Cyber Security is vital to business continuity; it also improves workflow as a whole.
When your technology and computer systems are outdated, the chance of experiencing a vast array of cybersecurity breaches dramatically increases tenfold. What risk does this pose to businesses and how can you protect your business?
Frequently, there are reports of data breaches amongst well-known businesses; the cyber hackers will usually choose to target those businesses for financial gain by using ransomware. Any business can be a target, even a medical office and there are significant risks to your organization’s reputation and finances, not to mention possible federal legislative penalties if confidential data is breached. The most common threats include:
Ransomware – An exploit that is loaded onto a computer or server with the intent of extorting money. The exploits usually attempt to lockout user documents and files, and hackers demand payment to a bitcoin address to unlock the files.
Data Breach – This is when private (often confidential) information is deliberately targeted to be made public or sold. There is a major risk of reputational damage if confidential data is made public or sold on the black market. For medical offices, that is a definite HIPAA violation that can lead to putting you further in debt as a result of the HIPAA compliance fines.
Prevention is Key
1. Update Your Systems
To help prevent cyber attacks, your systems should run on a modern, supported operating system. The hardware used within your IT infrastructure and your software must also be kept up-to-par.
Products such as Microsoft Windows have a set life cycle where the manufacturer will actively support the system for a specified number of years. Being aware of the key dates of the software life cycle can help your organization make informed decisions about when to update, upgrade, or make changes to critical software. They offer technical support, security updates, service packs, and technical enhancements to their products.
When the system comes to its “end-of-life”, the maintainers cease further development and stop supporting and creating security updates. As the software becomes out-of-date, it becomes an easy target for hackers wanting to exploit the operating system. Desktop PCs running Windows XP, Vista, and soon Windows 7 have become obsolete in recent years. Server platforms running any OS prior to Windows Server 2008 R2 are also end-of-life.
Operating System End of Life Date
Windows XP 4/8/2014
Windows Vista 4/11/2017
Windows Server 2008 R2 1/14/2020
Windows 7 1/14/2020
Windows Server 2012 1/10/2023
Windows 8/8.1 1/10/2023
Windows 10 10/14/2025
Windows Server 2016 1/11/2027
Unpatched operating systems and software – Applications still being supported will receive regular monthly updates from the manufacturer. These typically include security fixes and server updates that protect your systems.
When a ransomware exploit was released in May 2017, it manipulated a “gap” in the Windows operating systems which allowed the execution of unauthorized code. Microsoft was aware of this exploit in March 2017 and released a patch to fix the exploit. When the exploit struck, a large number of high-profile organizations had not updated their operating systems or antivirus software, resulting in a widespread infestation of the malware, financial losses, and thousands of hours of downtime!
Unpatched IT Infrastructure – Computer and server hardware, as well as networking and storage infrastructure, has complex code built-in which instructs the hardware how to operate. Manufacturers release microcode and firmware updates to harden the devices against attack.
2. Utilize a Managed Service Provider!
Many businesses struggle to keep on top of the demands of keeping an updated IT infrastructure. An increasing number of businesses are choosing to outsource their IT services to a Managed Service Provider (MSP). This is an incredibly effective method of preventing cybersecurity breaches as the IT systems are managed by a third-party who are experts in securing systems. The MSP will patch the operating systems, patch the applications, and update the firmware and microcode on the associated hardware. Many MSPs also offer a managed service which incorporates antivirus protection, backups, and data protection. Data can be encrypted at rest and access restricted to authorized personnel only.
3. Cyber Security Training
It is every employer’s responsibility to ensure its employees are aware of the techniques cyber criminals use to exploit systems, as well as putting in place preventative measures to improve data integrity. Educating employees from the top to the bottom is essential to ensure that they understand the basics such as:
Spoofing – When a third-party maliciously impersonates a genuine IT system/device with the intention of launching attacks against networks, stealing data, or spreading malware. Spoofing can apply to emails, phone calls or websites and is used to gain control of vulnerable systems.
Phishing – When a third-party attempts to impersonate a genuine source and sends fraudulent communications. Typical examples include impersonating banks, insurance brokers, and legal firms. Often these are disguised within genuine-looking emails.
Whaling – A derivative of phishing, however, the target is always a senior executive, CEO, company director, or high-profile employee. The main aim is to steal sensitive information usually about the target or target company.
4. Layers of Protection
Another key area that can be used to protect your organization security is to add extra security layers to your company. Often when choosing to outsource IT services to a cloud provider, they will already utilize a hardware protection layer which acts as a security gateway to your organization. Probes monitor and manage traffic on the network looking for suspicious activity or compromised systems. Any part of the network can be isolated or ‘quarantined’ to stop infection should these fail-safes be breached. With GCS Backup, our software has stopped numerous viruses and other forms of malware that tried to sneak itself into the cloud storage but was caught and stopped right in its tracks to be quickly removed!