By Howard Magill, CEO at Road Map Technologies
Assuming your company already has an antivirus in place, here are some quick, low hanging fruit that can be implemented without hurting the budget. If you don’t have an antivirus in place or multifactor authentication, review your entitlements with your 365 subscription. You may already be paying for it. If your tech savvy and don’t have time constraints, these are things may be able to implement yourself.
Awareness Training
Start by implementing a cyber awareness training program. Awareness through education and consistent communication gives you the biggest bang for your buck when it comes to phishing attacks; a new day, a new scam. Make sure employees are up to date with these scams. Look for programs that provide up to date monthly training. They don’t have to be long, but a monthly 3 to 5-minute training video can make the difference if you employee gets schwacked or not. Don’t get schwacked! Ivoryware is a great place to start and they will set you up with no minimal licensing purchases.
OS Patch Compliance
As small companies grow, compliance can become more challenging. Work from home users make it more interesting. Today, small companies may not have an office, meaning everyone works virtually. This can result in personal devices connecting to virtual devices, or company owned laptops which are shipped to the employee directly and leverage Azure AD. This doesn’t have to be difficult with the right talent. You should be able to leverage Microsoft Intune and Windows Update for Business to manage this. Small and medium businesses may find it optimal to outsource patching with a trusted advisor. Whether in house or outsourced, if you’re not doing it, it should be the next thing you do. There are solutions for virtual and hybrid networks.
3rd Party Software Patching and Compliance
As a small business, we know how hard it can be to find the right tools for this size of the business. No one wants to pay for 1000 licenses to support 25 devices. No way! Flexera’s Software Vulnerability manager is a great tool for larger businesses, but they have a minimum purchases on licenses. There are good solutions out there, it’s just finding the one that fits your business model is difficult. As you grow, you will need to scale. Growing may mean that you move to a different tool, but don’t wait to patch your software. Deprecated software versions and zero-day vulnerabilities are a gap for ransomware and other viruses which can make their way into your network.
Managing Assets
I bet you’re asking, how does managing assets have anything to do with cyber security? Well, if your systems can’t support the capabilities of software, not only are you at risk of working on deprecated software that will eventually be out of support, but you are also not going to be able to scale to support the capabilities of your business. Also, by managing and rationalizing your hardware and software, you will reduce your security footprint. Some tools include asset management and 3rd party software vulnerability insights and patching. It is very important to be able to understand your environment and where your risks are, like:
- Out of Date Warranties
- Deprecated Hardware
- Deprecated Software
- Software Vulnerabilities
- Patch Compliance
- Etc…
Remember, these are ideas for the low hanging fruit that small to medium companies are not regularly doing. Believe it or not, there are even some large companies that are not doing it either. If you are not doing the aforementioned, you’re liable to get schwacked. Don’t get schwacked!
Contact us to help you find the correct solutions for your business.