Cybersecurity for Business in 2020
Protect your critical digital assets from cyberattacks in 2020.
Cybersecurity is not only for large corporations – it is for every company. The amount of malicious activity that occurs online is increasing every month and once again it’s expected to increase in 2020. It’s our job to work together with you to protect your assets as comprehensively as possible.
Copeland’s solutions scan for vulnerabilities on your network and automatically patch your software applications for optimal protection. Our firewalls, email and Antivirus solutions are optimally configured to provide the best protection.
Our account managers and staff provide education to your team via social media, training and reoccurring security reviews.
Learn about Cybersecurity
Cybersecurity isn’t reserved for major corporations that collect huge sets of credit data and personal information. Every company that relies on the internet must be aware of today’s cybersecurity risks and take steps to close vulnerabilities.
We all need to start thinking differently about security as this is no longer a passive responsibility. It is an ongoing challenge that needs a strategy as it is an ever-changing world.
As a whole, we are aggregating a tremendous amount of data compared to 10 or even 5 years ago. It is no longer just customer and vendor data we are storing but employee data, personal data of customers, credit card data and more. With more data comes more responsibility to protect that data.
Beyond developing plans for our clients, implementing the strategies and proactively monitoring their digital security, it’s our role as a managed services provider to educate technology-reliant businesses on cybersecurity best practices.
Please take a moment to check your company’s cybersecurity preparedness.
This 3-minute checklist will help you better understand the strengths and weaknesses of your cybersecurity program.
There are many ways that a hacker can enter a network and there are new entry points showing up constantly. Typically, a hacker exploits a vulnerability, the vulnerability is reported and then a fix is released.
It cannot be overstated that cybersecurity requires constant vigilance. While your company laptops may be up-to-date and protected by your resources today, a vulnerability in the software could be discovered overnight–and cyber criminals are quick to pinpoint these weak spots.
For large organizations, continuous scanning can also provide insight into performance trends (of the security system), be connected to feeds, provide authentication scans and more.
While you can never completely protect your data 100%, you can make it more difficult for an attacker to get in or get what they want by doing some of these things:
When attackers exploit Windows or Internet Explorer or any other application, security patches are released to plug the hole. Microsoft is being more aggressive with this in new versions of Windows but you have to pay attention to all software as it is just not Microsoft anymore. Adobe, Chrome, Firefox and other applications need to be updated to plug the holes.
What You Can Do: Microsoft Service Providers and internal IT departments are utilizing RMM (Remote Monitoring and Management) applications that take care of patch management and can notify you if software is out of date. These are typically per-device -per-month services that add large amounts of value.
Most companies have public drives that allow the organization to share data. Many of these are open to all users who authenticate. If there is any data that is confidential on these drives, hackers will go to this first as it is “low-hanging fruit.”
What You Can Do: begin limiting the use of public drives to non-confidential information. If you need to share confidential information, utilize a Document Management System or lock down the folders with tight permissions for specific users.
Mobile Device Management and Laptops
With an increasing number of users in the workforce going mobile, new threats have emerged with this mobility. Laptops are targets of theft along with mobile devices and many of these have company email and documents.
What You Can Do: First off, encrypt any device that has the ability to be encrypted. This will require a thief to know the password of the machine to get the data. For all devices, utilize a mobile device management tool (Office 365 uses Intune) to control and wipe these devices if necessary. Any newer Exchange Server or Office 365 Email Account can remotely reset a mobile phone to factory defaults the next time the phone connects to the email account.
Also increasing in popularity is working from home. Any time you allow an outside PC to connect to your network, you open up your systems to new vulnerabilities. Most home PCs do not have proper anti-virus protection and the amount of Internet traffic is usually higher resulting in greater risk.
What You Can Do: Ensure any device connecting to your network has the following:
— Secure VPN tunnel – Never open up Remote Desktop (RDP) access through the router. Use your firewalls recommended VPN connection or use a service like LogMeIn Hamachi.
— Require in your policies that all home users have anti-virus and are patched.
— Require in your policies that all home users have strong passwords.
It is always best to have a company owned device that is under control sent home with the user if possible.
These are the kinds of emails that can get individuals and businesses in trouble. They look harmless – in fact, they look legitimate, and sometimes even urgent.
This is just Microsoft asking for some sensitive information so they can help your account – right? Look again, and you’ll see that it is in fact NOT from Microsoft at all.
This is just one example of the types of phishing emails that can cripple organizations whose employees are not properly trained.
See the information below for important information that your employees need to protect your company from email phishing attacks.
Here are some of the common warning signs to look for:
- Poor spelling and grammar
- Incorrect use of common phrases
- Be wary of the sender needing an “urgent” response
- Hover over the sender name to reveal the sender email address
- Be cautious of long strings of incoherent letters and number
Protect yourself from phishing scams by doing the following:
- If you are suspicious of the email, NEVER click on links or attachments within the email
- If the suspicious email comes from a place where you have an account, like Netflix, go directly to your online account via an internet browser rather than going through the email
- Never share personal information or credentials through an email you receive. Always go directly to the source to ensure you are interacting with the REAL organization
- If you are suspicious of the email, do NOT forward it to a third party for verification, as this could lead to someone else clicking on a virus. Simply delete the email
How Hackers Try to Find Your Business
Business infrastructure continues to change at alarming rates. While much of the media has reported on the large breaches (Equifax, Target, ECMC, DocuSign), small to medium-sized businesses are at a higher risk. Typically the smaller sized organization has less protection, looser procedures and are not paying attention to software patching and updates.
How Hackers Find You
An individual sets up a bot (a piece of software set to do a routine of tasks automatically) to look out on the internet for any device it can find with a whole or vulnerability. They let it run for a few hours, come back and analyze the results. They don’t care where you are located, your industry or size. If they can get in, they get in.
Once in, they slowly poke around to see what they have access to on the network. They try to elevate permissions to allow them to install programs or access data. A typical hacker is on your network for 6 months before anyone knows. They will try to encrypt data, open up ports, collect password information or just flat out steal your data.
They can also come in via email attachments or infecting a website. While antivirus and SPAM protection addresses much of this, the threats are a continuously evolving ahead of these protection technologies.
It is imperative that your management team has a plan to address company policies, IT security, Backup and Disaster Recovery and training for users to better protect against these threats. We can no longer think of a breach as “if it happens” but “when it happens.”
NODEWARE Cybersecurity Protection
As the latest security innovation from cybersecurity firm IGI, Nodeware helps your organization achieve and maintain an effective security posture by identifying your greatest risks and weaknesses—before malicious outsiders can take advantage of them.
Your network has thousands of entry points, and Nodeware continuously scans each one to identify and analyze vulnerabilities, then shortens and simplifies remediation across your network, web, mobile, virtual, and IoT infrastructure to improve your security posture and increase operational efficiency.
How Nodeware Works
From the moment you activate your Nodeware Sensor, it begins to enumerate your network looking at all network-connected devices, including laptops, mobile phones, IoT devices, and network infrastructure. This inventory process repeats every minute, giving you a real-time view into the devices connected to your network.
Once a device has been discovered, Nodeware begins to identify key attributes including hostnames, device manufacturer information, and running operating system. This fingerprinting process is triggered by the arrival of new devices or significant changes in known devices.
With the device profile information as a guide, Nodeware builds a custom vulnerability profile. Vulnerability scans are run continuously against a subset of available devices, to give you the latest threat profile. Devices are prioritized based on a number of factors, with new and unknown device being scanned when they arrive on your network and known devices being reexamined based on their risk score.
Nodeware makes it simple to understand what your cybersecurity risk level is by quantifying it through a network health score. The score is an assessment of the number of vulnerabilities, their severity, and the likelihood of exploitation to plainly show you how your security posture measures up. Nodeware presents fixes for those vulnerabiltiies in a format that’s easily managed and fixed by the average IT professional, without requiring a dedicated security expert.
You can see your risk mitigation efforts in action as your score continuously improves with ongoing monitoring and remediation.
We work on cybersecurity services all day, every day. If you have any questions about your plans or the health of your technology systems, get in touch with us and let’s talk technology.