According to The 2018 State of Cybersecurity in Small and Medium Size Businesses study conducted by the Ponemon Institute, small and medium-sized companies are at just as much risk of cyber attacks as the larger companies that dominate our headlines. Small companies are also losing millions due to vulnerabilities in their systems. Many are unaware of the IT infrastructure solutions that are available to help minimize their exposure.
The study reports that despite 67 percent of respondents experiencing a cyber attack and 58 percent experiencing a data breach, only 28 percent say they are able to minimize vulnerabilities and attacks in a manner that is “highly effective.” Those are scary statistics.
Part of the problem is many small companies don’t have the budget to devote to cybersecurity and are often understaffed. An understanding of IT infrastructure basics and the most prevalent vulnerabilities can help you determine if you are equipped to handle cyber attacks on your own or if you should partner with a managed IT firm for solutions.
Four of the top threats to IT infrastructure are weak passwords, malware delivered via email, ransomware and the internet of things.
Most people don’t consider passwords part of IT infrastructure basics, but passwords continue to be a weak spot for many. One of the ways hackers can get access to your system is by simply cracking the password of one of your employees. There are many computer programs available to help them do this with ease. If your password is composed of one word found in the dictionary, they can crack it in a matter of minutes. You can easily increase the strength of your password by combining upper and lower case with special characters. The longer your password, the better.
The Department of Defense requires their passwords to be over 16 characters with uppercase, lowercase, special characters, and numbers. Statistically speaking, it would be nearly impossible for any computer program to crack these passwords in our lifetime. Basic protection of IT infrastructure starts with your employees. It doesn’t hurt to send out a friendly reminder to your staff and have them strengthen their passwords according to these guidelines.
Malware Delivered via Email
It’s not a question of whether your system will be attacked by malware, it’s a question of how. Your first major shield against malware attacks is your firewall. This is software that only allows your computer to connect to trusted sources. It blocks all the rest. Setting up a firewall properly is complicated, so most firewalls have generic settings. Only an experienced IT professional can make sure your firewall covers your IT infrastructure’s basic needs.
Unfortunately, even trusted sources can transmit malware. An infected email account is a good example, so you also need antivirus software. However, the kind of antivirus protection you buy off the shelf has major weaknesses. It’s hard to keep current and it can only detect known viruses. Even if you warn your employees not to open suspicious looking emails, there are no guarantees someone won’t take the bait.
According to the Ponemon study, 82 percent of their respondents said malware evaded their antivirus software, and 72 percent said malware evaded their intrusion detection system. So, the best possible protection is to use an IT infrastructure security solution that has been customized for your business.
IT Infrastructure basics include knowing how to protect your network from ransomware—a particularly nasty and costly strain of malware that could infect your system. It’s software that locks your computer or your data in some way and demands payment in exchange for giving control of your system back to you.
Some of the simpler forms of ransomware will try to fool you into thinking there’s something wrong with your computer and get you to pay money to fix it. A common tactic is irritating pop-ups that tell you your computer is infected by something. Once you click on it, it locks your system until you pay.
Another kind of ransomware will automatically lock your computer and keep you from logging into your system unless you pay money. The worst of all is the kind that not only locks your system but also encrypts your files. It won’t provide you with the keys to decrypt them unless you pay a fee. Unfortunately, many people have reported not getting files back even after paying the ransom.
The Ponemon study reports that 61 percent of its 2018 respondents were attacked by ransomware, and 70 percent of them paid the ransom. If you don’t like the idea of giving your money to cyber criminals, back up your data on cloud servers. Cloud services are now an integral part of IT infrastructure basics. Also, educate your employees so they don’t click on suspicious banner ads or other pop-ups.
The Internet of Things
The list of devices connected to home and business networks is rapidly growing. It includes everything from smart assistants to refrigerators, thermostats, webcams, smoke detectors, irrigation systems, smart watches, and the list goes on. Any device that can run code can pose a cyber security risk. Online criminals are constantly checking for an open door into your system. That’s why IT infrastructure solutions for security are so important.
Companies are innovating so quickly they sometimes forget to build in the necessary security measures to keep devices from getting infected. It doesn’t help that people don’t really think of some of these devices as computers, so security isn’t always a priority when using them. Many devices have been compromised due to using the default passwords they came with from the manufacturer. Once again, it’s important to ensure employees are using strong passwords on all devices connecting to your system.
Mobile devices are still the most vulnerable entry points to networks. To mitigate the risks, your IT department must have a firm grasp on IT infrastructure basics to protect your bottom line.
Help is Available
With cyber threats constantly evolving, it’s vitally important for companies and all network users to raise their awareness around the latest threats. It’s certainly possible to minimize risks on your own, but some find IT infrastructure basics overwhelming. Just keeping up with the various devices that are connecting to your network can be a full-time job, especially if you have employees or contractors that work remotely. Many IT departments are now partnering with security service providers such as NIC. If you are unsure of how to mitigate cyber security risks or need IT infrastructure solutions, contact NIC for a consultation.