By Shawn Freeman, founder of Calgary-based TWT Group.
2017 was a rough year for cybersecurity. Major companies like Equifax and Yahoo were in the news for massive and preventable data breaches, while high-profile ransomware like WannaCry threatened to cripple a variety of organizations, most notably in the healthcare industry.
Unfortunately, 2017 is hardly an anomaly. I've seen firsthand how even the tiniest crack in a company's defenses can wreak considerable havoc. Hackers are becoming smarter: They find out what people are doing to protect against their attacks and develop ways to get around it. Still, most of the biggest data breaches could have been (and can be) prevented.
Knowing what we now know about cyberattacks and given our experience in 2017, any organizational breach in 2018 could quickly become unforgivable by the public. And if companies in every industry don't start taking security seriously, this past year will be considered mild compared with what's to come -- especially with hackers starting to use AI to target businesses and people.
How to Protect Your Business in 2018
Organizations wanting to shore up their protections for this year need to focus their strategies on two areas: their tools and their people.
1. Don't Skimp on Security Solutions
Many small businesses and startups make the mistake of thinking that their businesses are too niche to be targets. In reality, half of all cyberattacks target smaller companies because they're more likely to have limited budgets devoted to cybersecurity. While not having security is a costly mistake, security can become costly in its own right if not planned and monitored.
There are two lines of software protection that are indispensable for any business: a firewall -- which not only stops hackers from getting in but can also stop malicious traffic from getting out -- and a domain name server-based security solution -- which protects people even when they're outside an office environment.
In both instances, I've found Cisco's offerings to be excellent. Cisco's Meraki firewall (a partner of ours) comes with all the features a security expert would need and its Umbrella DNS security solution not only protects those company devices outside the firewall but also helps protect against fraudulent links that pop up in things like scam emails. In addition, solutions like Hexnode MDM and Mobile Device Manager Plus are great options.
2. Monitor Your Current Solutions to Plan Future Ones
While it's important to always budget for today's maintenance, don't let that prevent you from pursuing new methods that can provide better and more proactive protection to combat tomorrow's threats.
Not all solutions are created equal, as there are always some systems or departments that are more vulnerable across an organization. And never trust outside computers in the hope of saving some money. For instance, consultants shouldn't be allowed to use their own devices on your internal network. Either give them a device you control and secure or force them to use only the guest network.
Remaining vigilant also means not allowing your organization to rest on its laurels. By creating a spreadsheet containing your IT expenses, you can see which costs are constant and which fluctuate. This will allow you to better predict future costs while eliminating extraneous services. And if servers are too expensive or becoming obsolete, then you should consider a move to the cloud to reduce costs.
3. Invest in Your People
As vital as the right security software is, what's even more important is that the people being protected by that software are educated on the best security practices. Your tools are only as strong as your people. For instance, while filtering tools can help weed out malicious emails, if your employees can't spot a fake email, then your company is at risk.
In addition, finding a trusted advisor who can help you prioritize your tasks and keep you on target is essential to implementing and maintaining the right education. Chosen wisely, an expert security consultant can get you where you need to be more efficiently and safely than you'd be able to do on your own.
Even with the best tools and educated workers, breaches can still happen. Thus, having a solid disaster-recovery strategy that includes constant off-site system backups, such as in the cloud, is a necessary last resort.
There may not be any foolproof guarantees in the world of cybersecurity, but failing to implement the right tools and ignoring your people's roles in protecting your business could quickly mean that your organization becomes just another statistic in the 2018 cyberattack overview.
Shawn Freeman is the founder of Calgary-based TWT Group, where he helps businesses maximize their IT, using intuitive technology to maximize their efficiency, increase revenue and protect valuable data.