Product Summary
Secure IT
Fully managed security solution designed to guard your network and entire IT infrastructure – including cloud resources and remote devices – from threats and attacks.
ARTICLE
Cyber Security Best Practices for Safeguarding Systems
Florin Soltan
Florin is a Cyber Security Product Manager at Acronym. He helps organizations protect against digital threats by developing and implementing robust security strategies to safeguard sensitive data and infrastructure.
Contents
Introduction: Cyber security is everybody’s business
Cyber security is the practice of safeguarding critical systems and sensitive data from both internal and external threats. It is a shared responsibility that extends beyond IT departments to encompass every individual within an organization.
Recent high-profile incidents of cyber attacks in Canada, which targeted sectors such as retail, health care and energy, highlight the pervasive nature of the threats. But these are just the ones we hear about in the news. All businesses, large and small, are potential targets, underlining the need for a heightened commitment to cyber security.
The evolution of cyber security
Traditionally, IT departments focused on protecting against threats from the bottom-up, by fortifying physical locations and network perimeters. Centralizing computing equipment and using firewalls for separation were – and still are, in many cases – common practices. Economies of scale were gained by placing equipment on the same network and extended through site-to-site VPNs, web security gateways and other solutions.
As technology and business priorities have evolved, so have cyber threats. Cyber security professionals are aware of the need for more robust controls to protect increasingly complex computing environments. But the last few years have ushered in such unprecedented changes in the business climate that allocating resources for cyber security has become more challenging. Businesses are dealing with uncertain economic conditions, the widespread adoption of remote work, record-high inflation and their own digital transformation initiatives, as they innovate to find operational efficiencies and gain market share.
The stakes are high
Even with significant investments in technology, security executives face an escalating number of cyberattacks. In 2023, data breaches became widespread, costing an average of US$4.45 million per incident. Notably, IBM’s Cost of a Data Breach Report 2023 revealed that 95% of surveyed organizations endured multiple breaches. Meanwhile, the 2023 Verizon Data Breach Investigations Report highlighted that ransomware attacks accounted for a quarter of all breaches. Such attacks have resulted in millions lost in market share, plummeting stock prices, and hefty remediation expenses.
The stakes are just as high for small and medium-sized businesses. Accenture found that small businesses are the target of 43% of all cyber attacks, with the average loss per attack pegged at US$188,000.
Keeping one step ahead of cyber criminals
A constant challenge for business is trying to stay ahead of the evolving threat landscape. With millions of hackers working round-the-clock to develop new strategies faster than companies can update their defences, even the most fortified cyber security system requires constant vigilance.
Another significant challenge is the shortage of qualified cyber security professionals. The 2022 Cybersecurity Workforce Study found that more than 3 million additional workers are needed to effectively secure global assets – despite the global cyber security workforce being at an all-time high. Worryingly, 70% of organizations surveyed say they do not have enough qualified cyber security professionals on staff.
Managed security services can help
Managed Security Services Provider (MSSP) offer a lifeline in this climate. While technology forms the foundation for organizations to build their security posture, the support of a skilled team of experts and robust processes is indispensable to combat today’s threats.
MSSPs can educate their clients about the threat landscape, assist in developing policies and procedures, assess their current security solutions, recommend ways to cost-effectively reduce vulnerabilities and provide visibility across all cyber security controls. And organizations that do suffer an attack experience a 21% shorter breach lifecycle when working with an MSSP, according to IBM’s Cost of a Data Breach Report 2023.
Flexible and innovative solutions
Organizations can choose to supplement their cyber security strategies by outsourcing specific functions to an MSSP or delegate their entire security operation to a managed provider. With access to comprehensive protection offered by an MSSP, organizations can feel more confident about their cyber security posture.
Having access to a breadth of advanced security technologies is another reason to partner with an MSSP. Over the past decade, MSSPs have evolved their services and now offer leading-edge technologies such as threat intelligence, machine learning (ML), artificial intelligence (AI), automation and big data analytics as part of their consolidated security platforms.
Cyber security is no longer confined to the IT department; it should permeate every facet of an organization and be seen as a business imperative and growth accelerator. The evolving threat landscape and the shortage of cyber security professionals make partnering with an MSSP an effective strategy to strengthen corporate defences in today’s digital age.
Is a Managed Security Services Provider a good fit for your organization?
Are you considering bolstering your cyber security posture by partnering with a Managed Security Services Provider? Here are some scenarios to help you decide if it’s the right move for your organization.
- Qualified cyber security professionals are in short supply within your organization and in the wider labour market.
- You require immediate access to trained and knowledgeable experts whose sole focus is cyber security.
- You want to reduce or eliminate ad hoc technology investments and are looking for a more predictable and cost-effective cyber security solution.
- Time and budget constraints make establishing an in-house cyber security program impractical.
- Your organization wants to take a proactive stance prioritizing threat prevention, instead of just reacting to threats.
- 24/7 monitoring of your critical systems and infrastructure to reduce the risk of security breaches has become a necessity.
- Your company requires assistance navigating complex regulatory frameworks and compliance issues.
- Your business is expanding to a new jurisdiction and wants to ensure consistent security standards across all your locations.
- Crafting a well-defined cyber security incident response plan has become a major corporate focus.
- Leading-edge threat intelligence and tools such as Machine Learning and Artificial Intelligence are required to enhance your cyber security capabilities.
Acronym’s IT Security Services is a fully managed security solution designed to protect your entire IT infrastructure – including cloud resources and remote devices – from threats and attacks. Opt for the layers of security your business needs, or choose fully managed protection for peace of mind. Learn More!
The challenges of a hybrid workforce: How to mitigate cyber security risks
A distributed workforce that utilizes both cloud and on-premises assets is now the new normal. This has led to an evolving threat landscape and expanding attack surface. Organizations need to enhance their detection and response capabilities across their entire IT environment, wherever their teams and employees work. The following best practices can help your organization secure your hybrid workplace model.
Remote work checklist for employers
Many companies couldn’t foresee that the number of employees working from home full time would almost triple after COVID-19 hit in 2020. Transitioning to a partial or fully remote workforce is a major operational undertaking that requires planning, resources and support. This comprehensive checklist can help you patch existing cyber security vulnerabilities and establish a secure work-from-home policy.
 Implement / refresh cyber security training | New research from Hornet Security shows that one in three organizations do not provide cyber security training to their remote workers. Ensure your employees stay updated on cyber security protocols and best practices by conducting regular training and testing sessions at least twice a year. |
| Use multifactor authentication and authenticator apps | Implement multifactor authentication to bolster security by preventing unauthorized access to company platforms and accounts. According to Microsoft, multifactor authentication blocks over 99.9% of account compromise attacks. Have employees use authenticator apps every time they connect to your network. |
| Perform a Home Network Assessment | Don’t assume that your employees’ home networks are adequately secure. As part of your remote-work transition process, task your IT department with conducting a basic assessment of each employee’s home network to ensure: • Routers are high quality, up-to-date and have updated SSID names • Network encryption is enabled • Network discovery options are disabled |
| Invest in security software | Invest in a full suite of security software for your employees’ home use, including: • Virtual Private Networks (VPNs). Employees using Wi-Fi to connect to your network expose it to unauthorized access. VPNs can help remote employees securely connect to your network by encrypting a user's internet traffic and disguising their identity and IP address. You can provide employees with individual hardware VPN devices or subscribe to a software VPN service that travels with the device on which it’s installed (useful for when employees are on the move). • Password management platforms encrypt and store users’ login information. Although platforms such as Google Suite and Apple iCloud include built-in password managers, specialized solutions offer more robust protection and keep personal and professional data secure. • Remote-wipe software to delete company files from a device that has been lost or stolen • Antivirus software provides an additional layer of protection to built-in firewalls and malware protection on employees’ equipment and devices. |
| Use a centralized storage solution | Encourage employees to regularly backup data to secure cloud storage. A central system for storing digital assets enhances organization, search capabilities, ensures users access the most up-to-date versions of documents and apps and improves security. Utilize encryption software to further protect company data and bar access to unauthorized users. |
| Encourage sound cyber hygiene | Though equipment and software can help protect your IT environment, your employees still need to practice good cyber security habits to keep themselves and their devices safe. Promote safe cyber security for employees by: • Setting automatic reminders for regular password changes • Sending updates when new versions of software are released • Having a plan in place if a cyberattack does happen to your organization. |
Remote work checklist for employees
Your employees are your first line of defence against cyber threats. While installing secure computing software on their laptops and devices is crucial, it’s equally important to educate your workforce about best practices to ensure their home work environments remain secure. Share these guidelines with all your remote employees and encourage them to be ambassadors for safe at-home computing.
| Secure your home office | Maintain physical security practices at your home office just as you would at your workplace. • Lock your home office when not in use. • Safeguard your laptops and devices when taking breaks. |
| Protect your home router | Cybercriminals look to exploit default passwords on home routers because not many people bother to change them. • Change your router’s default password to something unique. |
| Separate work and personal devices | Carving out boundaries between work and home life makes for safer computing. • Establish clear boundaries between work and personal devices. • Avoid using work devices for personal tasks – such as paying bills or shopping online – and vice versa. |
| Encrypt your devices | Encryption helps protect your device’s data in the event it is lost or stolen. • Ensure that encryption – password, PINs or biometrics – is activated on your devices. |
| Enable automatic locking | Automatic locking is there to protect unattended devices. • Configure your devices to automatically lock after a period of inactivity. • Choose time intervals that balance security and convenience – for example, 30 seconds for mobile devices and five minutes for laptops. |
| Enable find my device and remote wipe | Finding and connecting remotely to your device can protect sensitive company data if it is lost or stolen. • Activate “Find my Device” features on your work devices • Enable remote wipe capabilities to securely erase your device’s data • When disposing of an old device, return it to its factory settings (but remember to back up any critical information on the device first) |
| Use strong PINs/Passwords on your devices and multifactor authentication when connecting to the network | • Use a strong / unique PIN or password for each of your work devices. • Avoid using easily guessable patterns of characters (such as repeating numbers or sequences) or personal information in your passwords. • Aim for passwords that appear random to anyone other than yourself. • Always use multifactor authentication and/or authenticator apps when connecting to the company network. |
Design your cyber security architecture to combat evolving threats
Organizations worldwide are increasingly the target of ransomware attacks. The Canadian Centre for Cyber Security recently called ransomware the most disruptive form of cyber crime facing Canada, impacting individuals, businesses and government agencies. High-profile incidents across many sectors of the Canadian economy this year attest to the pervasiveness of the threats. The Centre for Cyber Security warned that threats will only increase in the years ahead. And it’s just not ransomware. Cyber criminals are increasingly targeting cloud infrastructures, mobile devices and lax individual protections, such as weak PINs and passwords.
In an era of growing cyber threats, designing or enhancing your organization’s security architecture is critical. The good news is that most cyber incidents can be prevented by implementing basic cyber security measures, according to the Centre for Cyber Security. Here are some tips that can help.
1. Consolidate your cyber security
The cyber security arena has become increasingly complex with the expansion of IT infrastructure. To effectively safeguard your organization, you’ll require an evolving suite of cyber security capabilities.
But using standalone solutions can make monitoring, configuring and operating your security infrastructure more daunting. That’s why consolidating your defences through a unified platform – encompassing network, cloud, workplace and data security – can strengthen your ability to manage and respond to threats.
2. Embrace a prevention-focused model
While many corporate cyber security strategies prioritize threat detection – taking action to remediate an active threat once identified – this approach leaves a window of opportunity for attackers to cause harm and establish a foothold in your IT environment. This can lead to costly and difficult remediation efforts.
By adopting a prevention-oriented strategy, you can proactively eliminate potential threats before they reach your organization’s networks, reducing damages and cost to your business.
3. Strive for holistic protection
Corporate IT architectures have evolved, introducing numerous potential attack vectors, such as cloud environments, mobile devices and Internet of Things (IoT) devices, each posing distinct security risks. To stay resilient against emerging threats, develop a cyber security program that offers comprehensive protection against all targets.
4. Leverage Managed Security Services Providers
MSSPs offer a suite of services designed to bolster your organization’s defences. These services encompass everything from setting up security infrastructure, to 24/7 threat monitoring, vulnerability assessment and incident response.
A managed cyber security solution also offers significant cost savings. Establishing comprehensive cyber defences in-house is expensive, especially with skilled professionals in short supply. And when you factor in the costs of standalone security solutions and licenses designed to protect against specific risks or platforms, costs can escalate in a hurry.
Acronym Solutions offers top-tier cyber security solutions designed to protect against today’s evolving threats and secure your digital footprint. Learn more about our innovative and cost-effective managed cyber security solutions.
Learn more about our featured solutions
Product Summary
Manage IT
24/7/365 monitoring, support, maintenance, reporting and asset management of your IT infrastructure.
About Acronym
Acronym Solutions Inc. is a full-service information and communications technology (ICT) company that provides a range of scalable and secure Network, Voice & Collaboration, Security, Cloud and Managed IT Solutions. We support Canadian businesses, large enterprises, service providers, healthcare providers, public-sector organizations and utilities. We leverage our extensive network expertise to design and build customized, fully scalable solutions to help our customers grow their businesses and realize their full potential. With more than 20 years’ experience managing the communications system that enables Ontario’s electrical grid, Acronym is uniquely positioned to understand the mission-critical needs of any business to deliver the innovative and reliable services that respond to the changing demands of businesses, and support rapid growth and digital transformation initiatives.