Companies on hackers’ radar. Where to start cybersecurity? 

Cybersecurity is often associated with large companies and serious financial outlays. This is wrong thinking with very serious business consequences. 

According to F5 in its Phishing and Fraud Report, with the outbreak of the pandemic and the move of employees to the home office, the number of phishing or ransomware attacks not only increased by 220% but also exceeded the barrier of over 36% of all security incidents. It is also significant that attacks began to be carried out not by individual hackers, but by organized crime groups that profit from attacking the infrastructure of an ever-widening group of unsecured companies. 

Hackers attack companies much more often than you might think: an average of 938 times a week. This is an increase of 35%. compared to January 2022, according to Check Point Research data. 

Therefore, a lack of interest in the cybersecurity of employees and company assets is asking for trouble. In this case, it is only a matter of time before your business, and sometimes your life’s work will be at the mercy of hackers. 

Cyberattack is only a matter of time 

If you think that IT security does not concern you, you are wrong. Count how many devices connected to the Internet you use. Think about how many emails you reply to each day. How many strangers write to you on social media? If you go to the office, you may be using a private phone there, which may be infected. Maybe you have no problem connecting a private computer on which malware is running wild to your corporate network. 

Or maybe just on Friday afternoon, when you get tired, you happen to click on e-mail attachments or on links from senders who only seem harmless. 

Each of these situations is an opportunity for a potential attack. Each of them is dangerous for business because it is a gateway to company data, personal data of employees and contractors protected by the GDPR, written procedures and applied know-how. Leakage of such data means fines worth millions, which will not miss either large companies such as mBank or smaller organizations such as your company. 

Where to start? 

The good news is that IT security measures can be easily implemented for little money in companies of all sizes. Our engineers talk to clients from various industries daily and can choose solutions that do not require huge investments and provide a basic level of security. Just like good insurance. 

First, protect your business from phishing 

To increase your business security with just one investment, start with phishing protection. 

Phishing is a scam attempt in which cybercriminals use false information to extort information or funds from their victims. They can use specially crafted emails, and fake text messages, they can also impersonate e.g. bank employees and phish for login details to the banking website. However, they are increasingly using more sophisticated methods. 

One of them is intercepting Internet traffic and redirecting users to fake websites. Cybercriminals use DNS manipulation or man-in-the-middle attacks to redirect users to fake websites. 

Phishing is an extremely dangerous attack

It takes advantage of our temporary lack of concentration and the lack of ability to unmask an experienced cheater. You can protect yourself against it with solutions that, based on billions of analyzed cases, can recognize the threat much better than the human eye or ear and block it before it causes havoc in your organization.

Such a solution is, for example, Cisco Umbrella, which uses advanced machine learning mechanisms to effectively detect dangerous activities on the Internet and block them before your employees fall for them. 

Umbrella works extremely quickly and effectively. You can find out about it by implementing a free, 14-day solution pilot with us. 

Second, secure your network from attacks 

When we ask business owners how they care about cybersecurity, they most often say that they bought a firewall a few years ago, so they are safe. Of course, we’re talking about a hardware firewall, not one built into Windows and rarely (if ever) updated. A decent firewall is a must-have for every organization. It can be more expensive or cheaper, but it should always provide proactive protection against unwanted calls. As the methods of attackers are more and more diverse today, a simple firewall is not enough.

That is why the class of Next-Generation Firewall (NGFW) devices was created, which, in addition to the classic firewall, have several advanced security measures, such as: 

• advanced content filtering and application control – thanks to them, the firewall can recognize and block traffic generated by applications that are not trusted or dangerous; 
• advanced threat detection and blocking – NGFW uses various techniques, such as application behavior analysis and malicious IP address detection, to identify and block threats; 
• integration with other layers of network protection, e.g. NAC class systems, MDM, etc. 

Third, build employee awareness 

Taking care of cybersecurity, although it sounds like the domain of network administrators, is a joint task of the entire company. His role is not to make life difficult for employees. Good protection should be unnoticeable and transparent for them. At the same time, employees should be well-informed about the methods used by modern hackers. 

Keeping Post-it notes with your password next to your computer is not as uncommon as you might think. Similarly, using the same simple password as password123 or adminadmin or connecting from a work laptop to any open wireless network. Such behavior is asking for trouble. 

The average time it takes an attacker to crack a simple password is just a few seconds

In such a terrifyingly short time, criminals can log in to our e-mail, download personal data, or block us from accessing company resources. In other words, they can paralyze the operation of the entire company and additionally expose it to huge financial and image losses. It is worth adding here that the average ransomware attack on Polish companies is PLN 1.5 million ($350.000), so the risk is measurable! 

That is why it is so important to provide employees with secure access to devices, networks and information, which are the most valuable currency today, in addition to secure company tools such as laptops, telephones and e-mail. 

How to secure your business – 3 simple steps and more 

Taking care of digital security is not the domain of techy admins. This is the duty of every manager and business owner. Anyway, you can have the best IT specialist or administrator, but even he will be helpless if you don’t give him the tools to protect the company against attacks. And these will happen, sooner rather than later. 

If you don’t already have a cybersecurity budget, start with the basics. 

1. Protect employees from clever (and unsophisticated) phishing attacks – the Cisco Umbrella solution, depending on the scale of the company, can be implemented for less than $2/month per person.  

2. Invest in a Next-Generation Firewall – there are many options, and we can help you choose one with the right protection and in an adequate budget. 

3. Double secure each login, but in a way that is not burdensome for employees – use MFA (multi-factor authentication) solutions. 
4. Use captcha authentication for enterprise to secure online forms.

Of course, there are many more security solutions. Start with basic protection and be smarter than criminals. And then those managers who count on a stroke of luck and a hunch they will not be attacked. Trust me, they will. 

Do you want to secure your company and are you looking for the right solution? Fill out the form and we will contact you and offer protection that will be tailored to your company.