Owners know firsthand what goes into building a successful organization. Making sure you’re protecting all that hard work is a no-brainer, but getting your org to a secure position can seem daunting, especially if you’re not tech savvy. That’s okay, it’s why you started your business instead of an IT services company!
So how to get started? We’ve identified a few items that organizations should focus on when taking those important first steps.
Security Software
Security software can mean a lot of things so to start let’s talk anti-virus. There are a ton of options here, many of which go back to the late 80’s, and everyone has their favorite for one reason or another. Don’t get caught up in the minutae of choosing the "perfect" product, the best one is the one you actually implement. Once you’ve worked with one for awhile, then you may start to see build your own preferences as well.
Another service to consider in this space is DNS filtering – the process of blocking malicious websites by cataloging URLs, finding which ones are known to serve up nasty junk, and stopping users from getting to them. This could be a basic service that only blocks known compromised/malicious sites or a more robust option that also blocks things like streaming or social media. It may also filter only at certain times of the day or only for certain employees.
One of the newer threats we’re on the lookout for is something called persistent footholds. These are mechanisms that can re-trigger some piece malware after it’s been cleared or after an interruption like restarting a device. And since they operate a little differently than other forms of malware, they have their own remediation tools to check out.
Two Factor Authentication
This is absolutely 100% without a doubt one of the best things you can implement. We’ve been preaching the good word about it in blog and social posts for years, but just to recap quickly here – multi-factor authentication is a system that verifies a user's identity by requiring multiple elements to login to an account or device, not just a password.
These are usually pulled from the following factors:
- Knowledge - an answer to a secret pre-set question or a password
- Possession - a key fob or app on your mobile device (our favorite and super easy to use!)
- Inheritance - traits such as finger prints or facial recognition
Because MFA combines these multiple pieces, it greatly decreases the risk of an attack. In fact according to Microsoft MFA is almost 100% effective at stopping hackers from gaining access.
User Training
Users are often reported as the biggest threats to an organization’s security and that’s not an insult to users, it’s simply because they’re human. They cannot be programmed to respond perfectly to every scenario that may come their way, especially when there is always going to be some new thing that nobody has encountered before. To stay ahead of that curve, they need to be educated.
Offering security training to users can improve security by reducing the chances they:
- Visit malicious links presented in sidebars on websites or as URLs in emails
- Reveal credentials by falling victim to phishing attempts
- Are tricked into doing things like sending gift cards or wiring funds to someone impersonating a client or higher-up
And there are additional benefits to training beyond not getting hit with a breach. Training helps increase confidence, boosts morale, reduces stress, and increases productivity – put all of these pieces above together and its wins all around!