10 things that will predict your chance of getting hacked or surviving one

Posted On 15 Mar, 2023

Most mid-size businesses don’t have the man power or budget to implement the necessary security controls. Often times they will have one or two IT people who is doing everything and is on a constant fire fighting mode.

Everyday there is a new threat and you are scrambling to patch it. Below are few important things that can keep mid-size companies a good baseline protection. If you are not doing these things you are a prime target for bad actors. Worse, your chances of recovery from an incident is less.

E-mail Security

10 things that will predict your chance of getting hacked or

What is the biggest open hole in your perimeter security? E-mail. Anyone can e-mail you a malicious attachment. The rogue players are getting more and more creative each day. They are spending time researching about you before sending you a malicious attachment. You like hockey, they will send you something about hockey, you like pets, they will send you a coupon for pet care. Even a careful person can fall prey to such e-mails. If you are not using a good e-mail security tool, it is guaranteed that someone in your company will click on it.

Invest In A Good Anti-virus, Anti-ransomware and EDR

Imagine, one of those malicious e-mails get past through your e-mail security. You want some form of defense to prevent it from causing damage throughout the company.

A good anti-virus/anti-ransom ware tool will help you with that. The default anti-virus that comes with your Windows laptop may not be sufficient to protect your device and data it holds.

Invest in a good anti-virus, anti-ransom product with EDR feature.

Use A Password Manager

10 things that will predict your chance of getting hacked or

A password manager does way more than just protecting the password. It can automatically create complex passwords for you.

Your employee don’t have to deal with creating complex passwords. A password manager will tell you the strength of all the passwords in your vault. It also tells you how many times a password is reused.

A good password manager is absolutely worth the investment.

 

Implement 2FA

2FA is the first and most important line of defense for weak or compromised passwords.

2FA prevents hacking into your office365, G-suite, salesforce or any cloud application. If you do not use 2FA for your cloud applications, you are a prime target for bad actors.

 

Turn on Geo-Fencing for Cloud Applications

If you don’t have employees outside of United States, why allow access to e-mail from other countries?

Most of the breaches originate from a handful of countries. By disabling access to your data from these regions you can cut down the risk significantly.

It is not a perfect solution. Hackers can find a compromised device in an allowed region. But it takes an extra step.

Turning on geo-fencing for cloud applications adds another layer of security.

 

Test for Vulnerability

Remember that web server that you built for a new application, but you never used.

It is now sitting without a proper certificate and firewall ports open.  No one can remember every device, application, ports and rules in their environment.

This is where a vulnerability testing will come into play. Performing a vulnerability testing will identify all the holes both inside and outside your system.

It will pin-point the vulnerabilities in every device in your organization so that you can fix it.  

 

Patch Often

10 things that will predict your chance of getting hacked or

Patching is the single biggest contributor to security breaches.

Your vulnerability testing can give you details of what needs to be patched. But if you don’t patch in a timely manner, you are now more liable when a breach happens.

 

Backup and Restore

10 things that will predict your chance of getting hacked or

A good backup and restore is your insurance policy in case of a ransomware. A good backup will get you back on your feet in case the bad guys managed to encrypt your data. Please read the blog on why you want your back to be not a cloud only back at the link below.

 

E-mail and Productivity Suite Backup

Most people think your Office365 or G-suite is automatically backed up. In reality, you lose anything that is deleted after 30 days. It could be intentional or accident. 30 days may sound like a lot, but when you are busy running a business, it can go unnoticed for much longer time.

You can turn on litigation-hold as a short-term solution. But it is better to do a proper back up of your e-mails and file system.

These services are not super expensive and are quite affordable.

 

Encrypt Your Hard Disk

People lose laptops. But that doesn’t mean you need to lose the data along with it.

Encrypting your laptop hard disk protects your data from a lost laptop.

Summary

Securing your business is not easy in today’s world. New threats and vulnerabilities are showing up every day.

However, doing some of the basic protection can still reduce your attack surface significantly.

The list itself is not complete or comprehensive. But if you are not even doing this, you are a sitting duck for the bad actors.

    Article by:

    Rajesh Haridas

    Rajesh Haridas is the founder and CEO of Consltek. He brings in 20+ years of experience working in the technology industry.

    Category:
    Security
    Boost IT Growth In Healthcare

    Set up a no-obligation consulting session