Protect Your Small Business

Protect Your Small Business from Future Threats

Protect Your Small Business

The well-known ransomware called Wannacry hit hundreds of computers in May 2017. As a business leader, it is important to understand what happened, to ensure that proper security measures are being taken to protect my business from future threats.

Computer systems will always be prone to attacks; from the largest enterprise to the smallest home business, many of these attacks start with email. The most recent example being the highly publicized WannaCry ransomware attack. E-mail attacks typically start with an innocent-looking phishing e-mail in your inbox, and end with losing access to all your data. One of the main problems with these types of attacks is that they are always evolving, sometimes within hours or days of each other, and they’re becoming harder to detect.

For example, in the recent Google Docs and DocuSign phishing e-mail attacks, attackers changed servers within hours after spam filters started to pick up on the breach; and then bypassed them. This allowed even more e-mails to go through, and more data was compromised. Once a user clicked on a link and entered information, or downloaded an attachment, data was compromised. In some cases, beyond recovery.

Myth: Many people feel that having a spam filter in place protects them from these threats.

It’s not always true that spam filters protect users from threats. In fact, with many of the recent attacks, the e-mails that were received were not recognized, or flagged as spam. In most cases, they are e-mails being sent from the account of a compromised party (who entered their credentials in a phishing e-mail), or through a legitimate third party.

So, what can you do to protect your business and employees from future attacks, when even a good spam filter might not catch a possible threat?

The key is having as many layers of protection between the outside world and the end user, as possible. The first layer of protection would be your spam filter, and the second would be your Anti-Virus / Anti-Malware software. The Anti-Virus / Anti-Malware software on your PC should be the last line of defense, and ideally never used.

What are some other layers of protection?

The most critical layer of protection has nothing to do with technology at all, but everything to do with the end user. Ensuring that you and your end users are diligent and attentive when reviewing e-mails, is important. It’s essential to always be on the lookout for suspicious emails with links or attachments. For example, if you receive a random e-mail from someone you may or may not know, it could be that their account has been compromised.

Were you expecting to receive a signed DocuSign document? Were you waiting for someone to share a document with you?

If the answer is no, don’t assume that because you know the name on the e-mail, that it’s safe. This is true even if it’s from someone within your own company. It doesn’t take much time to pick up the phone and call/text that person and ask. In this modern world, attackers prey on the fact that we have become so dependent on e-mail, and will not find other means to provide checks and balances. Do not e-mail back and ask if this is real, as the attacker could be sitting and monitoring that person’s e-mail account, waiting to reply, just to get you to enter in your information.

Another layer of protection is using Office 365 Exchange Online for your e-mail. Microsoft also offers Office 265 Advanced Threat Protection, which helps monitor your e-mail in real-time, against new, more sophisticated attacks, by screening malicious attachments and links. This is done by working with the security features already included in Microsoft 365’s Exchange Online Protection spam filter. Overall, this provides better defenses against zero-day attacks. Since zero-day attacks are generally unknown to the public, it is more difficult to defend against them (as patches have not yet been released), which is why they’re often effective against “secure” networks.

Office 365 Advanced Threat Protection can be added to most Office 365 Business or Enterprise plans, and is included in the Office 365 Enterprise E5 plan. Basic configuration of Office 365 Advanced Threat Protection is relatively quick, and licensing is easily acquired.

By Matthew Cleaver

Matthew Cleaver

Matthew Cleaver is the CEO and Managing Partner of The SMB Help Desk. Matthew has worked with multiple Fortune 500 companies and countless small businesses, supporting business process changes for sales and marketing systems as well as ERP systems. As a small business owner, certified Salesforce developer, certified Sales Cloud Consultant, and cloud evangelist Matt understands the challenges that small business owners face, and how implementing cloud solutions can improve operational efficiency, customer service, and the overall performance of the business.

View Website

CONTRIBUTORS

AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility Earlier this week, AWS S3 had to fight its way back to ...
Two 2017 Trends From A Galaxy Far, Far Away

Two 2017 Trends From A Galaxy Far, Far Away

Reaching For The Stars People who know me know that I’m a huge Star Wars fan. I recently had the ...
Cyber Security Tips For Digital Collaboration

Cyber Security Tips For Digital Collaboration

Cyber Security Tips October is National Cyber Security Awareness Month – a joint effort by the Department of Homeland Security ...
What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The ...
The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance  With technology at the heart of businesses today, IT systems and data are being targeted by criminals, ...
Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in ...
Countdown to GDPR: Preparing for Global Data Privacy Reform

Countdown to GDPR: Preparing for Global Data Privacy Reform

Preparing for Global Data Privacy Reform Multinational businesses who aren’t up to speed on the regulatory requirements of the European ...
What is shadow IT?

How to Make the Move to the Cloud Securely

Move to the Cloud Securely The 2016 Enterprise Cloud Computing Survey from IDG offers multiple interesting insights concerning the state ...
Principles of an Effective Cybersecurity Strategy

Principles of an Effective Cybersecurity Strategy

Effective Cybersecurity Strategy A number of trends contribute to today’s reality in which businesses can no longer treat cybersecurity as ...
What Futuristic Transportation Will Look Like In Your Lifetime

What Futuristic Transportation Will Look Like In Your Lifetime

Futuristic Transportation Being stuck in traffic or late for work because of a hold up on the dreaded commute could ...

NEWS

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...
email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...