Major hacks are dominating the headlines recently, sending a surge of unease through public and private institutions alike. The US government, financial institutions, big corporations, and other organizations that handle large volumes of sensitive data make tempting targets and are rightfully scrambling to bolster security.
Who is at risk?
Though it might be tempting to assume smaller businesses might gain protection by being small enough to fly under the radar, the opposite is likely true. A smaller business with less stringent security policies and older firewalls makes an easy entry point to spread from.
According to a current report in the New York Times, hackers have been targeting businesses across the vaccine supply chain. This is a very concerning trend with serious implications for national security.
Realnets President and cybersecurity expert Brian Schoen suggests that it will be the smaller, less secure labs and hospitals that create the most risk. “The larger organizations will have had the resources to train their staff and invest in the next generation cybersecurity software. It will be the smaller ones that are underfunded and overworked that will be the most likely to be missing important security steps.”
What can I do?
What’s the best way to protect your data and IT investments? Mr. Schoen suggests the easiest thing you can do right now is to enable multi-factor authentication.
“Many organizations turn MFA off because it can feel like a hassle to have to repeatedly log into accounts. It may feel more convenient, but it’s a huge risk. Human error and poor password practices are major vulnerability points that can greatly be reduced by this one practice.”Brian Schoen, CEO, Realnets
Taking it further
Multi-factor authentication is just one small way to increase your security. Being up to date on security software is an important piece of the security pie. Current generation firewalls don’t just check for malicious code, which is easily hidden, but use artificial intelligence to spot suspicious activity. This catches code that looks normal but is busy sending or receiving abnormal amounts of data.
Microsofts Advanced Threat Protection (ATP) is currently the best way to prevent email-based breaches. ATP runs all attachments in a contained environment that checks for malicious behavior before it ever reaches you.
Penetration testing is the best way to see where weak points exist. This is a practice where a trusted source simulates hacks both from inside and outside your networks. This gives you the best idea of what policies, training, and software updates are actually needed.
We encourage every business to talk to their IT department or to reach out to a cybersecurity consultant like ours. Stay safe everyone.