We could have launched the new year with an article about the top cyber-security threats to watch out for in 2019, however, to serve you better we decided to jump right into the solutions instead. Why? Cyber crime evolves in real-time. Approximately 350,000 new malware strains and other harmful programs are released every day. You need cyber-security infrastructure that adapts to these advanced threats, which is why we have taken the time to provide you with a clear accounting of the measures you need to adopt in the annum to come.
2018 came to a close with yet another wave of phishing attacks on Yahoo and Gmail SMS (aka text message), hackers were able to bypass two-factor authentication (2FA), a process in which a one-time password (OTP) is sent to a user’s mobile device by text or e-mail, or generated by an authenticator app. This is nothing new mind you, hackers were also able to successfully circumvent Reddit’s internal systems this past August through SMS-based two-factor authentication on employee accounts:
"We learned that SMS-based authentication is not nearly as secure as we would hope”
Still, small and medium businesses are lulled into a false sense of security as they continue to blindly use 2FA without approaching it the right way. Take note of the following protocol for greater protection:
2FA can be used effectively through a trusted app such as Google Authenticator or via Microsoft.
Never use text/sms based 2FA or MFA.
Ensure that your mobile devices (and any staff devices if applicable) are protected by passwords so that the app cannot be seen should your phone be stolen.
Make sure your phone can be remotely wiped if it is lost or stolen.
We do not recommend using any type of app or cloud service that doesn’t offer safe 2FA or MFA.
AI and machine learning will lead the way in advanced threat protection in 2019.
For one, centrally monitored AV, malware, and ransomware apps offer notifications to give you heads-up alerts when an issue happens on any of your staff systems. This knowledge is very important as some infections cannot be automatically cleaned by these security tools and manual intervention may need to take place.
In addition, centrally monitored security tools will push out updates and will help you confirm if everyone is receiving regular updates (or falling behind). Again, with 350,000 malware threats released daily, you need to stay up-to-date in real-time.
In the end, AI and machine learning is the only way to keep up with the number of threats being released. The vendor you choose should use these technologies to get ahead of the curve and not fall behind. SIRKit recommends products like Sophos Intercept-X because they perform behavior analysis to identify emerging threats. In other words, it doesn’t require patterns to be downloaded.
While increased cloud adoption is both expected and recommended for the year ahead, many businesses neglect to get cloud migration right, which is why “critics” site a lack of security as being of grave concern. This concern can be abated when using platforms like Office 365, a business package that introduces a remarkable amount of organic and advanced security for your business. Microsoft is committed to security as they continue to help businesses with free services like SecureScore that make recommendations to improve your security.
Office 365 also allows you to pick where your data should be housed, if it matters. For example, when you sign up you can inform Microsoft that you want your data to be stored on Canada soil. The locally-stored alternative would not only be very expensive, it would be extremely difficult to have in-house servers match the same level of security Microsoft offers with Office 365.
With key vendors, you will have covered many (albeit not all) of your cloud concerns. And remember to confirm exactly how your data is backed up while on a cloud because it may not have been part of your package. Of course, when you work with SIRKIT you will be well-informed about every element of the cloud as it applies to your unique business needs.
Carrying over from the item above, your chosen cloud productivity solution is practically everything when it comes to securing both the big picture and day to day operations alike. In our recent article discussing the key security feature updates to MS 365 we address components essential to a more secure business software. This includes the following:
Reduced reliance on passwords.
Robust threat detection, investigation, and remediation across endpoints, email, documents (Word, etc.), identity, and infrastructure.
Intelligent compliance protocol that assists in assessing and managing compliance risks.
Leveraging of artificial intelligence and machine learning (as per item #1 above).
Affords access to better IT support.
While Microsoft is highly recommended, there are other major software platforms that are highly supported and constantly advancing cloud-based tools, including those offered by Google and Amazon. If you can’t find anything that suits your needs from a major vendor, hire an IT security professional to thoroughly vet the platform before you purchase it. There have been many instances where which we’ve exposed a considerable number of serious security risks during the vetting process of a prospective software platform. As a result, clients were able to escape from falling prey to a wide variety of vulnerabilities. Moving forward, stick to cloud solutions from a reputable vendor and don't be afraid to seek help from an IT support firm.
Contact SIRKit to discuss how we can secure your IT systems as a part of our Managed Services offering.