ransomware variant, which infects computers through spam email attachments, and this malware asks victims for .49 Bitcoin, or about $1,600, for unlocking your device. Locky’s original form wreaked approximately $7.8 million in damages to business in 2016, and this was just one ransomware strain. The FBI estimates that, in general, ransomware cost businesses more than $1 billion in damages in 2016 alone.
The most common victims of ransomware targets remain companies with below-average IT security systems in place, making outdated security measures like a big bulls-eye painted on your company’s valuable data.
This very real threat can knock you out of business for more than a day, and unless you can afford both downtime costs and ransom demands, it could land your business in hot water. According to most estimates, 96 percent of victims lose data access for at least 24 hours.
Luckily, you can stay ahead of these hackers and protect what’s yours from current threats such as the headline-grabbing WannaCry ransomware with just a few simple steps.
1. Backup, backup, backup!
Always back up your data and always keep things fresh. External hard drives, USB devices and CDs all provide great options, giving you an easy way to diversify your data storage routine. This not only keeps your data safe from hackers, but also protects it from user errors and other online and offline threats.
For instance, if your office floods, an extra hard drive kept dry at home or in a disaster-proof safe can get you up and running again in no time. Check out network-attached storage (NAS) devices or a cloud backup service for extra security.
2. Think, and then think again before you click.
Avoid opening suspicious attachments and/or links at all costs when checking your email or surfing the web. The most common way to pick up malware is through email and careless clicking. To save you from yourself, take proactive measures such as configuring your email settings to block dubious attachments with extensions like .exe, .vbs, or .scr. This means you don’t have to worry about accidentally opening them, and when they’re out of sight, they’re out of mind.
3. When in doubt, patch it up.
Keep your software as up to date as you possibly can, including but not limited to your device’s operating systems, antivirus programs, browsers and plugins. Good antivirus software can block thousands of attacks per day, protecting your business in instances where employees get twitchy fingers and accidentally click on something they shouldn’t.
4. Keep your IT department on its toes.
If you are your own IT department, consider investing in a multi-layered defense strategy provided by a reliable company. For example Datto offers comprehensive data backup and disaster recovery solutions specifically for businesses if you want an extra level of security.
5. Stay alert to emerging threats.
Threats evolve quickly in this high-tech age, and sometimes, they spiral out of balance with businesses’ ability to defend against them. For this reason, it behooves you to stay as up to date as possible on the latest ransomware and malware news, putting you ahead of the game and keeping your business safe.
Contact Us To Learn More
The following are considerations when protecting your business's critical data.
Most businesses think if they have antivirus in place, then they are protected. Not a lot of small business take into account the multiple ways you can protect your business. In this brief, we want to talk about vulnerability testing.
Some business finds out they are vulnerable only after they are hit with ransomware or if there were a data breach and client and financial data has been taken.
What most small businesses don't know is they can plan and know what their network vulnerabilities are before the worst happens.
Over 61% percent of small businesses are victims of cyber attacks every year, and one in five them. Companies can take action to know if they are vulnerable without having to face the financial hardship security breaches can cause.
Businesses can conduct vulnerability tests which are a comprehensive audit of a businesses security flaws that a hacker could take advantage of, and the review can outline the potential consequences. The results of a vulnerability test provide information that will allow you to know what your security risks are and help your business plan your security policies moving forward.
Vulnerability test should be done on a regular basis by an outside consultant or in-house IT department if possible. Depending upon the size of business, you should do it every quarter if you are a midsize business, monthly if you are an enterprise business and once a year or every size months if you a small business. There are different types of vulnerability tests and here are the different options.
Pen-Test: A pen-test stimulates an attach on a business's network to test the strength of the security technology in place. With pen-tests, you will have a particular objective (e.g., steal a piece of specific data).
Vulnerability Scan: A vulnerability scan is more general, and it tells you where the weaknesses are in your network as opposed to a pen-test which tells you how bad a specific weakness is.
How often should you pen-test: Different Industries will have different government-mandated requirements for pentesting. One of the more broad-reaching regulations is the PCI DSS test which requires pen-testing every year. It is nice though if you do more than the minimum. You should also conduct a pen-test every time you have:
To learn more about these vulnerability test, please contact us.