He is seeing a surge from small and mid-sized business customers asking questions about where they want their business to be in five years, how to assess cyber risks and how to effectively secure their systems to get there.
Gilbert said, for small businesses, sole proprietorships and those working at home, using a layered approach to security is recommended. Here are some suggestions:
- Back up data three ways: onsite, offsite and in the cloud for quick recovery;
- Use enterprise-grade antivirus products.
- Keep computer software patches up to date, and upgrade firmware as needed.
- Provide frequent cybersecurity instruction for remote workers.
- Be careful when buying IT equipment. Security is not naturally built in.
- Develop a relationship with a local managed services provider to continuously monitor your network and provide ongoing support.
“Diagnostic tools and potential threat monitoring should be part of this overall multi-layered discussion as a way to mitigate and eliminate potential harm,” Hartung said.
He said with inflation and rising costs, business owners are putting their sights on the price tag when it comes to implementing security.
“Security does not have to be super expensive and is well worth it to reduce or avoid hidden costs associated with a loss of productivity and downtime along with the value of data that could be compromised, held for ransom or lead to litigation over violations of privacy and confidentiality,” Hartung added.
Change your access keys from device defaults
Aaron Dinette, vice president of IT systems at NIMS and Associates in Petaluma, said details in a remote work environment are key.
“Default router credentials come with every device that uses a pre-shared key that is eight or more characters in length,” Dinette said. That key can be up to 63 characters. “Nine out of 10 times, these access keys are never changed, meaning bad actors with skills can attack.”
WiFi protected access (WPA) ensures that data sent or received over a wireless network is encrypted, and only those with a current network password can get in. WPA2 also introduced the advanced encryption system (AES), with 128-, 192- or 256-bit block ciphers.
“When you get a new router or any device with password protection, I recommend that you change the access key right away,” Dinette said.
He suggested changing the key to a unique 11-character (or more) sequence including at least one capital letter, one number and one symbol. The more complex the sequence, the better protected the network becomes.
“When using a PC or company-provided computer in a remote setting, shared responsibility rules should be in place as part of a work-from-home formal agreement. To maintain overall network security, the company’s IT department and management must be OK with remote workers using their own PCs, laptops and other devices,” Dinette noted.
He said antivirus/antimalware software is a must, and most companies are also consolidating the management of endpoint locations within a security operations center, as well as upping the level of intelligent machine learning to block crypto (any unauthorized attempts to gain access to a computer) and ransomware attacks by utilizing next generation XDR/EDR with centralized management in the cloud.
For large files, Box and Dropbox provide some level of security, but the correct answer is to tie into a corporate solution like Microsoft 365 – which includes OneDrive, Microsoft Teams, SharePoint — or Google’s G-Suite with Google Drive governed by policies and security limits that can include inviting third-party collaboration (using Shared links, Sharepoint Libraries, etc.) located in separate folders in the cloud for greater protection, Dinette said.
Single sign on (SSO), in combination with multifactor authentication (MFA; such as getting a text message with a verification code), is another access tool benefitting remote users that uses one set of credentials to tie into the on-premises corporate network access multiple resources. It can be configured to use active directory sync technology to tie into the on-premise corporate network enabling an employee to access data in the cloud, at the office, or at home. When used properly, MFA can stop up to 90% of accounts from being compromised, according to Microsoft.
Dinette said Microsoft Windows and MacOS products come with built-in firewalls that – at the very least — should be leveraged. However, remote users can purchase more robust third-party software, firewalls and hardware security devices that can be configured to act as a secure gateway to the network.
from Remote Workers – My Blog https://ift.tt/lyH7hKD
via IFTTT
No comments:
Post a Comment