6 Ways your SMB can prevent a cyber attack
Over the last few years Lynx has been invited into a number of situations following a serious cyber incident at client sites. In some cases, this was more about partial recovery after a minor encryption outbreak. However, others were far more serious in terms of all data, including backups fully encrypted.
Below is a list of 6 key things you can do that may prevent such a horrendous situation for your SMB. They don’t cost the much and they may just save the business in the event of an attack.
1. Have a security strategy based around the 5 pillars of the Cyber Essentials accreditation.
These are basic but practical areas that identifies data and helps put some focus on security of the data. Even if you do not want to hold the accreditation, the principles are the important bits.
2. Make sure you have a layered approach to security.
It’s not all about the firewall protecting the edge of the network. Advanced endpoint protection, DNS checking, two factor authentication (and more security layers) all significantly reduce the risk of a cyber breach.
3. Make sure you have a Next Generation firewall that uses a subscription based real-time data checking.
The current crop of Next Gen firewalls uses cloud-based services that are updated all the time and can block threats in a much more holistic way. New threats are created all the time and the best chance you have of blocking them is using a firewall that is aware of the latest threats as they happen.
4. Review your Active Directory and Firewall rule sets on a regular (once a year minimum) basis.
Out of date users and poor password management have led to a number of security breaches. Some tools can help you scan AD to find out how many users have not logged in for six months etc.
5. Have an offsite backup, remove your backup servers from your domain and create ‘Jump’ management servers (that are also not on the domain) for RDP access to domain controllers.
If your network is breached the perpetrators look for active directory as the key to all the systems usernames and passwords. Once they have that they can compromise any system resource. However, by removing the backup server from AD and creating a management server which is the only remote server allowed to RDP onto domain controllers you can make things much more difficult to find. It goes without saying that having a copy of the data backup off site is a must when protecting data assets.
6. Make sure all of the key components are updated regularly.
A very high number of breaches are allowed to happen by manufacturer fixes on security devices that have not been applied yet. Manufacturers provide security updates and fixes all the time, but criminals can unpick these to find out what the vulnerability is. They then spend time looking for systems that have not been patched yet.
For more information or just a discussion about your security requirements, please call Lynx Networks on 01908 633833 or email firstname.lastname@example.org and ask for Mark Bird (Technical Director).
News, Articles & Case Studies
The aim of our breakfast update is to guide you to a place where your organization is at a much lower risk from such attacks. You should leave with the basis of a strategy to get there.
Insider cyber security threats refer to actions taken by employees, contractors, or business partners who have legitimate access to an...
Vulnerability testing and penetration testing are both methods used to assess the security of an organization's systems and infrastructure, but...