Out of the Box Solutions Blog

Tip of the Week: Use the Lessons Learned in 2017 to Improve 2018’s Cybersecurity

Tip of the Week: Use the Lessons Learned in 2017 to Improve 2018’s Cybersecurity

2017 was chock-full of security threats, attacks, and breaches. Therefore, 2017 was also chock-full of lessons to be learned regarding business cybersecurity. For this week’s tip, we’ll review a few lessons that hopefully weren’t missed.

Lesson One: Keep Track of Your Data
When Yahoo and Equifax announced that huge amounts of their client data had been breached, it became clear that even some of the biggest organizations that are most reliant on security are severely lacking in their security, especially where their data is concerned.

As this was observed, it also became clear that small or medium-sized businesses need to be more careful with their data security. After all, if such large organizations were able to be breached--and for these breaches to have gone unnoticed and then unannounced for months--an SMB needs to make sure that its data is accounted for and secured against threats.

Lesson Two: Patches are Pretty Important
As we said above, 2017 saw plenty of breaches, a sizable amount of which could have been prevented by deploying patches in a timely manner, especially in the Equifax case. Patches are, appropriately enough, what developers create to resolve security issues, or ‘holes.’ However, as 2017 proved, everyone needs to do a little better where patches are concerned.

First of all, developers need to improve their turnaround when it comes to releasing patches. For instance, the patch for the bug that enabled the EternalBlue exploit wasn’t released until a month after EternalBlue was disclosed. Meanwhile, the exploit was used to enable attacks like WannaCry and NotPetya.

This brings us to businesses like yours. Without applying patches in a timely manner, any organization is leaving themselves vulnerable to attacks that leverage what a patch could have resolved.

While you can’t control when a patch for an issue will be released, you can control when that patch is applied to your systems. The longer the patch goes unapplied, the longer you allow yourself to be vulnerable.

Plus, let’s say Microsoft releases a patch for a security vulnerability that hasn’t been discovered by the public. Once the patch is out, hackers can take it apart and find out what the vulnerability is and use it to attack those who are slow to apply the fix.

Lesson Three: There are Plenty of Ways for Data to Be Stolen
If you were asked, between ransomware and social engineering (like business email and account compromise, or BEC, attacks), which was the more profitable approach for cybercriminals, which would you guess? If you were leaning toward BEC attacks, you’d be right--Cisco found that BEC attacks are five times more profitable than ransomware attacks. According to the Federal Bureau of Investigation, business email and account compromise attacks have lost businesses over $5 billion.

Businesses also need to make sure that all of their endpoints feature the same security measures, as it is much easier for a threat to gain access to your business network from a relatively unprotected endpoint that it would be for that threat to gain access to the highly-protected, real prize directly. Access controls can help prevent a threat from accessing everything from a single endpoint, and security training can help your business endpoints recognize threats and mitigate them.

There is no denying that 2017 saw plenty of stress via security issues. Learning from this stress and adjusting based on it can help 2018 be more secure. For more assistance with your security, reach out to Out of the Box Solutions at 800-750-4OBS (4627).

Ransomware Increasingly Targets Android Devices
If Your Business isn’t Leveraging BI, It Should Be
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, January 22 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Business Computing Network Security User Tips Tech Term Productivity Privacy Internet Efficiency Smartphones Cybersecurity Browser Hardware Android Microsoft Communication Malware Mobile Device Ransomware Network Email Small Business Data IT Support Cloud Collaboration Data Backup Google Wi-Fi Passwords Mobile Devices Windows 10 Data recovery Internet of Things Wireless Holiday IT Services Communications Business Management Applications Users Managed IT services Backup Saving Money Innovation Social Media Managed IT Services Business Intelligence Blockchain Hosted Solutions Employer-Employee Relationship Business Information VoIp Software Networking Marketing Hackers Workplace Tips Outsourced IT Cloud Computing Computer Virtualization Compliance VPN Cortana Data Management BDR Computers Remote Monitoring and Management Save Money Tech Terms Gmail Microsoft Office Access Control Automation Medical IT Connectivity Smartphone Artificial Intelligence Analytics Facebook Managed IT Service Virtual Assistant Password Apps Wireless Charging Managed Service Mobility Bandwidth Remote Computing Cost Management Patch Management Update Twitter Excel GDPR Data Security Router Streaming Media IT Management Training Database Voice over Internet Protocol Office Spam Government PowerPoint Telecommuting Proactive IT Help Desk Environment Spyware Touchscreen Internet Explorer Tip of the week Big Data Outlook Inventory Unified Communications Knowledge Office 365 WannaCry Server Management Websites Virus Backup and Disaster Recovery Downloads Phishing Server Security Cameras Cybercrime Content Filtering Edge Sports Settings Business Continuity e-waste G Suite Comparison HP Microsoft Office 365 Safety Threat User Tip Profitability Data Protection RAM Telephony HIPAA Storage Antivirus Miscellaneous Hard Drives Trends Data Breach Reporting Word Tactics Workers IT budget Upgrade disposal Bring Your Own Device Specifications Document Management Telecommute Printing Physical Security Amazon Eliminating Downtime Mobile Security Microsoft Teams Voice over IP Hard Drive Dark Web Staff SSD A.I. Sales Lead Generation Network Attached Storage Wearables Gadgets Millennials Battery Analysis Certification Value Hybrid Cloud Paperless Office Authentication Dongle Paper eCommerce Laptop BYOD Operating System Company Culture Processors Error Troubleshooting Movies Tablet SaaS Healthcare Maintenance Technology Tips Business Technology Cables Conferencing Digital Data loss Authorization Ink Online Shopping Plug-In Wireless Internet Managing Stress Vulnerability Machine Learning Quick Tips Personal Information Disaster Recovery Regulation Printers Alert