Recently, the Biden Administration issued a warning to companies of the “potential that Russia could conduct malicious cyber activity against the United States.” No matter what your personal opinions are on geopolitics, the fact is that Russia is a known state actor when it comes to conducting criminal cyber-attacks. While you might think “Russia wouldn’t attack my business because it’s too small, we’re not ‘critical infrastructure,’ and wouldn’t be a target,” it’s also likely that a hacker sympathetic to Russia sees a social media post from your company or its employees he disagrees with and launches a petty and vindictive cyber-attack against you. Or the hacker just knows that small-to-midsized businesses (SMBs) often spend relatively little on cyber-security measures—and Verizon Enterprise’s 2020 Data Breach Investigations report noted 1/3rd of all cyber-attacks were targeted at small businesses specifically because SMBs can be easy targets.
Today the immediate cyber-security threat is Russia, and tomorrow it could be another entity. So, the Biden Administration’s advice to harden corporate IT systems against potential cyber-attacks is actually some very good evergreen advice that all organizations should follow. But if your SMB is wondering where to begin on how to even begin the process of hardening your IT security, then the cyber-security consultants at Amaxra can help.
Amaxra knows the proven (and affordable) ways to harden IT at your SMB
For over a decade, Amaxra has helped SMBs to move their critical IT systems into the cloud and secure them against malicious cyber-security threats. As a Gold-level Microsoft Partner with an established cyber-security practice, Amaxra consultants have found there are three simple and effective measures that SMBs can take right now to shore up their IT security.
Although our business primarily works with SMBs to adopt Microsoft 365, Microsoft Dynamics 365, and other Microsoft cloud-based solutions, Amaxra’s three key cyber-security hardening recommendations apply to organizations that may not have any Microsoft software or cloud services at their business. But we’d also be remiss if we didn’t point out that some of these cyber-security measures are available at no extra cost to Microsoft 365 Business users.
Mandate the use of multi-factor authentication on all corporate systems
One of the quickest ways to increase the overall cyber-security posture for any SMB is to mandate the use of multi-factor authentication on all corporate IT systems. Multi-factor authentication, or MFA, is a security measure that recognizes user IDs and passwords are easily stolen or compromised by hackers. When MFA is enabled, users accessing any corporate-owned IT systems are required to enter their ID/password first then follow up with a second or third means of identifying their authorization to access the system. These additional factors, usually requiring the user respond to a text message or some other challenge on their mobile device, compensates for the weakness of just using single ID/password factor for authorization.
Any commercially-available cloud service for SMBs will offer some form of MFA, but not all are created equal and some are offered only on premium services. However, Microsoft 365 Business users have a built-in MFA feature based on secure Azure cloud infrastructure. Amaxra always configures MFA for our Microsoft 365 Business customers by default and has written about the steps IT admins at SMBs can take to enable Azure MFA for all users.
Encrypt corporate data so it can’t be used if stolen and run backups regularly
Data encryption is a process that converts your data—which can be documents, emails, and other file types—into a format that is only readable by authorized users on authorized devices. This is because “decryption” of converted data requires a special encryption key that only authorized users have. It’s important to note that data encryption helps ensure that only authorized parties can use the encrypted data but does not stop a malicious hacker from stealing your data off your corporate IT systems.
For all Microsoft 365 Business Standard and Business Premium users, encryption is turned on by default for all email messages using Office Message Encryption. Of course, Office 365 Message Encryption works with Microsoft Outlook, but it also works with other web-based email services such as Gmail. This powerful data encryption is perfect for SMBs because it can be used to send and receive encrypted email messages between people both inside and outside your organization. Amaxra recommends that SMBs with Microsoft 365 apps on Windows 10 PCs extend encryption to data beyond just email messages using Microsoft BitLocker. A built-in feature of Windows 10 Pro, Enterprise, and Education SKUs, BitLocker encryption can render a stolen laptop’s hard drive useless to even the most resourceful of hackers.
However, even though BitLocker can give IT managers peace of mind that data on an employee’s stolen laptop is safely encrypted, the issue is now that employee can’t access their data—the laptop is physically gone! That’s why Amaxra recommends that SMBs have a business continuity plan that includes regular data backups. You can’t go wrong with an Amaxra-managed business continuity plan that includes cloud-based backups using military grade AES-265 data encryption.
Deploy modern security tools to mitigate threats against company devices
Today’s smart IT leaders assume their organization will eventually fall victim to a cyber-security attack. It might sound like nihilism, but it is just realism. Anti-virus software and other cyber-security tools will detect threats but rarely provide viable automated responses. Amaxra recognized SMBs have limited human capital to spend on proactive IT security. We now offer a managed cyber-security solution called Amaxra Beacon. These tiered subscription plans deliver turnkey protection against cyber-security threats for a little as $1.50 per user, per month. With Amaxra Beacon, your SMB can get 24/7 managed detection and response for less than the cost of hiring a single full-time dedicated IT security specialist employee.
Although the current state of cyber-security can seem grim for SMBs, successful businesses know it’s better to be prepared. Hardening your IT now is crucial for your future business success. Let Amaxra be your partner to develop and implement a winning cyber-security strategy.
Contact me at email@example.com or call 425 708 8841 if you have any questions or comments on this blog.
Limited time offer: Let Amaxra manage your Office 365 licensing and we will configure security such as multi-factor authentication at no additional cost. Email firstname.lastname@example.org or chat with us on this website to find out more.