You might think a successful breach is rare. But over 50% of small businesses say that they have experienced a breach in the past year. Those aren’t odds any business leader would take lightly. Cybercriminals are getting sophisticated. They’re connected to major criminal organizations and each other. Given the increasingly complex nature of this threat, even the smallest of businesses must have a layered cyber defense set up around their business. And because small businesses naturally have fewer resources, that layered system must be streamlined, practical, and cost-effective.
What does this kind of layered cyber defense look like? It has these ten components.
#1 - Dark Web Monitoring
And yes, they also sell employee credentials here. Email passwords, server logins ins, cloud computing credentials for both small businesses and ones everyone knows. All someone with some know-how has to do is pay the price and then use that information to target your business. It happens all the time.
To make matters worse, when a password is compromised, it rarely gives access to only one account. Despite security precautions that advise against using a password on multiple accounts, many people do. So a password for your employee’s Pinterest account could also be the gateway into some of your most critical systems.
With this information, criminals can now do things like this:
Real-time Dark Web monitoring scours the shadows of the Internet where criminals do business with each other online. We can then automatically alert you when credentials associated with your company are found here, giving you or the employee time to change credentials, block access, or take other steps with your IT team to secure systems and data.
If the criminal element has already tried to use those credentials, other layers of your cyber defense are in place to reduce that damage.
#2 - Managed 2FA
A one-factor security system such as a single password, pin, key, or scan is no longer enough. It’s too easy for a criminal to get that one password and get into your system.
Not only is the average password too easy to crack with just a little investigative work. We already mentioned that employees often use the same password for other accounts, including websites that have meager security.
Now, all a criminal has to do is break into a low-security site, steal the password, and use it on your system. But since you have layered cybersecurity defense, they are stopped in their tracks.
And layered security doesn’t have to be time-consuming or cumbersome. Employees can quickly verify their identity through a message sent to their phone–no tokens to manage or extra employee security information to install.
#3 - End User Privilege Management
Let’s face it! You wouldn’t give every single employee or contractor a key to your business’ front door. So why would every person who works for you have the same level of access or ability when it comes to servers, systems, cloud computing?
Only give employees and contractors as much privilege with workstations, servers, and software as they actually need to do their job. That’s a layered defense in action.
Endpoint Privilege Management allows for the remote and secure management of privileges for every employee and contractor without making those users jump through unnecessary hoops to get the access they need. As roles change or employees need new access, it can be easily updated, and you can see who has access to what all in one place.
#4 - Endpoint Protection
Also called endpoint security, this layer describes those areas that the end-user (employees) or malicious entity could access, upload, and download data, including:
Endpoint protection includes security solutions such as anti-virus, ransomware protection, spam filters, and various cyberattack prevention tools. It also includes real-time monitoring of these endpoints to identify a possible breach and neutralize it quickly.
#5 - DNS Protection
DNS or Domain Network System is the technology that translates a website address that a person can remember, like ebay.com, into the string of numbers that represent that website address but would be harder for the average person to remember. Malicious criminal enterprises often attack small businesses by tampering with, circumventing, or altering this process. So you need commercial DNS protection as yet another layer fortified between your business and those who wish to do you harm for their own profit.
#6 - Security Awareness Training
70% of breaches come from an outside entity. But around 93% of the time, that criminal tricks your employee into helping them get what they want.
#7 - Internal Threat Hunting and Remediation
You understand the value of strategic planning. So do criminals. They employ their vast knowledge of security products and detection methods. This allows them to sail underneath the radar, so you won’t always get a convenient popup “you have a virus” when they’re in.
Those who hunt these evasive predators must be just as clever and vigilant. They need to recognize even the most subtle signs of infiltration. These hunters combine machine learning technology with good, old human detective work to quickly identify and reveal these bad actors so that you can take steps to eliminate their access.
When building a layered cyber defense, it’s critical to have this level of monitoring.
#8 - Office Protect
Before tools like Office 365, having employees working remotely meant delayed communication and isolation. The anywhere accessibility these tools make possible brings people together. They can log in from multiple devices to access projects, tools, and data. But it also increases the risk that someone else could access information through an employee’s account.
Given the importance of Office 365 to your business, you need an additional layer of protection here. Office Protect offers that. Key features include:
Human error happens. Security gets compromised. Tools like these keep your most valuable resources protected.
#9 - Backups
Deploying layers 1 through 3 will significantly reduce your risk of a successful cyberattack. But cybercriminals are a sophisticated network with ample resources to orchestrate these attacks. 86% of attacks are financially-motivated. So like any business with a plan, a percentage of the money these criminals “earn” is invested back into the “business”.
That way, they can continually build a better mousetrap.
#10 - Regular Backups & Recovery Testing
Like all of these layers of cyberdefense, #5 is critical to a robust security plan. You need the resources, tools, and schedule to ensure backups are completed. Recovery from must backup fast, accurate, and seamless so that business operations can continue despite a known breach. In the best scenarios employees and customers don’t even realize anything happened.
Recovery can be that seamless. Recovery testing involves testing how well your applications can recover from not only a cyberattack but also crashes, server failure, natural disasters, and similar inevitabilities when running a business. Recovery testing forces the recovery and backup systems you have in place to show you, not tell you, that they can restore data and operations quickly and efficiently, so you’re ready when disaster strikes.
This requires you to both dedicate the resources for recovery testing and put this testing on a schedule, so you’re never caught off-guard.