15/08/2024 | Press release | Distributed by Public on 16/08/2024 11:19
There are a huge number of potential cybersecurity threats to your business today. If you have a computer at your company, then the company is at risk. The bigger the company, the more risk there is, as larger companies could be specially targeted. But every company is going to receive emails which attempt to take customer data, spread their viruses, or encrypt computers on the network, charging a fee to get your data back.
The biggest worry about the constant onslaught of these attacks is that attackers only need to be successful once, while the company defenses need to be successful every single time. There are ways to prevent your company from falling victim to an attack, with little to no disruption to the employee processes.
When you log into a website using an MFA phone application, the system will send a push notification for you to approve. Or it will prompt you to enter a code into the website.
A physical USB token is more secure, but more expensive. This key stores a digital certificate that matches the account you are trying to sign in to. For systems like email or banking, MFA or a USB token is imperative to ensure that you, and only you, are accessing the system using your credentials.
The upside to the USB token is that you must have the physical device. With traditional MFA, if an attacker gets someone's password, they can call the person, pretending to be an employee of the company's website, and ask for the code. With a USB token there is no code. If you are logging into the site from a computer that doesn't have the USB token physically attached to it, you can't log in. All the major email authentication systems support both MFA and USB tokens.
The biggest downside to USB tokens is the cost, about $50 each. Employees should have two, in case one is damaged. When employees leave, those tokens probably aren't going to be returned. Some companies have their IT teams and senior leadership use the tokens; the rest of the employees use MFA on their cell phones.
MFA is highly recommended. Note that websites or systems using email or text messages to deliver MFA codes are not secure. Email can be compromised (unless secured with proper MFA) and text messages can be easily intercepted or redirected to a different phone.
Unfortunately, this won't stop all viruses. The "effective" viruses will be able to do their work without asking for administrative rights, but it will stop some from running.
Least privilege should apply everywhere in the IT environment, not just to sensitive parts of the network, such as where the finance department stores employee salary information. Most employees don't need access to other employees' home directories on the network, for example. IT systems administrators, however, might need this access so that they can perform audits, backups, etc.
While gathering employee permissions information about their duties will be cumbersome, the end result is a more secure environment for the company.
While this will help stop malicious activity on the network, there is a chance (depending on the fine-grained control you have over the blocking process) that you'll block legitimate websites as well. There is a workaround for this, which is to whitelist any blocked legitimate websites. This requires employees to report the legit websites to someone in IT who can fix the problem.
A successful internet blocking process involves a solid communications plan with employees and an easy way for them to report blocked websites to whitelist.
Part of turning on internet blocking also involves inspecting the network traffic between the users and the internet. This will usually increase the network router's CPU load and slow the maximum network traffic speed the device can support. Depending on the router's current load, you may need to upgrade to a more powerful router to enable these features without impacting network performance.
Companies can increase their IT security using these four fairly simple techniques, while reducing cybersecurity threats. Most will cause little to no change in how employees work. However, a network change or MFA implementation will require a one-time set-up by each employee, followed by a slight change in how they work on a daily basis. All are worth the additional effort to prevent a data breach.
Connect with an Old National Small Business Bankerfor more insights to help your business grow.