No business wants to suffer a data breach. But unfortunately, in today’s environment, it’s difficult to completely avoid them. Approximately 83% of organizations have experienced more than one data breach. (IBM Security 2022 Cost of a Data Breach Report)

These breaches hurt businesses in many ways. First, there is the immediate cost of remediating the breach. Then, there are the lost productivity costs. You can add lost business on top of that along with lost customer trust. A business could also have extensive legal costs associated with a breach.

Visit our website here to see what the cost of downtime would be for your business.

According to IBM Security’s report, the cost of a data breach climbed again in 2022. The global cost of one breach is now $4.35 million, up 2.6% from last year. If your business is in the U.S., the cost rises to $9.44 million. In Canada, the average data breach costs companies $5.64 million.

Costs for smaller companies tend to be a little lower. But breaches are often more devastating to SMBs. They don’t have the same resources that larger companies do to offset all those costs.

It’s estimated that 60% of small companies go out of business within six months of a cybersecurity breach.

Companies don’t need to resign themselves to the impending doom of a data breach. There are some proven tactics they can take to mitigate the costs. These cybersecurity practices can limit the damage of a cyberattack. 

All these findings come from the IBM Security report. They include hard facts on the benefits of bolstering your cybersecurity strategy.

Cybersecurity Tactics to Reduce the Impact of a Breach

Use a Hybrid Cloud Approach

Most organizations use the cloud for data storage and business processes. Researchers found that 45% of all data breaches happen in the cloud. But all cloud strategies are not created equally.

Breaches in the public cloud cost significantly more than those in a hybrid cloud. What is a hybrid cloud? It means that some data and processes are in a public cloud, and some are in a private cloud environment.

What some may find surprising is that using a hybrid cloud approach was also better than a private cloud.

Put in Place a Disaster Recovery Plan & Practice It

You don’t need to be a large enterprise to create an Disaster Recovery (DR) plan. The DR plan is a set of instructions for employees to follow should any number of cybersecurity incidents occur.

Along with this, it is the Business Continuity Solution put in place by the business to monitor backup processes, implement recovery objectives and restore your data to its former state.

Here is an example. In the case of ransomware, the first step should be disconnecting the infected device. DR plans improve the speed and effectiveness of a response in the face of a security crisis.

Having a practiced Disaster Recovery plan reduces the cost of a data breach by an average of $2.66 million per incident.

Need help setting up your Disaster Recovery plan? We’re ready to help you with a custom-built business continuity solution that meets the needs of your unique business. Give our experts a call at 716-373-4467 x115 or click here to get started.

Adopt a Zero Trust Security Approach

Zero trust is a collection of security protocols that work together to fortify a network. An example of a few of these are:

• Multi-factor authentication
• Application safelisting
• Contextual user authentication
• Restricting administrative privileges

Approximately 79% of critical infrastructure organizations haven’t adopted zero trust. Doing so can significantly reduce data breach costs. Organizations that don’t deploy zero trust tactics pay about $1 million more per data breach. 

Use Tools with Security AI & Automation

Using the right security tools can make a big difference in the cost incurred during a data breach. Using tools that deploy security AI and automation brought the biggest cost savings.

Data breach expense lowered by 65.2% thanks to security AI and automation solutions. These types of solutions include tools like advanced threat protection (ATP). They can also include applications that hunt out threats and automate the response.

Here at Databranch, we use a number of automated remote monitoring tools that will inspect your system 24/7, 365 days a year to help prevent attacks from happening to your organization. Click here to learn more.

How to Get Started Improving Your Cyber Resilience

Many of these ways to lower data breach costs are simply best practices. You can get started by taking them one at a time and rolling out upgrades to your cybersecurity strategy.

Databranch will even help you put together a roadmap to achieve this in the most efficient way possible. Address the “low-hanging fruit” first. Then, move on to longer-term projects.

As an example, “low-hanging fruit” would be putting multi-factor authentication in place. It’s low-cost and easy to put in place. It also significantly reduces the risk of a cloud breach.

A longer-term project might be creating an incident response plan. Then, you would set up a schedule to have your team drill on the plan regularly. During those drills, you could work out any kinks.

Need Help Improving Your Security & Reducing Risk?

Working with Databranch can take the cybersecurity burden off your shoulders. Contact us today at 716-373-4467 x 115 or info@databranch.com to discuss your security needs.

Article used with permission from The Technology Press.

Read More

When the year is coming to a close, it’s the perfect time to plan for the future. Most businesses begin the year with the hope of growing and improving operations. Much of how a business operates depends on technology. So, it makes sense to look to your IT for areas of optimization.

A year-end technology review provides an opportunity to look at several areas of your IT. The goal is to take time to focus on improvements you can make to boost your bottom line. As well as what tactics to take to reduce the risk of a costly cyberattack.

A recent study by Deloitte looked at digitally advanced small businesses. Small businesses that make smart use of technology are well ahead of their peers. Here are some of the ways they excel:

• Earn 2x more revenue per employee
• Experience year-over-year revenue growth nearly 4x as high 
• Had an average employee growth rate over 6x as high

The bottom line is that companies that use technology well, do better. They are also more secure. According to IBM, businesses that have an incident response plan reduce the costs of a data breach by 61%. Using security AI and automation can lower costs by 70%.

As the year is coming to an end, take some time to do a technology review with one of our experienced team members. This will set you up for success and security in the coming year.

Considerations When Reviewing Your Technology at Year-End

The goal of a year-end technology review is to look at all areas of your IT infrastructure. Security, efficiency, and bottom-line considerations will be the key drivers for future initiatives.

Technology Policies

When technology policies get outdated, people stop following them. Review all your policies to see if any of them need updating to reflect new conditions. For example, if you now have some staff working from home, make sure your device use policy reflects this.

When you update policies, let your employees know. This gives them a refresher on important information. They may have forgotten certain things since onboarding.

Disaster Recovery Planning

When is the last time your company did an incident response drill? Is there a list of steps for employees to follow in the case of a natural disaster or cyberattack?

Take time to look at disaster recovery planning for the new year. You should also put dates in place for preparedness drills and training in the coming months.

Interested in learning more? Click here to read about the backup recovery and disaster recovery solutions we have available to protect your business.

IT Issues & Pain Points

You don’t want to go through a big IT upgrade without considering employee pain points. Otherwise, you might miss some golden opportunities to improve staff productivity and wellbeing.

Survey your employees on how they use technology. Ask questions about their favorite and least favorite apps. Ask what struggles they face. Let them tell you how they feel technology could improve to make their jobs better.

This, in turn, benefits your business. It can also help you target the most impactful improvements.

Privileged Access & Orphaned Accounts

Do an audit of your privileged accounts as part of your year-end review. Over time, permissions can be misappropriated. This leaves your network at a higher risk of a major attack.

You should ensure that only those that need them have admin-level permissions. The fewer privileged accounts you have in your business tools, the lower your risk. Compromised privileged accounts password open the door to major damage. Read more about local admin privileges and the associated risks.

While going through your accounts, also look for orphaned accounts. You need to close these because they’re no longer used. Leaving them active poses a security risk.

IT Upgrade & Transformation Plans for the New Year

If you make IT upgrades and decisions “on the fly” it can come back to bite you. It’s best to plan out a strategy ahead of time, so you can upgrade in an organized way.

Have a vulnerability assessment performed. This gives you a list of potential problems your company should address. Eliminating vulnerabilities improves your cybersecurity and planning ahead will allow you to budget for your upgrades while avoiding unplanned expenses

Request your free baseline security assessment here.

Cloud Use & Shadow IT

Review your use of cloud applications. Are certain apps hardly used? Do you have redundancies in your cloud environment? A review can help you cut waste and save money.

Also, look for uses of shadow IT by employees. These are cloud applications that are being used for work but did not go through approval. Management may not even be aware of them. Remove this security risk by either closing the accounts or officially approving them.

Customer-Facing Technology

Don’t forget to look at the customer experience of your technology infrastructure. Go through your website and contact process as a customer would.

If you get frustrated by things like site navigation, then your customers and leads may be too. Include optimizations to your customer-facing technology in your new year plans.

Schedule a Technology & Security Assessment Today!

We can help you with a thorough review of your technology environment to give you a roadmap for tomorrow. Contact us today at 716-373-4467 x 115, info@databranch.com, or fill out the form below to see how we can make the most out of your technology infrastructure for next year.

Article used with permission from The Technology Press.

Read More

What are Local Admin Privileges?

Many companies allow their employees to make adjustments to their work computers without the need for IT interference. This means that they can download programs, connect to printers, and modify software already installed on their computer.

Users generally enjoy the freedom that local admin rights provide, especially in a company with limited IT personnel. Instead of waiting for an available IT worker, you can go into your computer and make the adjustments that you desire.

However, providing users with local admin rights will leave holes in your cybersecurity. 

Why You Should Reconsider Local Admin Privileges

1. Prevents Malware from being Downloaded

Restricting users’ ability to install software not only prevents them from installing unnecessary programs onto their computer, but it can also stop an employee from accidentally clicking and installing malware.

Employees come into contact with malicious software more than they realize. This could be through an attachment on a phishing email, a malicious website link, or if they decided to scroll through social media on a company device.

Around 66% of cybercriminals rank email phishing as their attack vector of choice. Unsuspecting employees may be fooled by an illegitimate email without thinking twice. Without local admin privileges, then there is an increased chance the malware will be stopped since the employee doesn’t have the authorization to install software onto their computer.

2. Decreases the Privileges for Potential Hackers

If a hacker were to gain access to an account with local admin privileges, the damage could be endless. This is especially true for a business that is not utilizing security measures such as Multi-Factor Authentication (MFA) or Password Managers. 

Once a hacker has breached your computer they could download malware, spyware, or even ransomware. Resulting in computer files being locked, credentials being stolen, or even a virus spreading throughout your entire network.

Restricting local admin privilege’s for your employees is a great way to decrease cybersecurity threats from happening in the first place. However, security measures like Password Managers or using MFA can decrease the damage done by a hacker if a computer were to be compromised. 

According to Microsoft, MFA can block over 99.9% of account compromise attacks. This means that even if a hacker knows your credentials, they will not be able to log in because they won’t have access to your MFA code.

If this is something you are interested in setting up for your organization, give us a call at 716-373-4467 or email info@databranch.com. 

3. Minimizes the Risk of Costly Downtime

Receiving malware or having a hacker breach your security system could cause your company to shut down while the issue is being resolved. All the time you could have been spending working on a project, closing a deal, or procuring new clients is now lost. 

This could also result in your businesses reputation taking a hit. Clients will wonder why you’ve had to close for days, weeks, or maybe even months. Plus, you may have to discuss security risks with some clients if their personal information was leaked during the breach.

Interested in calculating what the cost of downtime could be for your business? Click here for Databranch’s Recovery Time Calculator.

4. Prevents Restricted Files and Accounts from Being Edited

Accidentally clicking the wrong button happens to the best of us. You could be reviewing some important client files when your finger slips and presses the delete button by mistake. You may not notice right away and by the time you realize and try to get your information back, it’s too late.

Restricting local admin privileges allows a company to control which files can be modified, deleted, or moved. 

On top of this, restricting users’ ability to modify accounts and files not only prevents employees from making a mistake but also prevents hackers from altering your companies settings as well. A hacker who has breached an account with local admin privileges could secretly make an account for themselves or even disable antivirus software. 

Solutions

Principle of Least Privileges

Adopting the Principals of Least Privilege is a great addition to a companies security portfolio. This is when a business only gives their employees the minimum level of access privileges that are needed to fulfill their job requirements. 

If the employee needs to download additional software or update a program on their computer, they will need to have IT personnel log into their administrative account and make these adjustments for them.

Here at Databranch, we not only believe in the Principle of Least Privileges but we actively practice it. None of our employee login accounts have local administrative privileges. 

MFA and Password Managers

Enabling MFA and utilizing Password Managers is another great way to stay on top of cybersecurity for your business. These applications are easy to use, relatively inexpensive, and extremely beneficial to a company.

Want to talk to an IT Professional about any of the topics covered in this article? You can contact us at today at 716-373-4467 x 15 or info@databranch.com to set up a meeting, or simply fill out the form below and one of our team members will contact you. We would love to talk about your cybersecurity and how we can help you enhance it.

Read More