Hacking, ransomware, malware…
An outbreak of cyber-attacks threaten all companies, big or small. But, why would someone want to hack your company and what can you do to prevent it?
Why would someone want to hack me?
Most modern hackers have a certain goal when they try to hack your company. They want access to your data for mainly two reasons. The first reason is, to monitor what your company does and hopefully get access to your web banking and online payment systems. The second reason involves injecting ransomware to your systems, thus locking down your data from you, in exchange for money. Both cases are dangerous and we have seen a wide spread of those attacks during the past 2 years.
How can I protect my company without spending tons of money?
You will need a proper firewall and a security policy assigned to the firewall. You don’t need to spend a lot on that firewall. Sure, you could buy a Cisco or Checkpoint late model, but try to understand that the firewall is the medium that protects your company and not the solution. Your best bet is to find someone who can establish a segregation policy, along with blocking all traffic, unless it has been routed via a proper endpoint.
Cyber security in a nutshell:
Incoming traffic for management purpose should be allowed only via a VPN.
Your ERP should reside in a different zone from your employees, with limited access and only on certain ports.
Your file-server should also reside into a different zone, with access only to necessary ports.
Your outgoing traffic should be limited and filtered via a proxy server.
Your backups should be done in a regular basis and include an offsite storage.
Most modern firewalls can handle that. However, the most important factor is that you enforce your security policy to your personnel. The video below, demonstrates the threat of …human factor: