5 IT Elements to Check to Make Sure You’re ProtectedIt’s all over the news – ransomware, hacks, threats… but how is your provider protecting you? When we conduct site surveys for non-clients, we often find that companies don’t know. Not all providers are engaged in best practices, and not all IT services even include advanced security. So how do you know if you’re protected?
Start by checking these 5 essentials:
- Windows updates. Months before WannaCry swept the globe, Microsoft had detected and patched the very vulnerability that this ransomware strain would later exploit. Businesses who installed the update were fine. This kind of regular maintenance goes farther than you think in reducing your risks. Yes, you have to reboot your PC again. But, it’s a small price to pay for protection. How to check: Click on the Windows update icon in the task bar or use the search bar in your start menu to search “Windows update”.
- Email filtering. This needs to be at the top of the list. Email is the preferred method of attack and ransomware delivery. About 80-90% of attacks are through email attachments, spoofing and links. Antivirus will not detect everything that comes through. If your existing IT provider is not providing this, they are not doing enough to protect you. How to check: Ask your network administrator or IT provider. You should also get emails from the service when emails are quarantined.
- Backups. Backup is the final line of defense in a multilayered approach to security. And it’s a critical one. The only way to get rid of infections and release encrypted files is to roll the servers back to before the malware. If your data is not backed up, you’ll lose it. It’s critical that you have onsite and offsite backups. Onsite is a quick restore point, but occasionally gets impacted by onsite disasters or infection. An offsite backup is essential. How to check: Ask your provider what kind of backups you have.
- End-user education. Criminals are looking for easy access. Even with filtering, malicious emails can get through. Filtering reduces the quantity, but your employees are the ones who will receive anything that breaks through. It might be something that looks benign, like a UPS package delivery notice or an email from the boss asking accounting for a wire transfer. How to check: If you have to ask, your staff is likely not educated enough on security.
- Best practices. Is someone managing the active directory to ensure that users who are no longer with the company have been removed? Little known fact: inactive users are often targeted by criminals to gain access to your network because nobody will notice that their password was changed. You also need to ensure password complexity. If your password is password1234 or companyname1, you’re an easy target. Best practices are created for a reason. If you’re not using them, you’re unnecessarily increasing your risk.
How to check: Have a third-party technology assessment to ensure your company is using best practices.
Don’t know where to begin with your company’s security? Contact the experts at Connecting Point at 970.356.7224 or online.