As we enter the new year, it's worth looking back at some of the important cybersecurity events of last year. We will remember that the largest and most expensive data breaches occurred at companies with substantial investments in cybersecurity.
- The $70 million hack that paralyzed 1,500 organizations happened to Kaseya, a company that specializes in handling software updates for hundreds of providers.
- Accenture, one of the world's largest consulting firms, was hit with a $50 million ransomware for six terabytes of data.
- CNA Financial Corp, one of the largest insurance companies in the U.S., paid $40 million after being locked out of their network for two weeks.
- The JBS S.A. hack disrupted a quarter of American beef operations that ended after payment of $11 million.
- Colonial Pipeline, the largest fuel pipeline in the U.S., had to pay a ransom of $4.4 million.
Now that cybercriminals see how powerful and lucrative their attacks can be, they're busier than ever! They have already moved on, and we have no idea where and when they'll strike.
Only one thing is for sure:
Whether you are big or small, these attacks are going to happen over and over again.
Focus on People: Shore up Your Cybersecurity with MDM and SAT
You might be wondering how the above attacks succeeded, despite the victims being well-resourced. In the past, traditional cybersecurity models were built to lock down the network perimeter and deal with threats AFTER they got through. This 'reactive' approach barely worked then; it's hopelessly broken now.
That's because your people, not your infrastructure, are the weakest link in cybersecurity. Cybercriminals knew that all too well. This change in the threat landscape requires a fresh mindset and new strategy, one that focuses on protecting people rather than the perimeter.
Mobile Device Management (MDM)
As the way we work continues to evolve, mobile devices are becoming an integral component of day-to-day work. Chances are, however, your employees have gotten quite comfortable treating their company-issued devices as their own, thereby expanding the attack surface for hackers. This is where Mobile Device Management (MDM) becomes your ally. By applying software, processes, and security policies onto all your mobile devices and toward their use, you can reap the benefits of remote work and rest assured that it does not turn into a business liability.
Security Awareness Training (SAT)
Minimizing the chances for error through MDM alone won't work. Raising your team's knowledge through effective Security Awareness Training (SAT) is also necessary. By providing your employees with the information and experience they need to recognize and respond to cyber threats, you can reduce risk and create a culture of cybersecurity awareness.
Combining the benefits of MDM and SAT, we are providing seven New Year's resolutions you should take today to boost your cybersecurity in 2022.
7 New Year’s Resolutions Toward a Cybersecure 2022
Use a VPN
To kickstart your comprehensive cybersecurity, a Virtual Private Network (VPN) is practically unbeatable. Not only does a VPN create a private tunnel through which all your traffic is diverted, but it also encrypts that data so that, even if it is intercepted, it won't make much sense. Just as a firewall helps to protect the data on your device, a VPN protects it online.
A VPN works by replacing your team's IP address with a false one so that nobody can identify where they are. All devices connected to your VPN reap the security and functionality benefits of your organization's private network.
As valuable as VPN is, however, it's NOT a stand-alone solution—nothing is. Protecting your organization's VPN against user credential theft requires an additional layer of defense, which brings us to our next resolution.
Implement MFA
Cybercriminals are getting more and more creative, and so should you! You need to insist that your employees have another form of confirming their identity when accessing corporate data. Supplement traditional passwords with Multi-Factor Authentication (MFA) to ensure secure access across networks. With MFA, stealing your team's credentials won't get a hacker too far; they will need to steal their smartphones too to gain access.
Microsoft's Director of Identity Security, Alex Weinert, said that 99.9% of compromised accounts do not have MFA. This is exactly the case with one of last year's high-profile cyber attacks—Colonial Pipeline said goodbye to $4.4 million because of a single account that didn't have MFA.
We either learn from history, or we're bound to repeat it.
Strengthen Your Passwords
A recent SplashData survey revealed that 80% of participants felt that cybersecurity was 'very' important. What's interesting is that the same survey also found that passwords like '123456' and 'qwerty' are still popular! It's probably because coming up with unique passwords on a regular basis can be frustrating—some people just aren't that creative! This is where password management comes in.
Make it easy for your employees to use strong passwords by empowering them with a password manager. Password managers generate a strong and unique password for each platform and then store these passwords in an encrypted locker. All your employees need to do is unlock the password vault when they are at work.
MFA and password managers are a great one-two punch.
Keep Up With Updates
The old saying, "don't put off until tomorrow what you can do today" applies when it comes to software updates and patches. But rather than relying on your employees to always launch updates for every software or operating system (OS), wouldn't it be better if you could present them with a unified dashboard of all their software patch levels and instant alerts if a new update drops?
Fortunately, as a Managed Service Provider (MSP), helping you with regular updates and patches is just one of our many cybersecurity offerings.
Stick With Secure Websites
While certain aspects of cybersecurity do require the expertise of a third-party provider, establishing whether a site is secure or not is something anyone can do. Just look at the site address at the top of the screen—if it only says HTTP at the beginning, you shouldn't be there. If it says HTTPS, emphasis on the 'S' at the end, it means you're safe.
Pretty simple, eh?
Unfortunately, by the time you've seen the address, you've probably already entered the unsecured website. This could mean serious financial loss if you're on a banking or online shopping site. If you want to avoid visiting an unsecured site by accident, you can add certain extensions for free like HTTPS Everywhere to your browser that will limit all your activity to secure sites.
If you want to make sure that this doesn't happen to ten or more people on your team, however, it's probably best to work with an MSP.
Simplify Security Awareness Training
As you know, one wrong click on a malicious link could expose your sensitive data to the wrong hands. While spam filtering can help your organization identify some malicious emails, others that appear authentic will find their way into an employee's inbox. That's why your employees should undergo thorough and ongoing cybersecurity training with a focus on mitigating potential attacks by keeping a close eye on their email.
Small- to medium-sized businesses (SMBs) might not have the resources locally available to ensure that their employees are educated in a continuous and progressive manner. Automating your security awareness training is your best bet if you want to make this process effective and cost-efficient in the long run, and this is where the expertise of an MSP can help. This brings us to the conclusion of our list of new year's resolutions.
Partner With a Reputable Managed Service Provider
As hard as you might try, there's only so much you can do to protect yourself and your company from the ever-evolving cyber threats out there. Plus, keeping your system safe can be a full-time job, and you already have one of those. Instead of trying to fight cyberattacks single-handedly, consider bringing in the help of cybersecurity experts!
Our award-winning team is more than happy to swoop in and assist your company with the latest cyber protection on the market, including mobile device management solutions, automated phishing simulations, and security awareness training. TNS' Total Guard provides comprehensive real-time network monitoring and 24/7 IT support while you focus on your bottom line.
Contact The TNS Group today to learn how to stay cyber secure while saving money this 2022.
Share this blog post with your colleagues and friends. Follow The TNS Group on Facebook, Twitter, Instagram, or LinkedIn. Cheers to a more prosperous new year!
Categories: Managed Service Provider, MSP Blogs, Solution Blogs
