What now, doctor?

Posted by Marco Michaud, Millenium Micro Group 23-09-2020 03:35 PM

Cyberattacks regularly make the news. Every day, businesses, regardless of their size, fall victim to hackers. No one is safe. According to the U.S. National Cyber Security Alliance, 60% of small businesses who are targeted by a cyberattack file for bankruptcy within the next six months.

More and more, business owners are asking themselves if they are at risk. The straightforward answer is yes. No business can be completely shielded, but risks can be greatly reduced. To know where you should invest, we suggest getting a diagnosis, an audit of your IT security.

In the best-case scenario, this audit should be done independently, not by your usual IT resource. If you have an in-house IT team, ask an external firm. If you deal with an IT consultant, ask another one to perform the audit. There are two reasons to do so: first, security is a complex issue, so if the person who set it up is the one auditing it, they might only think about what they implemented and will lack a fresh look. Second, it might be hard for the one responsible for security to admit they did not do their work correctly.

Millenium Micro affiliates have developed their own recipe to conduct security audits. We go beyond the cybersecurity aspect; we look at all your best practices to give you the complete picture of your IT. Any component you wish us to evaluate is examined by an expert. We recommend on-site visits so we can see what your tools cannot tell us. We’ve crafted an exclusive questionnaire comprised of over 200 questions which allows us to identify a host of potential problems. This audit should be performed annually because the context is changing too rapidly to afford being passive. In cybersecurity, the best protection is prevention: if you wait for it to happen, it will be expensive.

Once your audit is done, you will have to decide which problem to address depending on your risk tolerance. Indeed, nobody is perfect, and when it comes to cybersecurity, nobody will ever be. For most businesses, we recommend the Pareto approach: 20% of the effort to address 80% of the problems.

Remember that hackers are always testing your security, why shouldn’t you? Don’t wait, call your local affiliated Millenium Micro reseller today.

In the meantime, here are some basic recommendations:

  1. Prevention: If you deal with an IT dealer, instead of just “calling when there is a problem,” ask them for a preventive approach (regular updates, monitoring event logs, etc.) for your business.
  2. Back-up: Implement a strong back-up strategy, with at least one offline copy of your data. The first thing hackers will attack is your back-ups.
  3. Training and evaluating your employees: Most attacks start with an employee’s mistake, like clicking on a link in an email. They must be trained once a year, then evaluated throughout the year to ensure they master the concepts.
  4. Protect your Microsoft 365: The Microsoft 365 solution is convenient, and accessible from everywhere. Problem is, it is also accessible to hackers. You should at least activate multifactor authentication, as a minimum. Back up your data somewhere else. Add an antivirus to your Microsoft 365.
  5. Remove administration rights: Employees should not have administrator rights on their workstation. If they do and get phished, the hacker will be able to install what they want.
  6. Lock everything, unlock the bare minimum. Do it for everything: Firewalls, workstations, antivirus, etc.
Marco Michaud, Millenium Micro Group.