With the almost daily news reports of cyber-attacks and exploits, it is impossible as a business owner to not be worried if you will be next. This inevitably leads to a call or email asking your IT department, “Hey, are we doing everything we can to prevent a cyber-attack?” At AbleTP, the answer is usually “No, but we are doing what we believe is the best balance between cost, user impact, and security.”
Depending on a company’s industry, the types of data they store, government compliance, and their public exposure, we may take a more aggressive approach to security than we normally do. But, with this comes significantly more cost and often more steps for end-users to do their work. For most businesses, a layered security approach along with following industry guidelines is the best balance between security, usability, and cost.
A majority of exploits that we see in the media could have been stopped with that very basic approach. Having operating systems and software kept up to date, maintaining a next level firewall, limiting the use of administrative accounts to only the tasks they are needed for, layering anti-virus and anti-malware protections, training end-users to recognize attacks, and monitoring it all to make sure it is operational and no one is out of compliance. “Can we do more?” Sure we can and in some circumstances we do. “Can we do enough to guarantee security?” Absolutely not. Even with the best and most expensive security products being monitored by a dedicated security operations center with regularly trained end-users, companies are being hacked. The most important thing is to do the basics. This means, layer more depending on what makes sense for your business and be prepared if something does happen. That means, having Cyber Liability Insurance, ensuring your backup system is adequate, and ensuring you have a written plan of what to do if your company is compromised. If you are worried you’ll be the next cyber-attack, talk with your Managed-IT Service Provider to ensure that you are prepared in advance for a cyber-attack.