With the uncertainties around remote working and how to protect your business, cybercrime is becoming more and more aggressive rounding up to six times as much since the start of the pandemic, according to the 2022 SonicWall Cyber Threat Report. Plus, the World Economic Forum’s 2020 Global Risk Report states that the rate of detection and prosecution is as low as 0.05 percent in the U.S. Half of this year’s ransomware victims opted to pay to regain access to their data, but only a quarter of them fully regained access according to a recent Kaspersky survey.
Some of 2021’s high-profile attacks include the $70-million Kaseya hack that locked clients from at least 17 countries out of their systems. CNA Financial Corp, one of the largest insurance companies in the U.S., paid $40 million ransom after being locked out of their network for almost two weeks following a breach. Accenture, one of the world’s largest consulting firms, was hit with a $50 million ransomware in exchange for 6TB of data. The JBS S.A. hack closed off a quarter of American beef operations for two days that ended after payment of $11 million ransom. Colonial Pipeline, the largest fuel pipeline in the U.S., disrupted fuel delivery for several days in the Southeast. Last but not the least is the bizarre Oldsmar water hack where bad actors accessed a water-treatment plant in Oldsmar, Florida, briefly raising the sodium hydroxide level in the water supply to dangerous levels.
What’s behind this increase in cybercrimes?
The rise in cyberattacks is attributed to three major factors:
- Covid-19 prompted a spike in internet usage worldwide as people shifted to remote working and learning.
- The anonymized nature of cryptocurrency transfers has made it much easier for cybercriminals to collect on their schemes.
- More and more companies are choosing to pay the ransom to regain access to their data, inadvertently encouraging cybercriminals.
Cybercriminals do not discriminate against the size of an organization, they are all fair game. To guard against the next security breach and the implication to your reputation, you need to make cybersecurity a priority. Partner with a reputable IT Managed Service Provider (MSP) to guarantee a multi-layered approach to security while you stay focused on your main business objectives.
Here, we’ve compiled ten of the top cybersecurity tips and best practices for you to implement and share with your team.
1. Advanced Endpoint Protection
This pandemic has led to companies of all sizes to work from home. The number of endpoints has increased for essentially all organizations that have shifted to remote work. Having 50 employees working in separate locations means you need to consider each location an extension of your business. TNS’ Advanced Endpoint Protection is designed to proactively stop specific types of threats, tools, or techniques, covering multiple stages of cyberattacks.
2. MFA for Email and VPN
Passwords are no longer enough! Supplement your traditional password with Multi-Factor Authentication (MFA) to ensure secure access across networks. Identity theft takes on many forms and you need to insist that your users have another form of confirming their identification when accessing your corporate network. Welcome to multi-factor authentication: Something you HAVE and something you KNOW! With MFA, your team would be prompted to enter more than two additional authentication methods for extra layer of security.
3. Identity and Access Management
Implement solutions to protect your data from unauthorized access by internal and external users. Just because your systems are in the cloud, does not mean certain people within your organization shouldn’t have access to specific things. Our Identity and Access Management will allow us to work with you so you can have the peace of mind that the RIGHT resources are being accessed by the RIGHT people.
4. Single Sign-On
Reduce the chances of having your team’s passwords and sensitive data stolen in a breach. Single Sign-On (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. It streamlines the process of signing on and using applications—no need to re-enter passwords, leads to fewer chances of phishing, and lessens password-related complaints or troubles for IT help desks.
5. Security Awareness Training
Raising awareness is the baseline layer of managed security. You need to strengthen your most vulnerable access point, i.e., your employees, against cyberattacks through effective Security Awareness Training (SAT). Your team members are now an important layer of your defense strategy; keeping them informed, keeps your organization safe. Simulated vulnerabilities, deployed through an MSP increases your employee’s awareness and even more importantly, protects your company’s data. TNS can help your team understand proper cyber hygiene, anticipate potential threats they may encounter via email and the web, and realize the security risks associated with their actions.
6. Email Security
Implement a secure email gateway to prevent the spread of malware, spam, and phishing attacks. An email gateway scans and processes all incoming and outgoing emails and makes sure that threats are not allowed in. There are various procedures and techniques for protecting email accounts, content, and communication against unauthorized access, loss, or compromise. They can be as simple as removing all executable content from emails to more comprehensive actions, like sending suspicious content to a sandboxing tool for detailed analysis. Your MSP will have visibility into all emails being sent and they can enforce email encryption policies to prevent sensitive email information from falling into the wrong hands.
With email encryption services, you can securely transmit data to other parties and greatly reduce the risk of them disseminating that data. TNS’ encryption platforms work by taking the sensitive data out of your emails and locking it in a secure web portal. When you send an encrypted email, it’s sent to the cloud, and your recipient gets an email notification that an encrypted email awaits them on the website. They can access it only by authenticating with an approved username and password, or a one-time code, if you prefer. You can set the email to expire after a given time, so if a malicious party has access to their username and password, it will still be safe as the link will be dead.
8. Mobile Device Management
The inherent risks associated with Bring Your Own Device (BYOD) has generated the need for Mobile Device Management (MDM) solutions to monitor, manage, and secure employees’ mobile devices. Implementing MDM into your environment will allow you to reap the benefits of BYOD and limit the risks. MDM solutions can proactively secure mobile devices by specifying password policies, enforcing encryption settings, selectively wiping corporate data, and streamlining the device set up. No matter the device or the team members location, mobile device management software allows an MSP to secure corporate data and personal data.
9. Cloud App Security
Improve visibility of your team’s activities in the cloud on all your devices to increase the protection of your data. TNS’ Cloud App Security natively integrates with your Microsoft and third-party cloud services to provide simple deployment, centralized management, and innovative automation capabilities. Your MSP can identify high-risk usage and security incidents, detect abnormal user behavior, and prevent threats. We can also set encryption rules to protect data stored in and downloaded from the cloud.
10. DNS Protection Perimeter
Protecting your Domain Name Services (DNS), also known as DNS Protection Perimeter, is a solution that can help you avoid hackers before they sneak into your systems and do irreversible damage. It allows you to limit your team from visiting unauthorized websites that could put your company at risk and helps you manage and alter your organization’s web filter at will across the network.
Implementing a layered approach to security allows for extra protection for your company data, while staying within your budget. It’s your Managed Service Provider’s job to know which solutions work for you and why. Contact your Account Manager directly to learn more. If you are currently not a TNS partner, complete our contact form and select Managed IT Services as your service of choice or contact us at 203-316-0112 or 212-967-5757. Visit our Facebook and LinkedIn pages to get a copy of the Top 10 Cybersecurity Tips of 2022 infographic for your office.