If you are a business leader, chances are you have been bombarded with a wide array of terms and options when it comes to cybersecurity. Whether these recommended security solutions came from a cyber insurance company, a security audit, your IT provider or even your internal IT team, business leaders need to understand the basics of how cyber security solutions can impact and help their employees.
Below is a quick overview of several commonly recommended security solutions for businesses, including a business level explanation of how these solutions can keep your team productive and protected.
Patch Management
Keeping workstation and servers updated is a core security practice. Patch Management is the process of updating your servers every month when vendors, mainly Microsoft, release security fixes and updates. While you may be installing security updates, best practice dictates that you have a detailed patching plan and schedule that includes the following:
- Test patches before they are installed
- Have a roll back plan to restore servers to the pre-patched state if there is an issue with the update
- A plan to install patches after regular business hours
- Have an inventory of all of the servers and devices on your network
- Monitor vendor sites for information on new updates
- Audit all successfully installed patches for potential issues
A proper patch management strategy is essential for any growing business as it ensures that your environment can maintain updates and stay secure as you team gets larger.
Anti-virus Management
This one may feel like a no brainer, but many organizations take anti-virus for granted. Often, smaller companies will add servers or new laptops to their environment and may forget to ensure that proper anti-virus is installed. Also, without a proper anti-virus management strategy, you may not have updated anti-virus definitions on all of your endpoints. A managed anti-virus solution ensures that all endpoints and servers have anti-virus installed and updated on a regular basis.
Multi-factor Authentication
Recently, multi-factor authentication (MFA) has become table stakes when it comes to user security. Multi-factor authentication is the process of requiring more than one method to access a system. MFA, or sometimes called two-factor authentication (2FA), involves three components:
- Something the user “knows”
- This is the most common form of authentication and involves a password or code that the user knows.
- Something the user “has”
- This can be either a key card, token, fob, or code on the user's phone, with the latter becoming the mainstream method for MFA.
- Something the user “is”
- This is something about the user that is unique to them, such as a thumb print or facial recognition scan.
MFA should be installed on as many accounts as possible, especially any admin accounts or accounts that have access to critical information (credit card info, SIN numbers, etc.). With the rise of Software-as-a-service (SaaS) applications, it is even more important to ensure MFA is used on these sites as passwords alone are no longer a viable method for protecting online systems.
DNS Filtering
The Domain Name System (DNS) is essentially the phone book of the internet. It is what translates user friendly domains names like www.ITForce.ca into computer friendly IP addresses. DNS filtering solutions use the Domain Name System to block harmful or inappropriate content on your network or device. DNS filtering uses a blocklist to stop users from accessing websites that have been identified as harmful.
DNS filtering helps businesses by stopping using from accessing websites with malware, which are commonly used in phishing attacks. Furthermore, websites can be added to DNS filtering block lists to stop users from accessing inappropriate websites at work.
Advanced Email Protection
Advanced Email Protection solutions involve SPAM filtering Anti-phishing solutions that are used on your business email systems. With the high adoption rate of cloud based email solutions such as Microsoft 365, SPAM filtering services often are built into the solution, negating the need for a third party option. However, phishing emails and SPAM (unwanted emails) still tend to make their way through standard SPAM filtering systems.
Advanced Phishing protection services involve scanning all inbound emails for known signs of phishing, such as an email that looks like it’s coming from one of your company executives, links to known malicious sites, and evidence obtained from machine learning techniques.
Application Whitelisting
Application whitelisting is a more advanced form of security management that involves blocking all applications from your company network and only allowing access to pre-approved applications. Application whitelisting is a form of zero trust security, which is often considered the gold standard for security measures. Application whitelisting protects organizations by stopping employees from inadvertently installing malware on their machines. Often, cyber-criminals may create malware that mimics legitimate applications, which could trick someone into installing it. Application whitelisting would stop this from happening.
Application whitelisting differs from locking down a user’s computer as it allows approved applications through and allows users to formally request access to a new application. This can improve the user experience while also improving security.
Persistent Threat Hunting
Anti-virus is not a guarantee that all threats will be stopped. Many new forms of malware and ransomware can either trick normal AV tools, or simply the malware is so new that the AV vendor doesn’t even know about it yet. Persistent Threat Hunting is cyber security solution that is designed to catch things that your AV solution missed. Persistent Threat Hunting tools scan your network for abnormalities and anomalies, and can often involve an actual person on the other end of the solution reviewing the potential issue. Persistent Threat Hunting works because it provides IT teams with a quick method for removing or quarantining malicious files.
EndPoint Detection and Response
One of the more advanced cybersecurity solutions out there, EndPoint Detection and Response (EDR) tools are designed to continuously monitor and respond to security incidents on an employee's endpoint device. EDR tools are installed on your employee’s laptop or PC, and will detect, alert, and respond to potential security threats in real time. The primary benefit of an EDR tool is the ability to quickly catch and stop malware or ransomware on an endpoint before it spreads.
Security Operations Centre (SOC)
Security Operations Centres are the gold standard for business security solutions. A SOC combines the three building blocks for managing your security posture: people, processes, and technology. A SOC is a team of dedicated security experts that monitors technology systems 24/7 for potential issues, and actions and remediates any problems. A SOC is essentially an extension of your IT team as experts will be accessing and monitoring your systems.
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) is a type of software tool that combines multiple points of management for your IT infrastructure into one centralized viewpoint. SIEM tools provide a “birds eye view” over your IT network and physical infrastructure and correlate alerts from several different sources into one area. SIEM tools can detect patterns that can lead to a security incident, allowing your IT team to act quickly and stop issues before that can cause serious problems.
Conclusion
Security tools are only part of your overall security strategy. In order to keep your team safe and secure, you need to put a complete security solution in place that involves the right tools, people, and processes.
Interested in learning more about Cybersecurity? Check out our cybersecurity page for resources on how to keep your business safe.