Cyber criminals continuously step up their game. Do you? When was the last time you asked your IT provider to demonstrate (in plain English) how good your own Cybersecurity is? Ransomware has been on an upsweep for a decade has taken off exponentially with the increase in employees working remotely due to COVID. This has turned into an unprecedented assault on American as well as global businesses.

We at ITFirm.com have long insisted on the most stringent Cybersecurity defenses for our clients. Adherence to this standard is not only mandated and expected from our field technicians and IT HelpDesk personnel, but the agreement to implement aggressive security is a ‘deal-maker’ when considering prospective clients for our Managed IT Services.

There are many factors that go into top-notch Cybersecurity defenses. Your IT Support should be taking care of the technical end, BUT the end-users bear an amount of responsibility as well. Over 85% of all successful Ransomware attacks are caused by an end-user falling for a Phishing Scam – clicking on n attachment or link in a malicious email. Ongoing, regularly scheduled Security Awareness Training, just like tight security in general, is not an option – it is a must.

We at ITFirm.com know that a Ransomware attack is not a matter of IF, but of WHEN – no matter what protections are in place. Once the attack happens, we launch our Backup and Disaster Recovery plan immediately – isolating the malware, shutting down the infected device(s), wiping them clean and reinstalling the data from our secure backups. Typically, there are only a couple of hours of lost productivity for the device(s) affected.

Immediate action and reliable, secure backups are the sure-fire remedy for an attack, but the smart money is on limiting its possibility of an attack occurring successfully. This is possible with good Cybersecurity and Security Awareness Training.

What are cybersecurity best practices?

#1 and #2 below provide the bedrock for any thwarting of a cyber-attack, whether Ransomware or any other type of data breach or hack:

1) Backup and Disaster Recovery. It is the ultimate answer to any successful attack. Your IT crew should have a written step-by-step plan to follow in the event of a cyber-attack. Depending on how your system is set up – either locally or with network operations in the cloud, these three types of backups are necessary:
Local Backup
Cloud Backup
Cloud to Cloud Backup

2) Security Awareness Training. Your network is like a castle, Firewalls are the fortress walls and Anti-Virus is the moat. What good is any of it if an untrained employee opens the gate and lowers the drawbridge? End-users are the weakest link in your defensive chain. Educate them through ongoing training: three times a year at least.

3) Next Generation Network Security. This consists of the best Firewalls, Anti-Virus (AV) spam and email filtering, with a system of alerts that go straight to your IT provider in the event of a breach. All aspects of security must be constantly updated – the cyber crooks aren’t using the same code they used 10 years ago, so you cannot rely on a 10-year-old firewall.

The same goes for every area of your network security. Running unsupported Operating Systems such as Windows XP or Windows 7 is like leaving a door permanently open for hackers to stroll through your network to loot and create havoc. Update, Update, Update!

4) Strong Passwords and Multi-Factor Authentication. After the initial strong password (NOT ‘123456’), use Multi-Factor Authentication – the simplest of which are several questions such as ‘What is your mother’s maiden name?’ or sending a code to your smartphone to enter. Thumbprints or retinal scans are among the other methods you can use to make access to your system more difficult to breach.

Whether company issued or ‘BYOD’ (Bring Your Own Device) ANY device that is allowed access to the network must be secured by your IT services team. Field employees must be trained not to use unsecured public Wi-Fi – hackers are known to park outside of a Starbucks just to see who they can hack into on the free Wi-Fi.

In the event of loss or theft, the ability to remotely delete important data is crucial. Your IT support team must have Remote Wipe capabilities on EVERY device used in the field that connects to the network.

5) Location Security
Put this in the category of common sense: the physical security of your office is every bit as important as the security in your network. It makes sense that nobody is allowed to enter your office through unlocked doors. If they can walk right in and the receptionist is on break, you’re at their mercy. Perhaps the receptionist keeps her network password on a post-a-note stuck to the bottom of her monitor; perhaps there is client information on the desk. Perhaps there’s a laptop to steal.

Not only can someone find information that allows them to breach your system, but they can certainly steal whatever isn’t bolted down.

Security cameras are a must these days. Do not allow anything to transpire in your office without someone overseeing the activity of visitors. The ability to review footage is invaluable.

Frequently Asked Questions

Q: What is poor Cybersecurity?

A: The #1 mistake businesses make is not understanding – or underestimating - the threat. All other mistakes flow from that misconception. Cyber crooks are hunting everyone – not just big companies. 85% or more of all Ransomware attacks are leveled at Small and Mid-Size Businesses (SMBs). You are not immune: nobody is ‘too small.’

Poor security depends on the quality of your IT Support. If you are still paying some ‘IT guy’ an hourly rate to come out ONLY when something is wrong, then you can take it for granted that your network security is lacking. See our offer of a FREE network and security assessment at the bottom of this page.

Q: Should I pay a ransomware?

A: According to the FBI: “The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn't guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”

Read more HERE.

Q: Can ransomware destroy a company?

A:  YES! After a successful Ransomware attack, 60% of companies that suffered a loss of data for a minimum of two weeks declared bankruptcy within a year. 24% of companies that paid the ransom NEVER got their data back. These are criminals, after all.

Q: Is it possible to prevent ransomware?

A: NO. Even with the best security defenses, over 80% of successful Ransomware attacks are due to untrained employees clicking on malicious links or attachments in emails. Institute Security Awareness Training for your employees and consult with your IT provider to make sure your Backup and Disaster Recovery plan is in place and bulletproof.

How secure is your network?

As a longstanding, reputable member of the Charlotte IT Support community, ITFirm.com offers a FREE, no-risk network and Cybersecurity assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to ever use our Managed IT Services.

The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.

We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Among the Managed IT Services we provide:

IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

For more information, or to receive your FREE no-risk network and security assessment, just fill out the form on this page or call us at:
704-565-9705