Security as a Requirement
Even after its reported that email scams in the United States alone cost businesses over 2 billion dollars, not enough companies are putting a comprehensive plan together to prevent or deal with a security event.
As businesses continue to suffer from phishing and crypto style attacks and ransom, know that these are almost 100% avoidable. While there is no silver bullet, there are a set of known tools that can be used to prevent security breaches. While there are many solutions in the individual spaces its important to encompass as many as possible. Here is a quick bullet point list
- Employee Security Training – Probably the most cost effective front line for preventing ransomware/phishing is through employee education
- Application Whitelisting – This has become a popular trend and is automated making it easier to manage. It does require some technical knowledge to setup properly
- Security at all points – We used to just put a firewall at the Internet connection and call it security. Today devices are everywhere, mobile, cloud storage, web email, social media. There are many attack vectors today, so its important to protect the edge, and the device itself. Using a SIEM tool with EDR virus protection, and a specialized web protection is a good protection scheme
- 24×7 Monitoring/Remediation – Bad actors don’t stop at 5pm, for small fees you can outsource your security monitoring to a third party to watch real time for events happening across the network. Considering a single breach can cost over a million dollars from your Cyber insurance policy, you still don’t want the PR and legal hassles of getting anything at all if you can avoid it.
- Zero Trust – This buzzword has a few players in it already, most organizations take a layered approach right now. Not long ago we used to consider a local network as a house, and the devices were the members in the house. You had a front and back door and you protected those. Today zero trust treats each device as its own apartment, in a large apartment building. You have gated security at the front and back, but then each device has its own ‘front door’ inside the building that can be locked.