The pandemic hasn’t only fueled a work-from-home workforce, it’s also caused a steep rise in cyber threats. In the third quarter of 2021, ransomware attacks increased by 148%. And during the first half of the year, phishing volume jumped 22%.
These are just two examples of rising cybersecurity threat numbers and illustrate the increasing danger for businesses of all sizes. Just one data breach, account takeover, or ransomware infection can cause a company to go down for days. Many small businesses never recover.
Your data and network security are two of the most important things you need to protect to ensure your continued business continuity and profitability.
But many small businesses think that a simple antivirus is enough to protect their employee computers. They’re still in the mindset of threats being wrapped in a convenient malware or virus package that their antivirus will catch for them.
However, those types of malware are just a small part of the myriad of threats that attack companies today. In fact, the main cause of data breaches has become credential theft. In 2020, it was responsible for 20% of breaches globally.
This is why it’s important to have a multi-layered cybersecurity strategy that includes many different types of tactics that all work together to keep your business safe from a devastating attack.
Following are some of the important IT security areas to focus on in 2022.
With credential theft now being the main cause of data breaches, protecting passwords and cloud account access is vital to ensuring your business is protected.
Implement Multi-Factor Authentication (MFA)
Every business, no matter the size, should be using multi-factor authentication (MFA). This may take users one additional step to log in, but it’s well worth it for the added protection.
Multi-factor authentication is 99.9% effective at blocking fraudulent sign-in attempts, even if the hacker has the password. This is because it’s highly unlikely an attacker would also have access to the device that receives the MFA code.
Subscribe to a Password Manager
The average person now has about 100 different passwords to keep track of. Trying to remember all those passwords while following good password practices of creating long, complex, and unique passwords is a nearly impossible task for your users.
Make their lives easier and improve your password security by subscribing to a business password manager. This provides users with their own account that will securely store all their passwords for them as well as suggest strong passwords. Users only need to remember one complex password to access all the others.
Use a Cloud Access Monitoring Application
Credential theft is on the rise because most business data is now stored in cloud applications. It’s important that you monitor access to your cloud apps to ensure only legitimate users can log in.
You can do this through tools like an endpoint device manager or cloud access security broker. If you subscribe to Microsoft 365 Business Premium, you get Intune endpoint device manager included.
Phishing is another big threat that needs a multi-layered approach. Phishing is often the delivery method for many different types of attacks, including credential theft, ransomware, viruses, fileless malware, and more.
Use Email Filtering
Email filtering reduces the number of phishing emails that make it in front of users. Today’s threats have become more sophisticated than ever, and it’s often difficult for users to distinguish a real email from a fake one that is spoofing a bank, vendor, or retailer.
Putting an email filter in place can stop and quarantine any suspicious messages so they can be reviewed by an IT expert.
Put a DNS Filter in Place
Links to malicious sites are used more often in phishing emails than attachments. This is because links don’t contain malware themselves, so they will often get past antivirus/anti-malware applications.
These links can take users to spoofed sign-in forms designed to steal their login credentials or phishing sites that inject malware into a device as soon as the page loads.
A DNS filter will match a URL that a person is trying to reach with known malicious sites and redirect the user to a warning page if a threat is detected.
Do Regular Touchpoints on Cybersecurity Weekly/Monthly
Human beings are the number one target in a phishing attack. Attackers use sophisticated tactics to try to fool email recipients into taking action, such as posing as someone that works at the employee’s company or using urgency in the message.
Create a culture of cybersecurity by infusing regular touchpoints on IT security best practices into your normal business operations. This can include things like monthly security videos that users can watch and weekly cybersecurity tips in a company newsletter or team messaging announcement.
Is Your Network Security Prepared for the Threats Coming This Year?
C Solutions can help your Orlando area business ensure your defenses against phishing, credential theft, and other online attacks are adequately protecting you.
Schedule a free consultation today! Call 407-536-8381 or reach us online.