ASGCT.com
THE 7 MOST CRITICAL IT SECURITY PROTECTIONS Is Your Business Protected From Cybercrime, Data Breaches, and Hacker Attacks?
Cybercrime is so widespread that it’s practically inevitable that your business – large or small – will be attacked. Fortunately, a few small preventative measures can help prepare you and minimize (or outright eliminate) any reputational damages, losses, litigation, embarrassment, and costs.
IS YOUR BUSINESS A SITTING DUCK FOR CYBER CRIMINALS? Small and mid-sized businesses are under attack. Right now, extremely dangerous and well-funded cybercrime rings are using sophisticated software systems to hack into thousands of small businesses like yours to steal credit cards, client information, and swindle money directly out of your bank account. Some are even being funded by their government to attack American businesses.
“Not My Company…Not My People…” You Say? Don’t think you’re in danger because you’re “small” and not a big target like a J.P. Morgan or Home Depot? Think again. Seven hundred fifty million new malware threats were released in 2017, and that number is growing. Half of the cyber-attacks occurring are aimed at small businesses; you don’t hear about it because it’s kept quiet for fear of attracting bad PR, lawsuits, data-breach fines, and out of sheer embarrassment. Smaller businesses are low-hanging fruit for cybercriminals because these businesses do not have the security defenses in place to prevent hackers from their malicious activities. Make no mistake: small businesses are compromised daily, and the mentality of “that won’t happen to me” is a surefire way to leave yourself wide open to these attacks. The National Cyber Security Alliance reports that businesses have vital information to protect: 69% handle sensitive information, including customer data; 49% have financial records and reports; 23% have their intellectual property, and 18% handle intellectual property belonging to others outside of the company. You can’t turn on the TV or read a newspaper without learning about the latest online data breach, and government fines and regulatory agencies are growing in number and severity. Because of this, it is critical that you have, at the very least, the following seven basic security measures in place.
1
Train Employees on Security Best Practices The #1 security threat to any business is you and your employees. Almost all security breaches in business are due to you or an employee clicking, downloading, or opening a file that’s infected. Either on a website or in an email through a phishing attack, once a hacker gains entry, they use that person’s email and access to infect all the other PCs on the network. If they don’t know how to spot infected emails or online scams, they could compromise your entire network.
ASG Information Technologies
9 South Cherry Street, Wallingford, CT, 0649
ASGCT.com
2
Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial
Create an Acceptable Use Policy (AUP) – and Enforce It
information, and the like, you may not be
An AUP outlines how employees are
but that doesn’t mean an employee
permitted to use company-owned PCs,
might not innocently “take work home.”
devices, software, Internet access, and
If it’s a company-owned device, you need
email. We strongly recommend putting
to detail what an employee can or cannot
a policy in place that limits the websites
do with that device, including “rooting”
employees can access with work devices
or “jailbreaking” the device to circumvent
and Internet connectivity. Further, you
security mechanisms you put in place.
have to enforce your policy with contentfiltering software and firewalls. We can easily set up permissions and rules that will regulate what websites your employees’ access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others. Having this type of policy is particularly essential if your employees are using their personal devices to access company email and data.
legally permitted to allow employees to access it on devices that are not secured;
3
Require STRONG Passwords and Passcodes to Lock Mobile Devices. Passwords should be at least eight characters and contain lowercase and uppercase letters, symbols, and at least one number. On a cell phone,
If that employee is checking unregulated personal emails on their laptop that infects that laptop, it can be a gateway for a hacker to enter YOUR network. If that employee leaves, are you allowed to erase company data from their phone? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts – to ensure YOUR clients’ information isn’t compromised?
requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised. Again, this can be ENFORCED by your network administrator, so employees don’t get lazy and choose easy-to-guess passwords. Do not get lazy and put your passwords on a sticky note next to your computer. Doing so can put your organization at risk.
“SUPPOSING IS GOOD BUT KNOWING IS BETTER.”
~ Mark Twain
ASG Information Technologies
9 South Cherry Street, Wallingford, CT, 0649
ASGCT.com
4
6
Keep Your Network Up-To-Date. New vulnerabilities are frequently found
Don’t Allow Employees To Download Unauthorized Software or Files.
in standard software programs you
One of the fastest ways cybercriminals
are using, such as Microsoft products; therefore, it’s critical you patch and update your systems regularly. If you’re under a managed IT plan, this can all be automated for you, so you don’t have to worry about missing an important update. Make sure you follow your IT providers plan for patching your computer and laptops.
5
access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games, or other “innocent”-looking apps. This can largely be prevented with proper firewalls and security settings, as well as employee training and monitoring.
7
Have an Excellent Backup.
Don’t Scrimp on a Firewall.
Having a backup can foil the most
A firewall acts as the frontline defense
aggressive (and new) ransomware attacks
against hackers blocking everything you
where a hacker locks up your files and
haven’t explicitly allowed to enter (or
holds them ransom until you pay a fee. If
leave) your computer network. But all
your files are backed up, you don’t have
firewalls are not the same. Make sure
to pay a crook to get them back. A good
your business-class firewall will include
backup will also protect you against an
monitoring and maintenance, just like all
employee accidentally (or intentionally!)
devices on your network. Your IT person
deleting or overwriting files, natural
or company should do this as part of
disasters, fire, water damage, hardware
their routine maintenance.
failures, and a host of other data-erasing disasters. Again, your backups should be AUTOMATED and monitored; the worst time to test your backup is when you desperately need it to work!
ASG Information Technologies
9 South Cherry Street, Wallingford, CT, 0649
ASGCT.com
NEED HELP IMPLEMENTING THESE 7 ESSENTIALS? If you are concerned about employees and the dangers of cybercriminals gaining access to your network, then give us a call and we can help implement a managed security plan for your business.
To get started we are offering a free, no obligation IT Network Security & Backup Assessment of your company’s overall network health to review security holes and risks that may be lurking on your computer network. We’ll also look for common places where security and backups get over-looked, such as mobile devices, laptops, tablets and remote PCs.
AT THE END OF THIS FREE AUDIT, YOU’LL KNOW: DZ Is your network really and truly
DZ Are you accidentally or intentionally
secured against the most devious
violating laws and regulations such
cybercriminals? And if not, what do you
as the Gramm-Leach-Biley Act, FINRA,
need to do (at a minimum) to protect
or PCI, HIPAA or other data-privacy
yourself now?
laws? New laws are being put in place
DZ Is your data backup TRULY backing up ALL the important files and data you would never want to lose? We’ll also reveal how long it would take to restore your files (most people are
frequently and it’s easy to violate one without even being aware; however, you’d still have to suffer the bad PR and fines. DZ Is your firewall and antivirus
shocked to learn it will take much
configured properly and up-to-date?
longer than they anticipated).
Do you have someone watching over
DZ Are your employees freely using the Internet to access gambling sites and porn, to look for other jobs and waste
them daily to make sure they are working properly? DZ Are your employees storing
time shopping, or to check personal
confidential and important information
e-mail and social media sites? You
on unprotected cloud apps like
know some of this is going on right
Dropbox that are OUTSIDE of your
now, but do you know to what extent?
backup? These types of backups are not recommended.
ASG Information Technologies
9 South Cherry Street, Wallingford, CT, 0649
ASGCT.com
I know it’s natural to want to think, “We’re all set.” Yet I can practically guarantee my team will find one or more ways your business is at serious risk – I see it all too often in the businesses we’ve worked with over the years. Even if you have a trusted IT person or company who put your current network in place, it never hurts to get a 3rd party to validate nothing has been overlooked. I have no one to protect and no reason to conceal or gloss over anything we find. If you want the straight truth, I’ll report it to you.
You Are Under No Obligation To Do Or Buy Anything I also want to be very clear that there are no expectations on our part for you to do or buy anything when you take us up on our IT Network Security Assessment and Backup Assessment. I will give you my guarantee that you won’t have to deal with a pushy, arrogant salesperson because I don’t appreciate heavy sales pressure any more than you do. Whether or not we’re the right fit for your company remains to be seen. If we are, we’ll welcome the opportunity. But if not, we’re still more than happy to give this free service to you. You’ve spent a lifetime working hard to get where you are. You earned every penny and every client. Why risk losing it all? Get the facts and be sure your business, your reputation, and your data are protected. Call us at 203-440-4413, or you can email me at info@asgct.com.
Dedicated to serving you, Robert Mitchell, President & CEO
ASG Information Technologies
9 South Cherry Street, Wallingford, CT, 0649
ASGCT.com