Understanding Cybersecurity Maturity Model Certification (CMMC)
[ZOOM EVENT] Wednesday, June 23, 2021 @ 11AM-12PM ET REGISTER HERE
9 CYBERSECURITY TOOLS EVERY BUSINESS CAN BE THANKFUL FOR
Cybersecurity is a huge concern for every business regardless of size. According to Cybint Solutions, 62 percent of businesses experienced a phishing and social engineering attack in 2018 and a hacker attack occurs every 39 seconds. A report by RiskBased Security shows data breaches exposed 4.1 billion records in the first half of 2019 alone. Verizon reports that 52 percent of breaches featured hacking while 28 percent involved malware.
Faced with such odds, many business leaders may feel completely overwhelmed when it comes to data security. The great news is that internet technology and security software is keeping pace with the threats businesses face every day. With that said, here are just a few of the security tools the trusted IT professionals at Dox are thankful for.
Security Assessment Tools
Vulnerability scanners, source code analyzers, and email phishing platforms are all tools that help businesses take a proactive approach to cybersecurity. Vulnerability scanners perform regular scans of your network, servers, and applications to alert you to weaknesses that a bad actor could exploit. This buys you time to fix the issue before a hacker can take advantage. Some of the vulnerability scanners available include Intruder, Microsoft Baseline Security Analyzer, and Nexpose.
Source code analyzers are also known as Static Application Security Testing (SAST) tools and they are designed to analyze source code to find security issues. These tools scale well and can be run to test software, buffer overflows, SQL injection flaws, and more. These are great for providing detailed information to pinpoint where problems exist so they can be addressed quickly and efficiently.
An email phishing platform Dox recommends is KnowBe4. This program creates user resilience and improves awareness by simulating and testing employees with phishing attempts. The purpose of this platform is to reduce the chance of a successful social engineering attack, lower the risk of access across your company, and provides risk reduction training for employees. It also works to protect against attack vectors including ransomware and credential collection.
External Drives and Backup Options
The panic of losing important digital files can be enough to make the coolest among us sweat bullets. Relief is easy to achieve when you employ an external drive that automatically backs up your precious data. The best part is external hard drives are not expensive or difficult to set up.
You can also use online backup options as well. There are several backup services that can scan your hard drive for files, encrypt them, and save them so you always have access to restore lost or stolen files. This is especially helpful for businesses. Costs for these online backup options vary. Check out the blog The Best Online Backup Services for 2020 by PCMag.com for some options.
Virtual Private Networks
One of the best things about living in a technological world is the convenience it offers us. With free WiFi in just about any public location from the coffee shop to your local library, you have a constant connection where you can surf, shop, or communicate. The downfall is that hackers can also access these systems, find your mobile device, and steal your information. That’s where a good virtual private network (VPN) comes in.
By using a VPN, you can safely and securely conduct private business on a public network to keep the bad guys at bay. Virtual private networks operate in two parts. They encrypt your communications and hide your IP address from prying eyes. Some of the popular VPNs on the market are Nord VPN, CyberGhost VPN, or VyprVPN.
Software Updates & Patches
When you purchase software for your computers, it is understood that from time to time a hacker may find a way to weasel into the program. This is known as a “bug” or a vulnerability. When a manufacturer becomes aware of a vulnerability, they will develop a patch to address the “bug” in the software to prevent bad actors from taking advantage of the weakness. Updates are also produced from time to time to keep your computer and data safer from malware and would-be thieves.
You can sign up for update notifications from your software manufacturers or with Dox. This will allow you to stay on top of alerts and advisories regarding updates and patches for everything from Google Chrome to Microsoft products. You can schedule your updates to occur when it’s convenient for you, when you restart your computer, and you can push updates manually.
Browsers with Flags
Whether you use Google Chrome or Mozilla Firefox, today’s web browsers are set up to flag sites that may not be the safest to visit which can save you and your business from an unfortunate trip down a bad rabbit hole. For example, Google Chrome will tell you if you have stumbled onto an unsecure site. A message will pop up in the top left hand-corner of the address bar to let you know the site is “not secure.” If you see this message, it’s best not to visit the site and you definitely don’t want to share personal information there such as credit card details.
While this cybersecurity tool requires a couple extra steps to get through security, it’s totally worth it. If you have multifactor authentication, you are prompted to verify your identity whenever you sign in. The software may generate a code that goes to your email or text your phone to enable you to log into another device.
With all of the different websites, VPNs, and multifactor authentication, keeping track of passwords can be a virtual nightmare. Everyone knows you shouldn’t use the same password for multiple logins and you should never write down your login and password information so what’s an overloaded brain to do? This is where a good password manager comes in.
Password managers were created to make remembering your passwords a cinch. Rather than save passwords in your browser which can be accessed easily if your computer is hacked, Dox recommends choosing one of the many web-based password managers. Some options for web-based password managers include Norton Password Manager, LastPass, and Keeper.
Secure Sockets Layer
If you have anything to do with the management of your business website, you may have heard of a secure sockets layer (SSL) certificate. A SSL certificate means that the web manager has added an extra layer of security to their website. It typically costs $100 or less per year and is especially important for online shopping.
Sites with an SSL feature HTTPS:// at the start of their web address as opposed to the old standard of HTTP:// in their web address. That extra “S” as the end means the website is safer. When visiting websites, look for that extra “S” and avoid visiting websites without it. Norton has also created a free tool called Safe Web where you can paste the URL into it to find out if the site is safe or not.
Intrusion Prevention Systems
An intrusion prevention system (IPS) is network security that detects and prevents identified threats by continuously monitoring your network. This software searches your network including traffic flow for malicious incidents. It captures information about when a threat occurred, what may have been stolen or changed, and the source of the attack. Common IPS programs include Cisco SecureX, H3C-SecBlade-IPS, and Darktrace Enterprise Immune System.
All of the above cybersecurity tools support a safer work environment for businesses, data, and employees. Business leaders should understand that cybersecurity is just as important as physical security and contributes to the real risk management. If your organization needs assistance with improving its cybersecurity, employee training, or reducing risk, contact Dox today at (585) 473-7766.