When the Russian invasion of Ukraine began, the Cybersecurity and Infrastructure Security Agency (CISA) rolled out the Shields Up Program as the danger of cyberattacks against the United States rose. As war wages on in Ukraine, the federal government has continued to warn businesses about malicious cyber activity against the United States.
On Monday, March 21st, President Biden made his most forceful alert after reviewing new intelligence regarding Russia's plans moving forward. President Biden warned, "evolving intelligence shows us that the Russian government is exploring options for potential cyberattacks." He urged private sector businesses to "harden your cyber defense immediately."
Based on CISA's guidance, Fraser recommends that businesses look to implement these six security measures to protect against cyber attacks.
- Make multi-factor authentication (MFA) on your systems and networks mandatory. MFA helps prevent common vulnerabilities like reused passwords, brute force hacks, shared credentials, and orphaned credentials on public devices.
- Ensure all of your software and systems are patched and protected against vulnerabilities. If your IT department struggles with keeping up with patches, there are automated patch management tools available to make this process seamless.
- Back up your data and make sure that you have offline copies of backups that are not on your current working servers. Be sure to evaluate if having on-premise or cloud backup would be better for your business. Each method has its advantages, and you may decide that a hybrid backup would be the best choice.
- Encrypt your sensitive data so it cannot be used if stolen. This practice involves full data encryption on your physical devices, encrypting any data stored in cloud services and utilizing VPNs when accessing systems and data outside of the office.
- Don't wait until a cyberattack happens to see if your emergency plan will work. Run drills that mimic a cyber incident and note how successful your plan is and how you can change things to minimize the impacts of an attack.
- Educate your employees with cyber security training. Good training helps them easily identify common red flags in emails and websites for phishing, ransomware and malicious activity. Have employees report suspicious activities to ensure early detection of any anomalies.
Suppose your business does fall victim to a cyberattack. In that case, the White House also encourages you to contact your local FBI field office or CISA Regional Office.
For many small and midsize businesses, having internal full-time IT staff is a luxury most cannot afford. If there is in-house IT, they are focusing on initiatives that will help your business make more money, as they should. A managed IT services provider can help ease the burden of managing your IT infrastructure.
Managed IT services providers handle all IT needs, but most importantly, they solely focus on IT. They stay up-to-date on all of the latest security trends and threats to provide you with the services you need to keep your business protected.
Businesses also think that they can't afford managed IT services, but the real question is can you afford not to have them in place? A reputable managed IT services company will work with your business and its budget to find the right services for your needs at a fixed monthly price, meaning you know what you'll spend each month and can budget appropriately.
According to IBM and the Ponemon Institute, the average cost of a data breach for a small business is around 2.98M dollars. Most small businesses don't have nearly $3 MILLION just waiting for a data breach to happen. With managed IT services, you can take a proactive approach to protect your company data and networks. As many cybersecurity leaders have said, it's not a matter of if but when a company will fall victim to a cyber incident.
If your business is looking for more information about managed IT services, reach out to us here at Fraser.