PROTECTING BUSINESS FROM CYBER ATTACKS
Cyber-attacks are always prevalent, particularly for multi-national companies. But with more people now working from home because of Covid lockdowns, even small and medium businesses are not immune.
“Cyber incidents are both costly and embarrassing,” says Peter O’Gorman, Cloudstreet Consulting Head of Tech. “From email phishing to data protection and crypto viruses, the Cloudstreet team are experts at educating our clients about the simple and effective approaches they can undertake to stay protected.”
Here are five simple solutions the Cloudstreet team recommend for individuals and businesses to protect themselves effectively.
1. Emails Office 365 – Quarantine EOP and Defender
Email spear phishing has skyrocketed during Covid-19. These emails, pretend to be from friendly sources, your boss or government, target the end-user.
While there are a host of solutions, the Cloudstreet Consulting team highly recommend looking at what you’ve probably already got, like Microsoft’s Exchange Online Protection (EOP) service.
EOP is free and confines emails in quarantine, so you or your business administrator can either release or block them. It’s a smarter, everyday protection policy, and it’s the first thing you should be using.
For utmost protection, you can upgrade your security to Office 365 Defender. Only a few dollars a month per user it enables everything with ‘anti’ in the name and sets up everything with ‘safe’ in the title:
- Anti-malware
- Anti-phishing
- Anti-spam
- Safe Links
- Safe Attachments
2. Devices – Microsoft Endpoint Management
Microsoft has done a fantastic job architecting protection for your business data where it is most vulnerable — on end-user devices.
Microsoft’s Endpoint Management can be enabled for any staff (corporate-owned) and bring your own devices (BYOD) within a few clicks.
This first level protection is a must. It encrypts your corporate data on the end user’s device, enforces either a pin or biometric to open company apps, and allows remote wipe of company data if the device is lost or stolen.
End devices such as Android, IOS and iPads are protected in this easy first wave. You must have Azure Premium P1 licenses as a minimum, and it costs just a few dollars per user per month to set up policies for your end devices.
3. Operating Systems
If you run your business on an operating system, you are not safe from the many and various crypto viruses still running around crippling small and large companies.
An operating system means using a server like Windows Server 2016 or a user desktop such as Windows 10.
To reduce the risk of attack on desktops, a Windows Virtual Desktop allows your staff to log in to a cloud-hosted workstation for access to their corporate apps. The added benefit is your staff can access this desktop from home or anywhere, providing the same secure experience.
While staff still require a workstation when in the office, it can be a much lower spec device. Some businesses use Chromebook’s exclusively, and Windows Virtual Desktop keeps your corporate apps and data secure and compliant with security capabilities that can proactively detect threats and take remedial action.
To reduce the risk of your servers, Microsoft offers serverless servers. Their Platform as a Service or PAAS looks after just about anything from web apps to databases.
If you don’t want to be compromised, consider dumping your operating systems (snack food for crypto) and moving to a secure serverless Azure PAAS service. You’ll also minimise your administration overhead by removing the need for operating system patches and updates.
4. Backups
Once in the Cloud, your company data is in good hands in the Azure ecosystem. But take note — you may not have enabled your backups yet!
Azure offers loads of backups for apps, databases, files, virtual machines and more, with standard retention policies and support for any retention policy you desire.
Your backup policy is only as good as the last time you successfully restored it. Test your backup policies through regular restoration exercises. This proves you can run the business from your restored backups. If not, you may find your business crippled when you most need your backups.
5. Education
Of course, the smartest and most essential step in any cyber policy for your company is educating your staff and partners.
Do this in two ways — first, the importance of safety and secondly, what they need to do.
When you have your plans in place, your communication plan will see your staff educated in waves — pre, during and post rollout.
Professional and visual email and communications templates are also fantastic tools that get the message across to your staff in a professional manner.
To learn more about how Cloudstreet Consulting can assist in protecting and growing your business, contact the professional team at:
contact
Cloudstreet Consulting
cloudstreetconsulting.com.au