It’s true: even businesses that have impressive cybersecurity practices in place get breached. However, it is SIGNIFICANTLY less likely. Most breaches come from businesses that are missing common sense cybersecurity. What is “common sense” cybersecurity?
It’s easy to blame the IT company for this. “I don’t know anything about cybersecurity, and I rely on my IT team to tell me what to do!” That argument is perfect, if you’re actually implementing what they have to say.
For instance, multi-factor authentication blocks 99% of personal identity attacks, yet many businesses opt out when their provider makes this recommendation. We hear excuses like: “the CEO doesn’t want to hassle when logging in to email”, or “it takes too long to enter an MFA code”, or “my employees don’t want to use their personal cell-phones for the MFA application”.
MOST breaches occur from a few easy to avoid scenarios:
- Patches and updates are not being pushed out quickly enough, or not at all – Think of these as holes being filled. If this is not getting done, your computers and network are filled with holes for attackers to sneak in!
- Open RDP ports – Don’t worry about what this means from a technical standpoint, just know that an open RDP port leaves A GAPING HOLE with business open to the world. Ask your provider about this!
- No Multi-factor authentication – This is a second form of authentication outside of your password. Taking 2 extra seconds when you login could save you from weeks of downtime!
- No GEO-IP blocking on firewall and email – Do you do business with China, Russia, or other countries outside of your home country? If not, block those countries! It’s a force function that keeps a lot of hackers at bay, and a barrier that will have them looking elsewhere for low hanging fruit.
Cybersecurity gets complicated, yes. But at the end of the day, there are EASY common-sense layers you can put in place that will set you up to be resilient in this new cyber landscape.
Make sure you’re covering the commons sense items first, and if you have an engaged IT provider, make sure you’re listening to their recommendations. They’re most likely not trying to “upsell you,” but rather protect your business, your reputation, and their own integrity and reputation as well.
If you would like a 30-minute-high level audit of the common-sense cybersecurity layers, reach out to LANConnect and our owner will give you a call.