5 Tools to Protect Your Small Business Against a Cyber Attack

The recent cyber attack against Kaseya is just plain scary.  Hundreds of small businesses across the world were impacted.  Some of them may go out of business.  Others may have lost years of valuable data, and the confidence of their customers.

No single IT security practice or tool will protect you from the growing threat of your systems being compromised.  A combination of best-in-class tools, ongoing training, and well-defined policies (that are enforced) will go a long way to shoring up your security.

5 Tools to Protect Against a Cyber Attack

These five tools, when used together, would have prevented countless cyber attacks.  One or two of them would have provided protection against the Kaseya attack.

1. Advanced Threat Protection

A cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing robust zero-day protection.  It includes features to safeguard your organization from harmful links in real time by blocking malicious links while allowing access to good links. Digital finger print

All messages and attachments that don’t have a known virus/malware signature are routed to a special environment where ATP uses a variety of machine learning and analysis techniques to detect malicious intent. If no suspicious activity is detected, the message is released for delivery to the mailbox.

2. Basic Multi-Factor Authentication

Multi-Factor Authentication helps safeguard access to data and applications while maintaining simplicity for users. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy to use authentication methods. The user is prompted during the sign-in process for an additional form of identification, such as a code from their cellphone.

3. Dark Web Monitoring

This service finds compromised corporate credentials online (the “dark web”) and alerts the user of their detection.  We have seen a number of cases where an individual’s work mailbox was compromised because they repurposed a password from another non-work account that was compromised in a larger hack.

4. Simulated Phishing Tests

A simulated phishing test allows an organization to send deceptive emails, similar to malicious emails, to their own staff to gauge their response to phishing and similar email attacks.  The tests indicate which individuals need more training, and eventually, the tests become a training tool.

5. USB Blocking

Blocking USB drives can help secure your organization’s private data.  Think of movies where a spy sneaks into an office, plugs a thumb drive into a computer, quickly copies data, and then leaves.  USB blocking will prevent that from happening.  It also prevents the insertion of viruses into corporate networks. In an instance where the use of a USB drive is required, access will be temporarily allowed.

“My business is too small, I’m not worried about a cyber attack.”  If you have said or even thought this, please reconsider.  No business is off the table when hackers are planning a cyber attack. Now is the time to take security very seriously and to invest in the tools that will protect you from losing your data, the trust of your customers, and possibly your business.