From Straw Passwords to Brick-Wall Defenses:
In the modern retelling of a classic tale, the Three Little Pigs would grapple with digital wolves, each pig representing a different level of cybersecurity awareness. The first pig, perhaps a bit naive, would use 'password123'—a simple passphrase any cyber wolf could sniff out in seconds.
The second pig, slightly more aware, would still miss the mark by giving out their credentials in a phishing scam. Leaving their data exposed, like an open door inviting the wolf in and allowing him to roam freely.
But the third pig is taking cybersecurity seriously and ensuring that their data is secure. Not only would their cybersecurity practices be robust, but they would also routinely ensure that these measures were effective, keeping the wolf at bay. The third pig knows that committing time every quarter to improve their cyber defenses is not just a precaution—it is a strategic move that fortifies their business, paving the way for uninterrupted growth and innovation.
The MSP Safety Net Fallacy
The Cybersecurity and Infrastructure Security Agency (CISA) reveals a sobering truth: size offers no shield against cyber warfare. Small and medium-sized businesses (SMBs) find themselves targeted by digital adversaries three times more frequently than their larger peers. In a world where digital threats lurk behind every click, the notion of being 'too small to hack' is a fairy tale dangerous enough to be classified as cyber folklore.
So how do you avoid being pigs one and two? It starts with open and transparent communication with your MSP to ensure that everyone is aligned with the security protocols and procedures. This includes understanding the scope of the MSP's responsibilities and ensuring that your internal teams are equipped to handle their part of the security strategy.
Equally important is the practice of regularly testing your security measures. This is not a one-and-done solution, but a continuous process. Regularly testing and auditing your security infrastructure helps in identifying potential vulnerabilities. By identifying these gaps early, you and your MSP can work together to fortify your defenses.
A recent experience at Net Friends highlights this point. During routine maintenance on a generator, a crucial switch was inadvertently turned off. This error went unnoticed until a weeks-later system test. Thankfully, the test exposed the issue, enabling prompt resolution and reinforcing the company's confidence in its system's reliability. This incident underscores the importance of regularly testing your security measures to verify their effectiveness.
Net Friends Pro Tip:
Trust but verify. Regular system checks are a hallmark of strong cybersecurity management.
Collaborating with your MSP to fortify your systems can seem overwhelming, they should just take care of it, right? Ultimately, you still make the decisions about how to best protect your company, and because of this, you need to partner with your MSP to ensure everyone is on the same page.
With a little bit of effort on your part you can help to further solidify your cybersecurity. Below are three specific cybersecurity measures you can ask your MSP about to signal that you are proactively managing your security position.
Proactive Security Measures to Consider:
1. Email Security Settings
The latest "SMB Threat Report" by Huntress highlights the leading cyber vulnerabilities, and the main source of compromise is email. Cyber attackers aim to deceive individuals into surrendering their passwords by having you log into a fraudulent website or give them up through social engineering. Within moments of an individual being duped into entering their password, the attacker uses these credentials to impersonate the victim and gains unauthorized access to their accounts. Possessing just a set of email credentials can provide cybercriminals with what is effectively a skeleton key, granting them the potential to wreak havoc at the core of a company’s operational infrastructure.
Understanding and implementing robust email security settings are vital to stopping phishing attacks before they enter your inbox. Inquire with your Managed Service Provider (MSP) about your Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, & Conformance (DMARC) settings. These protocols validate emails and prevent spam and phishing attacks. A detailed guide can be found in Maximizing Email Security: Essential Strategies to Protect Your Inbox.
Net Friends Pro-Tip:
Reach out to your MSP and have them secure your email settings.
2. Backup Confidence Check
A data backup strategy is a prudent decision, yet it is not the final word in data security. The real test of a backup's worth is its restorability. Remember, part of pig three’s strategy was to confirm their security measures worked. To ensure your safety net is reliable, periodically prompt your MSP to perform a restoration drill, retrieving a specific file from an earlier backup date. This proactive approach not only confirms that regular backups are indeed taking place, but also that these backups are viable for recovery purposes, should the need arise.
Net Friends Pro Tip:
Contact your MSP and ask them to restore a file from last week.
3. Address Insider Threats
While external threats are often highlighted, insider threats can be just as damaging. Remember the house of sticks built by pig two crumbled when they gave their password to the wolf. Negligent employees who have access to sensitive information can become significant liabilities. Hackers are targeting employees as the easiest way to gain access to your systems.
Here are some tips to help make your staff security savvy:
- Company Training: Empowering your employees through knowledge and its application is the cornerstone of a robust cybersecurity posture. Regular training in email security best practices can minimize breach risks. Reiterating familiar concepts fosters a culture of cybersecurity mindfulness, it is not what you know, but how you use it. Well-informed employees are your strongest allies in maintaining the company’s security.
- Offboarding and Role Changes: Ensure that your HR department and MSP are synchronized in their efforts to revoke access for departing employees and alter permissions when employees change roles within the company.
Net Friends Pro-Tip:
Find out if your MSP offers cybersecurity training. If they do, make sure your staff is actively participating in the training.
Be the Third Pig
The moral of our modern fable? A business fortified with strong cybersecurity measures is a business built with bricks, standing tall not just against the huffs and puffs of cyber threats, but as a trustworthy partner in a landscape filled with wolves. Take time on a regular cadence to review your cybersecurity policies and work to create a culture of cybersecurity.
Pig three has already marked their calendar for next quarter with new steps to improve their security, we hope you will join us too!
WHAT TO READ NEXT:
- 5 Tips to Improve Your Cybersecurity Culture
- Top 10 Basic Security Trainings to Build Your Cybersecurity Culture
- Secure Your Business with Automated Device Offboarding
