We hear and read about cyber security every day. In fact we hear and read about it so much across so many platforms that it has become just another annoyance in our daily business lives. It’s just something else that may happen to us if we aren’t aware and don’t buy the latest software, tool, or appliance. The cyber security business is growing rapidly and the products, services, information and terminology we are confronted with is complicated and confusing. If you are tired of trying to figure out what zero-day threats, threat actors, cryptographic algorithms, spear phishing, ransomware, bot herders, PII, PCI, the Internet of Things, and CEO fraud is all about, you are not alone.
Since we all now do business via the Internet we must protect ourselves from those who wish to do us harm by stealing from us. It’s really no different than locking our doors, installing an alarm system, or erecting a fence to keep thieves out. Cyber security is just that simple. It is protecting your data from those who want to steal it to either do us harm or sell it for profit.
When thinking about protection, we think in terms of assets that have value to us. What do we own that we want to protect from theft or damage? In order to secure our assets we must know what and where they are to build a plan to protect them.
Our electronic or data assets are the same. What assets of value are in our systems, where are they located, and what steps do we need to take to guard them? This requires us to audit our assets.
In cyber security terms this means examining our data and deciding what is valuable to us, our clients or customers, and the other businesses that are connected to us. Remember that when we think in terms of cyber security we must consider our connections. Our security weaknesses not only endanger our own well-being but also the well-being of everyone that is connected to us.
Auditing electronic or data assets means scanning all systems searching for data that if exposed could cause damage to ourselves or anyone that does business with us. Performing a preemptive audit or scan allows us to identify any vulnerable data and protect it before a criminal hacker can steal it.
Once our scan/audit is complete we now have a road map to our vulnerabilities. This allows us to identify our weaknesses and take steps to protect them. Much like putting valuables into a safe, we may back them up to a remote location and delete them, encrypt our assets so only we can see them, or quarantine them.
Protection at the Endpoint
Now that we have our most valuable assets identified and a system in place to protect them, it’s time to protect our perimeter. Remember, we add new data constantly so it is important to build a defense against constant threats. Anywhere we have a connection to the Internet we have a vulnerability. In the cyber security world we call these devices endpoints. Endpoints are servers, desktops, laptops, scanners, printers, mobile devices, physical security devices connected to the network like cameras, bio-metric locks, automated gates and fences, and everything that falls under the term the Internet of Things. (The Internet of Things refers to almost anything that turns on and off and has the ability to connect to the Internet. Think smart anything from business to home automation, refrigerators to baby monitors, cars to jet engines…anything! )
Like the walls of our buildings or the fence surrounding our property, our electronic perimeter is our network. This is the front-line. A hacker sitting at a computer attacking your network is no different than a thief with bolt cutters hacking through your fence. Much like employing cameras and monitoring tools to guard your physical property, cyber security uses hardware, software and monitoring tools to keep out attackers.
What’s going on with anti-virus software?
Most small to medium sized businesses either utilize their Internet providers firewall security or install a combination of hardware and software to protect their network point of entry. Beyond the firewall the typical security checkpoint is anti-virus software. There are two leading types of anti-virus software. The first is what most of us are familiar with and have been using for years. These are called “signature based” systems. Simply stated, signature based anti-virus stops a virus from infecting systems by building a list of known viruses over a period of time. Anti-virus providers maintain a “catalog” of viruses as they find them in real time. They constantly update their software based on reports of new viruses.
The downside to this type of protection is a new virus has to get into a system before the signature can be produced. That means an infection has occurred. This system works fairly well unless you are the first one to get the virus.
The newest anti-virus software is artificial intelligence based machine learning anti-virus.Because the nature of viruses has changed and literally hundreds of thousands of new viruses are being developed every month, the software developed to stop them must be intuitive and adaptable.
Artificial intelligence anti-virus provides protection at the endpoint by recognizing anomalies and predicting an attack before it happens. Simply put, it looks for things it hasn’t seen before and decides if it is out of the normal range. If it is, it stops it.
This type of protection has not been available at a price point that small to medium businesses could afford until recently.
Ant-virus software utilization is critical. The Tek recommends Sophos here’s why:
As a Sophos partner, The Tek leverages next-gen security with real time intelligence sharing between your endpoints and your firewall. Sophos artificial intelligence based machine learning products and solutions combined with The Tek’s expertise and personal customer service, levels the playing field for small and medium sized business. Until recently, this type of security protection was only available to large multi-national corporations.
Sophos antivirus software secures the networks used by over 100 million people in 150 countries, and 100,000 businesses. Companies like FORD, PIXAR, AVIS, XEROX, NORTHRUP GRUMAN and others all utilize the user and data protection of Sophos.
At The Tek we believe your business deserves that same level of protection.
Building the Human Firewall…In the end it’s about People!
When we design and build physical security systems we always consider the human element. What if an employee is careless with a key or pass code? What if a security guard doesn’t follow procedure when checking visitors at the gate? What if safe codes aren’t kept secure? What if cameras aren’t backed-up?
The human element always plays a factor in security. 63% of cyber breaches are caused by human error!
The key to building a human firewall is employee training. The Tek has partnered with KnowBe4 to provide new school security awareness training. New school security awareness training is an-on-line module based comprehensive yearlong employee training program that will significantly reduce human error narrowing the possibility of unwanted attacks through phishing, spear phishing, ransomware and other malicious exploits.
The system is a comprehensive program that uses module based training coupled with simulated real world attacks to teach employees how to recognize and avoid malicious emails, downloads, attachments and more. It repeats a train…phish…analyze process until your employees become a human firewall against external and internal threats.
Keeping Technology Simple and Secure
Technology doesn’t have to be complex, expensive, and overwhelming. At The Tek, our mission is to provide small to medium sized businesses with straight forward technology services and solutions that provide infrastructure for growth, prosperity, and security. For more information about The Tek, and some straight talk about your technology and security needs, contact [email protected]