Last week it was revealed that Arizona Beverages, a large beverage supplier in the US, experienced a massive ransomware attack in March. Weeks later, the company is still struggling to recover from this attack.
In the aftermath, it was discovered that many of the company’s servers were running outdated Windows operating systems and had not received security updates in years. The company also found that its backup system was not configured properly. Arizona Beverages has reportedly spent hundreds of thousands of dollars to recover lost data and build new systems, and they are still only a little more than halfway back to full-scale operations. Arizona Beverages is a multi-billion dollar company with more than a thousand employees. One would presume the company had the resources to maintain a solid security process.
If this can happen to them, it can happen to you. In fact, according to Verizon’s 2018 Data Breach Investigations Report, 58% of all cyberattacks target small businesses, which are typically easier to breach because of lower security standards. It only takes one improperly secured device for a breach to occur.
Loss of productivity and data, whether it be from a cyberattack or human error, is always detrimental to a firm. We rely heavily on our data and expect it to be secure and available whenever we need it. As such, it is critical for firms – of any size – to put a comprehensive security plan in place.
The question arises, then, as to what small and midsize firms should do to protect themselves from a cyberattack. Any good security system will be multi-layered and should include:
- Antivirus and anti-malware software must be installed on all devices to remove immediate threats from your network.
- Every firm needs a business grade firewall to prevent unwanted access to the firm’s systems.
- Email filtering software scans all incoming messages for spam and other harmful attachments. It may reject or redirect messages that are flagged as potentially harmful.
- Any application that transmits data, such as collaboration tools, needs to have security, whether it be built into the program or used alongside it.
- Most firms require remote access so employees can work from outside the office. It’s crucial to ensure your VPN or other remote access solution is secure, usually through encryption and authenticated connections.
- There are other security tools, as well to consider, such as 2-factor authentication (2FA) and other encryption tools at the email, desktop, and server levels.
- And of course, no plan is effective without the proper policies and education in place to enforce it.
Any plan must be sized correctly to your firm and be able to scale as your firm changes. Multiple backups of your data should be made per day, and the entire process should be continually monitored and tested. Remember, security is a process and must evolve as the threat landscape changes.
Because of this constantly evolving threat landscape, Tabush Group is launching a comprehensive service to protect both your systems and your users. Our Premium Defense Service offers additional security to anticipate and prevent cyberattacks. For more information, send us a message or call 212.252.0571.