SMBs need to get the basics in place to protect their own business and others in the value chain – it is widely known that corporate cyber incidents often emanate from third-party service providers with poor security in place.
According to PwC’s Global Trust Insights, organisations know that cyber risks are increasing and more than 50% expect a surge in reportable incidents in 2022 – above the already startling 2021 levels – as ever more sophisticated attackers seek and find vulnerabilities in systems and networks.
Every industry has its own jargon and acronyms, but when you see your audience’s eyes glaze over you know they are tuning out because they don’t know what’s going on. At Tarsus Distribution, our aim is to ensure that partners and customers are able to contribute to discussions, especially when it comes to matters of cybersecurity – the practice of protecting critical systems and sensitive information from digital attacks.
Let’s start with an analogy. A mediaeval castle sits on a hill. It is surrounded by a moat and protected by a dragon. An army of brave knights upon horses are armed with weapons and hide behind thick stone walls. Archers fire arrows at the opposition, and residents of the castle do all they can to repel attackers. Cyber security best practice is much the same – multiple defensive solutions are layered to protect sensitive data and business IT assets.
Here are some of the most important elements of a multi-layered cybersecurity strategy:
Network security protects your network and data from breaches, intrusions and other threats. It is a vast, overarching term that describes hardware and software solutions, as well as processes or rules and configurations relating to network use, accessibility, and overall threat protection.
It includes access control, virus and antivirus software, application security, network analytics, types of network-related security (endpoint, web, wireless), firewalls, VPN encryption and more. Network security is vital in protecting client data and information, keeping shared data secure and ensuring reliable access and network performance as well as protection from cyber threats.
Endpoint security secures the entry points of end-user devices such as desktops, laptops, and mobile devices. Endpoint security systems protect these endpoints on a network or in the cloud from cybersecurity threats. These systems are designed to quickly detect, analyse, block, and contain attacks in progress. Endpoint security is often seen as the frontline and is one of the first places SMBs should look to secure their enterprise networks.
A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organisation's defined set of security rules. It is essentially the barrier that sits between a private internal network and the public Internet.
Cloud security refers to the technologies, policies, controls, and services that protect cloud data, applications, and infrastructure from external and internal threats to business security. SMBs need cloud security as they move toward digital transformation and incorporate cloud-based tools and services as part of their infrastructure.
The 2021 Digital Readiness Survey found that 81% of US-based IT professionals believe that having remote workers has increased their enterprise’s security challenges, while 74% acknowledge that their company’s use of cloud solutions increased as a direct result of the COVID-19 pandemic. Cloud security is extremely important in keeping cloud-dependent remote work setups secure and compliant, and SMBs should be increasingly prioritising cloud security and remote worker support.
Encryption converts information into an encoded format that hides the information's true meaning. This data can only be read or processed after it's been decrypted. The basic building block of data security, encryption is the simplest and most important way to ensure a computer system's information can't be stolen and read by someone who wants to use it for malicious purposes. It protects user information sent between a browser and a server.
Social engineering uses psychological manipulation to trick users into making security mistakes or giving away sensitive information through a combination of trickery, coercion, and similar tactics. This can include monitoring the person’s social media presence. They then move to gain the victim’s trust and trigger subsequent actions that break security practices, such as revealing sensitive information or granting access to critical resources.
Techniques include phishing emails that contain links to phishing and other malicious sites that look like legitimate sites, infected attachments that download malware, and lookalike addresses that resemble a legitimate domain.
Cybersecurity solution providers like Check Point, Sophos, and Kaspersky stress the importance of end-user awareness and education. At Tarsus Distribution, we make “don’t click” awareness a culture to be developed at work and at home.
We offer Cybersecurity 101 education for our partners because it is widely known that ransomware and other malicious attacks are the biggest threat to SMB sustainability in a tough economy where companies are trimming their security budgets.
"SMBs that are concerned about their cybersecurity are welcome to contact Tarsus Distribution for a “health check”. Our team can identify vulnerabilities and develop a roadmap to enable you to beef up your security over a period of time. We see it as an investment in the longevity of your business."
References
https://www.pwc.com/us/en/assets/cyber-global-digital-trust-insights.pdf
https://www.checkpoint.com/cyber-hub/network-security/what-is-network-security/
https://cts.businesswire.com/ct/CT?id=smartlink&url=https%3A%2F%2Fwww.manageengine.com%2Fthe-digital-readiness-survey-2021%2Findex.html%3FPressRelease&esheet=52493987&newsitemid=20210921005042&lan=en-US&anchor=The+2021+Digital+Readiness+Survey&index=2&md5=b4be501b7f32a2717ffbc0b2799979d9
ENDS