Security Check by Beth Watts Feb 8, 2017 Four Cyber Security Precautions Every Small Business Needs to Implement According to the National Cyber Security Alliance, one in five small businesses are attacked by hackers each year, and of those, some 60 percent go out of business within six months as a result of the financial damages. Strangely enough, most small business owners are unaware of these threats, as 77 percent say their company is safe from cyber-attacks, yet 83 percent have no formal cyber security plan in place. Of course, not every small business is equally likely to fall victim to cyber crimes. Hackers usually don’t discriminate by company type, value or any other characteristic of the business itself, rather they target those businesses that are vulnerable because of lax digital security. The Jungle Disk Network Threat Protection product was developed with small businesses in mind, and addresses the four IT security features every business needs to have to keep an air-tight security posture. 1) Next Generation Firewall (NGFW) Installing a NGFW will control what applications are allowed on your network and protects against malicious activities. It’s the first line of defense against hackers. In order to get the protection you need, your NGFW should always include: All the standard features of a traditional firewall including packet filtering, network address translation, and VPN capabilities. An integrated network intrusion prevention system with deep packet scanning Web filtering to prevent access to ‘high-risk’ websites Gateway anti-virus to scan incoming data for malicious content Application control abilities 2) Advanced Threat Protection (ATP) Implementing an enterprise-grade ATP device gives your network the most up-to-date protection against all new and developing threats. In addition to basic protection provided by services like ‘sandboxing,’ the five areas that make up the framework for large-scale enterprise IT protection are: Access Control - Limiting access to the network through predetermined approved ports available to authorized users only. This reduces the overall risk of a network breach of data leak by minimizing the vulnerability of the network to only a few access points. Threat Prevention - Similar to an Intrusion Prevention System (IPS), threat prevention monitors and inspects all incoming code, packets of data, visited websites, and program/command applications for suspicious and known methods of intrusion. Threat Detection - This feature of an ATP system continues to monitor the network for indicators of intrusion or compromise that may have gotten past the first few layers of protection. Incident Response - Identify and contain. This new feature included in an ATP systems identifies and contains problems if the detection and prevention systems mentioned above find a threat in your system. Continuous Monitoring - This is the baseline for ATP, assessing and improving your current security measures against the latest known threats and methods of attack. As new cyber-threats become increasingly automated and more intuitive, more flexible and in-depth measures of protection must be in place. Without a cloud-based ATP system, your business networks will be constantly trying to catch-up, which is exhausting to have to maintain. 3) Secure Wireless Connection If you’re running an open, unsecured Wi-Fi network, you’re almost inviting a hacker to wreak havoc. One of the first courses in hacking is learning to crack into a network, so it’s not hard to find a hacker able to do so with ease. From there, your company’s HR documents, W-2’s, contacts and transaction information are fair game. Other risks that free access Wi-FI include: Increasing your monthly internet bill, particularly when you have to pay per byte of data transfer. Decreasing your internet access speed since you are now sharing the same internet connection with unknowns. Creating a hazard as others intentionally or unintentionally install malware. For small business owners, many of whom may already be running on small margins, these three risks can lead to serious business failures if left unacknowledged. 4) Data Leakage Prevention (DLP) Protect credit card numbers, transactions and other forms of sensitive data by enacting Data Leakage Prevention (DLP) policies and encrypting all devices and removable media with access to confidential information. Often, malware is invited into a system by a user opening or downloading a bad link from an email or malicious website, which can make it difficult for most prevention methods to beat the threat. So, implementing a DLP system will monitor, detect and block sensitive data in endpoint actions, network traffic and data storage. Protecting your business and clients from cyber attacks and online threats is the new normal. While in the past only big corporations were the focus of hackers and online criminals, increases in their network security and cyber defenses have caused hackers to refocus to smaller, more vulnerable targets. Obscurity is no longer a good choice for online protection and IT security, and with the prevalence of these cyber attacks along with the devastating financial consequences that come with them, every business owner needs to take a serious look at how protected their business is against threats in the evolving digital age. To dive deeper into what your business can do to ensure your network and data is protected, read a helpful My Digital Shield white paper here.