UK-based cashless payments' service for schools, WisePay, was recently in the media as a result of a cyber-attack believed to be 'a Magecart hack'; the hack was a redirect to a compromised (lookalike) website, which was used to capture login and credit card details.
First thing's first, we know the name is awfully similar to our own product 'Wise-Pay,' and while our platform wasn't the one attacked, it alerted us to the disturbing truth: This could happen to anyone. So, let's talk about how to safeguard your information -
To help gain some clarity, we spoke to the IT Specialists at RM Cloud Solutions about how to implement cybersecurity best practices within your organization.
While larger corporations within the finance and healthcare sector are typically greater targets for hackers looking to obtain confidential information, everywhere from payment details to personal data, smaller businesses are also at risk. At present, a staggering 43% of data breach victims are small businesses (Verizon, Data Breach Investigations Report, 2020).
Whether it's a smaller business, like 'WisePay', that processes payments as simple as children's canteen fees, or a billion-dollar conglomerate (both Uber and Equifax have reported a colossal data breach within the past four years), a data breach knows no boundaries - it can happen to any business at any time, regardless of having strict security measures in place.
For hackers, a small or medium-sized enterprise (SME) might not look like a heavy feat but it often appears as an easy one because SMEs aren't expected to have advanced security measures in place, which brings us to -
When it comes to cybersecurity, there's no such thing as a one-size-fits-all solution. No single solution is capable of safeguarding your business from a threat, which is why we strongly recommend taking a proactive approach through implementing various security measures, otherwise referred to as having a multi-layered security approach. To kickstart your cybersecurity strategy, here are six highly effective security measures you can put into action:
1. Don't Wait, Activate Two-Factor Authentication (2FA)
Two-factor authentication (2FA) is one of the simplest yet most effective steps you can to take to ensure additional protection for your information. At the bare minimum, it's strongly advised to secure all of your network-based accounts with 2FA, while multi-factor authentication (MFA) can be used for privileged accounts.
2. Generate Strong Password Protection
It's best practice to avoid using a predictable or sentimental password. You can simply achieve this by using a third-party tool that generates strong passwords for you! Robert McLaren, Director at RM Cloud Solutions, highly recommends using a third-party tool like 'LastPass,' which is a password manager and vault app designed to help you monitor, update, and keep track of your various passwords. Here at Wise-Sync, we use IT Glue as our secure password manager, where we also vault sensitive passwords.
For Managed Service Providers (MSPs) in particular, McLaren recommends using the leading MSP documentation platform, IT Glue, or alternatively, renowned password manager Keeper [Security].
3. Utilize a VPN to Help Secure Data and Control Access
McLaren explains, when you utilize a virtual private network (VPN), you're able to help secure data and control access through leveraging modern authentication and conditional access, which enables you to grant exclusive access to corporate managed and compliant devices only.
Our CEO, Paul MacNeill, adds, it's best to use newer VPNs, specifically 'Always On,' in order to further increase access controls around key systems. To find out more about deploying an Always ON VPN for your Windows Server, you can check out this support article by Microsoft here.
4. Invest in Layered Security Against a Multi-Threat Landscape
Long gone are the days of having "simple security." By 2021, cybersecurity spending is anticipated to cost more than $1 trillion worldwide - and that number's only expected to grow. As the complexities of living within a digital world continue to boldly amplify, so does the urgent demand for cybersecurity.
Protecting your organization from multi-threat landscapes requires having layered security. Here, an effective multi-layered security strategy will comprise the following foundational layers: DNS filtering, Web filtering, Email filtering, and Endpoint Detection and Response (EDR), all of which, significantly add to your security posture.
5. Audit Your Access and Activity Logs
Make use of your security systems' application and monitoring capability in order to review and audit access and activity logs, which can alert you to intrusion.
Here, McLaren strongly advises, it's best to store your logs on immutable storage to prevent someone from deleting your records. This is incredibly common for hackers to do following a cyber attack, as it removes any trace left behind - in turn, making it near impossible to detect an intrusion (before it's already happened).
6. Build a Security-First Attitude Supported By Your IT Department
It pays to (really) know your business inside-out, and that means actually getting to know your people, your teams, and your systems - this is all part of taking that proactive approach we discussed earlier.
Sometimes, all it takes for a data breach to occur is a misinformed member of your network following a suspicious link! So, talk to your team and prioritise cyber awareness - understand which measures are being used to protect your information, educate your team, and make security updates, including helpful tips for preventing cyber crime, part of your ongoing conversations with both your staff and clientele.
We hope this article helps to keep your organization safe. For more articles like this, simply subscribe to our mailing list below and we'll keep you in the loop with the latest news, thought leadership articles, product updates, and more.
Wise-Sync provides a streamlined and stress-free solution for integrating ConnectWise Manage or DattoAutotask PSA to Xero and QuickBooks Online. With Wise-Sync, long gone are the days of double entry, painful procurement and endless data errors because now, at just the click of a button - you can balance your books and revel in the greater financial visibility and improved cashflow that every MSP desires. Some call it “magic”, we call it Wise-Sync.
To find out more about how we can help you, speak to our friendly team today.