| Submitted by: Brian Dykstra, CEO of Atlantic Data Forensics |
Over the past 14 years Atlantic Data Forensics has handled hundreds of computer and network intrusions for small businesses all the way to giant multinationals. This year during a review of clients we determined that there are 3 very basic computer security things that a company can do that will likely prevent them ever having to call us for a serious incident response.
1. Control Your Perimeter – Many small companies don’t actually have a firewall at their perimeter (relying on the cable modem router) or at larger companies they have a firewall that isn’t really doing its job due by not being up-to-date or properly configured. Have an up-to-date, next-get firewall (they make them for small businesses too) and apply all the best security practice rules. Bonus – Turn on GEO-IP blocking and you can stop worrying about most Russian hackers.
2. Install Antivirus (AV) On Everything – You can’t rely on the built-in Microsoft AV to protect you. Apple users need AV too, more new Mac viruses are created every month than any other kind. Choose a good AV product and make sure it is installed on everything (laptops, servers, cloud, email). Many AV companies (Webroot, Sophos, Bitdefender) now have cloud consoles that allow you to easily manage you AV without any extra work.
3. Two-Factor Authentication (2FA) – 2FA is available for free with Microsoft O365 and Google email. Go the extra distance and use a product like Duo or Okta to have 2FA on all your computers/cloud environment and you’ll practically eliminate the chance of account compromise. Take advantage of the free 2FA solutions offered by your cloud and financial service providers to secure your data stored in other people’s computer systems.
4. Patch – I know I said 3 Magic Things and that is because operating system patches from Microsoft and Apple are free. All you have to do is say “yes” to the free system patches and you are eliminating lots of opportunities for hackers to take advantage of you.
I’m not saying that this is all you should do as part of a corporate cyber security program. There are dozens of other things, from policy to disaster recovery that need to be taken care of in a well-managed computer network, but these 3 simple things will get you started on the right path.
During the pandemic Atlantic Data Forensics has been handling many more ransomware events, financial fraud incidents and phishing related intrusions than normal. We want to do everything we can to help protect you and yours during this crisis.