Top 5 Ways To Protect Your Business From Cyber Attacks

Aug 4, 2023

While Logical Net HIGHLY recommends the following five security protections, know that cyber security is a rapidly changing environment. It’s essential to perform annual, if not quarterly, assessments of your security posture.

Security Control #1 – Multi-Factor Authentication

Enable Multi-Factor Authentication (MFA), also known as 2-step verification. MFA employs a secure phone app (best) or a code sent via text message to verify your identity when logging into your accounts / email. If your password is stolen via phishing or other means, criminals will be thwarted as they don’t have access to your cell phone.   Securing your email is essential as once that is breached, hackers can then penetrate your network, your computers and often your sensitive accounts like banking, HR, and medical records.   You should couple MFA with solid password practices such as never sharing your passwords, don’t keep them written down in your desk, use complex passwords of at least 12 characters (ideally 16) and change them at least quarterly.
Security Control #2 – Segregated Backups

As a starting point you should follow a 3-2-1 backup strategy in which you have 3 copies of your data (live, backup1 and backup2), 2 formats (e.g. local and replicated version) and at least 1 offsite (e.g. cloud backup).  

We also recommend creating immutable backups – a copy of your data that can’t be changed with typical admin privileges. This is one more layer of protection against ransomware attacks that encrypt your data and demand payment to release it.  

When considering backup, you should not only protect your server data but also your emails, any SharePoint data, contacts and calendars.  

This topic can go very deep. Contact LogicalNet and we can discuss the best approaches including backup frequency, full copies vs. snapshots, and what your business needs in terms of recovery time period.

Security Control #3 – Managed Endpoint Detection & Response
Anti-virus and anti-malware are outdated solutions that have been replaced by Managed Endpoint Detection and Response (MDR). MDR is the combination of endpoint detection, response and management by a Security Operations Center (SOC) staffed 24/7 by highly trained security engineers.   An MDR system will monitor all traffic, logins and privileges used within your network. If suspicious activity is detected, the SOC jumps into action, analyzing activity, identifying threats and then moving to contain and ultimately remove bad actors.   LogicalNet highly recommends you deploy an MDR solution for both your overall network as well as to your Microsoft 365 environment.  

Security Control #4 – Remove Admin Rights From Users

While it’s certainly dangerous when a hacker steals a user’s password and gains access to your network, it’s even more serious when that user has local administrator rights for their workstation. That makes it many times easier to not only penetrate that computer, but also other computers on the same network.   LogicalNet recommends that no one in your organization has global administrator rights for your Microsoft 365 environment. That’s why you engage LogicalNet to handle your IT systems.  
Security Control #5 – Security Awareness Training With Testing

Your users are often the weakest link in your line of security defenses. Every employee should receive mandatory security awareness training on a regular basis. Today’s training is typically online coupled with videos and quizzes. Best in class training also includes phishing simulations in which emails are sent to all employees to test their ability to detect phishing attacks. 

Employees who succumb to phishing simulations must be re-trained and then re-tested.

Adopting these top five security controls will put your business on a much stronger path to cybersecurity. Today, most cyber insurance underwriters require these same controls to qualify for an insurance policy. And as critical as these controls are in today’s environment, you should take a dynamic approach that is specific to your business and adapts as new threats emerge.