Blog

stay secure on a limited budget

The ambition and dedication of small and midsize businesses (SMBs) drive the modern U.S. economy. These businesses face special challenges in the IT space because they don’t have the staffing, institutional knowledge and financial resources that larger enterprises do.

The Threat Landscape for SMBs

99.7% of all U.S. businesses have fewer than 500 employees. That huge footprint makes SMBs a prime target for cyberthreats, cybercrimes, and data breaches and theft – and an attack can have a devastating effect on an SMB’s viability.  The small to midsize business is an increasingly attractive target to malicious actors and cybercriminals because it is often unable to maintain the tools, skills, knowledge, and staff required to adequately defend the business.

According to Barkly, 57% of SMBs reported an increase in cyberattack volume in the last year. However, even though cyberattacks are becoming more sophisticated, only 36% of SMBs expect to be willing or able to increase their cybersecurity budget in FY2019.  These numbers point to a chilling existential risk to the survival of SMBs that rely on access to their data.

The Securities and Exchange Commission (SEC)’s Public Statement plainly states:

Cybersecurity is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses. The reason is simple: small and midsize businesses (“SMBs”) are not just targets of cybercrime, they are its principal target. In fact, the majority of all targeted cyberattacks last year were directed at SMBs.

Why Are SMBs Being Targeted?

The same SEC Public Statement also indicates that many SMBs cannot handle a cyberattack effectively on their own.  A survey in the same report indicated that as many as 27% of SMBs have no cybersecurity protocols at all, and as many as 60% of them did not respond to a cyberattack correctly.  These conditions are exactly what a cybercriminal or malicious actor needs to continue perpetrating their attacks.

The question of “why” SMBs are being targeted at such high rates is easy to define.  It’s much harder to change the characteristics that make SMBs a high-priority target.  However, one thing is certain: money is a primary motivator for cyber adversaries. Cybercriminals are either trying to steal the SMB’s money directly, or they’re looking for data that they can sell for a profit on the black market.

Whether the discussion about how to assist SMBs in their cyber defense is about training, education, tools, skilled employees, around-the-clock monitoring, or using the most up-to-date technology to mitigate threats and vulnerabilities, the sticking point is always about the budget, the financials, and the overall impact on the business plan.

Managed Solutions for SMB Cybersecurity

Some SMBs will attempt to “go it alone.”  According to a report from Trustwave and Osterman Research, in 2014 SMBs spent $156 per user on security solutions (software, hardware, services and other technology), compared to $72 for enterprises.  Of this spend, only about 19% was dedicated to managed or cloud services.

The conclusion of this report indicates that security solutions for SMBs are often too expensive to purchase outright, which is why Managed Service Providers (MSPs) have been a financial relief to them.  Investments in inclusive infrastructure solutions, software solutions, computing solutions, or expert staff are cost-prohibitive for most SMBs.  MSPs provide these solutions at a fraction of the cost.  MSPs have the knowledge to monitor for, assess, analyze, report on, mitigate, and remediate cybersecurity threats and vulnerabilities for many customers at once, without having to undertake the onerous financial burden that an SMB would undoubtedly face on its own.

Some of the solutions a Managed Services Provider can offer include:

  1. Triage – Underskilled and undertrained IT staff face an insurmountable task when looking at the sheer quantity of passive and active attempts to infiltrate a network or device. Every SMB has specific data that is important to its business plan, and has unique and proprietary systems that require protection.  Additionally, there are often industry standards, regulatory compliance requirements and customer data protections that dictate what can or can’t be done.  MSPs can implement prioritization techniques that analyze the severity of attack attempts and appropriately implement policies that thwart them.
  2. Automation – MSPs can purchase more state-of-the-art tools and appliances, allowing them to implement automated tasks and alerting. This gives MSPs an advantage that many SMBs cannot afford to implement.  A streamlined and automated workflow of alerting, reporting, mitigating, or even remediation can result in large financial savings rather than waiting on a human being to perform the same tasks.
  3. Education and Training – Cybersecurity training and education is a never-ending task. MSP security analysts and engineers undergo constant training on tools and appliances, and they continue to accumulate security certifications in quantities that SMBs would likely never be able to afford.  Additionally, MSPs can provide user training to inform their customers of the dangers in the cybersecurity landscape.  Some of these dangers include opening unknown emails, clicking unknown ads, implementing poor passwords, connecting to unsecured WiFi networks, and browsing dangerous websites.
  4. Up-to-Date Technology MSPs have the budget and the business plans to purchase high-quality products from specialized vendors in the cybersecurity space. As a result, MSPs can offer SMBs a top-grade solution that would otherwise be unattainable for them.  Next-generation firewalls, backup and recovery, endpoint detection and reporting are all tools that are now available to SMBs through MSPs at a fraction of the cost of implementation.

By working with an MSP, your business can reduce the costs of downtime and business interruption, while spending less on salaries and minimizing turnover. You’ll also save on related costs like training, education, and specialized equipment and services which come with the MSP’s extensive in-house teams.

Ready to see how TPx can help you stay protected while cutting costs? Talk to a TPx specialist today.

 

About the Author

Adam Weber leads the development of TPx’s security product offerings. He has more than 15 years of experience in security and cybersecurity, both in the public and private sectors. He is a 12-year U.S. Army veteran in communications and was deployed to two combat zones. He has also worked with U.S. government agencies like U.S. Transcom (U.S. Military Transportation Command), DISA (Defense Information Systems Agency), and NGA (National Geospatial Agency). In his spare time, he is a computer and technology hobbyist who enjoys building his own networks, servers, labs, and security infrastructure. Adam holds an MBA from McKendree University and CISSP, CASP, CEH, and Security+ certifications.

 

Cybersecurity trends in 2019

In today’s business landscape, it’s not a matter of if you’ll be hacked, but when. Cyber adversaries are using more sophisticated methods and attacks are becoming more commonplace. With our greater dependence on technology, it is unlikely that we’ll see this trend reverse anytime soon. More companies are starting to realize that cybersecurity prevention is not optional – are you?

While no protection can ever be foolproof – as we know from the legions of breaches and hacks in the headlines – preparation and risk management are still key. Businesses need to not only think about strengthening their defenses via security policies, controls, people and processes, but also figure out how to minimize exposure and damage control in the aftermath of a cyberattack.

It’s against this backdrop that we can see five major trends in cybersecurity forming for 2019.

1. Increased Awareness and Spending, Including by SMBs

Given the volume of cyberattacks that the average company faces, organizations are carving out ever-larger portions of their budgets to devote to cybersecurity. In fact, Cybersecurity Ventures predicts that global spending on cybersecurity products and services will exceed $1 trillion cumulatively by 2021.

SMBs are no exception to this, despite being more resource-constrained than other business segments. They’re taking it seriously, and putting aside more budget than ever before to address security.

2. The Cyber Workforce Shortage Will Only Get Worse

With cyber threats on the rise, it also increases the demand for the experts who can deal with them.

There’s a significant cybersecurity workforce shortage in the United States, and it looks like it’s going to get worse over the next few years. According to CompTIA’s Assessing the Skills Gap report, nearly half of companies say the IT skills gap has grown in scope and depth over the past two years. And on a more quantified basis, the Center for Cyber Safety and Education says that there will be a projected 1.8 million unfilled positions by 2022, which is an increase of 20 percent in just two years.

3. Good and Bad Guys Will Make Greater Use of AI

Artificial intelligence (AI) and machine learning are increasingly being deployed to better pick out anomalies amongst behavioral norms and spot potential attacks faster. The system takes some time to observe the environment and determine what normal behavior is, then establishes a baseline – so that it can pick up on deviations from the norm by applying algorithmic knowledge to a data set.

This can have big implications for security personnel, especially for SMBs. All too often, companies simply don’t have the resources to search through the haystack of anomalies for the proverbial malicious needle.

However, there are also downsides to the emergence of AI. For one, the technology has been leveraged by cybercriminals to do things like scan for open and vulnerable ports. It has also been used to automatically generate emails that have the exact tone and voice of the company’s CEO, learned over time by 24×7 eavesdropping. In the not-too-distant future, cyber-drones could emerge to attack other machines. This may all sound like science fiction, but it’s happening right now and will continue to evolve in the near future.

4. We’ll See More Fileless Attacks

In a disturbing trend, fileless malware attacks rose 94 percent between January and June 2018. It now represents 42 out of every 1,000 attacks on computers, according to recent analysis of 2018 data.

As the name suggests, fileless malware infects computers without leaving any files on the local hard drive, which in turn makes it harder for traditional antivirus solutions to notice it. Typical fileless attacks exploit vulnerabilities in browsers or use phishing to entice a victim to click on an attachment. When it’s executed, the code runs in the computer’s memory and uses the programs already on the system to carry out its dirty work.

5. Managed IT Services Are On the Rise

With so many proliferating attacks, the managed IT services market is taking off. It’s expected to be worth $257 billion by 2022.

Services like managed endpoint security can ensure that patches and updates are always installed, and can provide integrated anti-malware and anti-virus technology. Managed security can also include firewalls and intrusion detection, with 24×7 monitoring, and troubleshooting and repair.

For SMBs in particular, managed IT services can provide the answer to a lack of in-house personnel and budget. Managed services give them their own cybersecurity department in a cost-effective, pay-as-you-go model – and those services are always up-to-date to address the latest threats.

SMBs are realizing that they can’t go it alone as the escalating risk of cyberattacks tops the agenda. Attacks are getting more complex, and the number of attacks is growing – and so is the skills gap for cybersecurity staff.

With 2018 coming to an end, a good business resolution would be to put your cybersecurity matters in order so you can avoid unpleasant surprises in 2019. TPx has a full range of state-of-the-art cybersecurity protections and mitigation services, all offered on a cost-effective, managed basis. Request a free consultation today to find out how we help you navigate the always-evolving threat landscape.

 

About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.

 

Cybersecurity Horror Stories

This time of year, we’re all acutely aware that ghosts are ghoulish, shadowy figures are spooky, and vampires are hiding in the night. But if there’s one thing you should truly be afraid of, it’s the threat of a cyberattack hitting your business.

October is about more than the frights of Halloween – it’s also National Cybersecurity Awareness Month (NCSAM). TPx is joining the mission to educate the community on the dangers of cybersecurity threats.

We all regularly see the headlines of companies paying millions of dollars as a result of data breaches. As a small or mid-size business, you might brush it off as “it won’t happen to me.” But just because the news doesn’t report on attacks on smaller companies, it doesn’t mean they aren’t happening. In fact, nearly two-thirds of cyber breach victims are small to mid-size businesses. They don’t make it into the news because they don’t affect as many people and don’t cost millions of dollars; however, they do cost enough to make or break a smaller business. According to an October 2017 report from UPS Capital, the average cyberattack costs small businesses between $84,000 and $148,000. Of course, aside from monetary damages, there are damages to customer trust and brand reputation which may never quite return to the pre-attack state.

Let’s take a look at some noteworthy examples of cyberattacks from the last 12 months. Warning: these are so frightening that you might want to sleep with the lights on tonight.

Two Terrifying Tales of Ransomware Infiltrating Government Systems

This March, the city of Atlanta was hit by a massive ransomware attack. Atlanta’s residents were unable to perform simple tasks like paying parking tickets or utility bills because the ransomware attack locked down the city’s files. The hackers demanded payment of approximately $50,000 in Bitcoin. But the real damages supersede this amount by far: the city will now need to come up with $9.5 million to address the remaining damage, more than 6 months after the attack. That amount is on top of the more than $2 million in emergency procurements Atlanta Information Management sought following the attack. But remember, it’s not always just about monetary damages – the cyberattack also destroyed “years” worth of police dash-cam video footage.

More recently, the Port of San Diego fell victim to a ransomware cyberattack, only days after a similar ransomware attack hit the Port of Barcelona in Spain. Such attacks can have ripple effects throughout a variety of industries. They not only bring the movement of goods to a halt in the targeted country, they also slow or stop operations in any other country that ships goods to or from the affected port.

Government organizations like these are frequently a popular target for cyber adversaries. Experts that study public administration and local government especially worry about small to medium-size cities and counties that hold a lot of data, but may not have the in-house resources to keep that data secure.

Three Horrifying Stories of Attacks on the Healthcare Industry

Healthcare is another industry where you can find many cybersecurity horror stories. Last December, a cyberattack knocked the University of Rochester’s Jones Memorial Hospital offline for a week. Fortunately, this small rural provider was prepared and used standard downtime operations that its team regularly trained for. Otherwise, the damage could have been far worse.

Another recently-reported cyberattack happened to an Indiana hospital. A computer virus forced the hospital to cancel elective surgeries and divert ambulances as a result. Protecting hospitals’ computer networks is crucial to preserving patient privacy – and more importantly, life itself. Even so, recent research shows that the health care industry lags behind other industries in securing its data.

Yet another recent example from the medical field comes from the Fetal Diagnostic Institute of the Pacific (FDIP) in Honolulu, which just notified 40,800 patients of a potential data breach after it fell victim to a ransomware attack in June. Only after discovering the ransomware, FDIP tapped a cybersecurity firm to remove the malicious software and restore its data via backup files. However, the cybersecurity firm was unable to determine whether the hackers had viewed or removed any of the information on FDIP’s servers. They only knew that the cyberattack enabled hackers to access current and former patients’ names, dates of birth, home addresses, account numbers, diagnoses, and other types of personal information.

Banks, schools, accountants… the list of companies hit by cyberattacks keeps on going across all industries. Don’t be next! Talk to TPx about how we can help you stay secure so that you’ll have no horror stories to tell.

 

About the Author

Lucie HysLucie Hys is a Senior Product Marketing Manager at TPx. She is currently leading the marketing efforts for the company’s MSx suite of managed services. She has been working in marketing for more than 9 years, with the last four focusing on the cybersecurity industry. Lucie graduated with an MBA from Florida Gulf Coast University. In her spare time, she is an avid fitness enthusiast and a passionate traveler.

10 Things SMBs Need to Know About Cybersecurity

Remember the time when we didn’t have an Internet? Now most of us can’t imagine living without it. But along with that wealth of information at our fingertips comes an abundance of cyber threats that now looms over every business today. SMBs are especially vulnerable, so knowing the basics of cybersecurity is a must for every small business owner.

Here are 10 things every SMB should know about cybersecurity:

1. There are many attacks you need to watch out for

The most common attack method for cyber adversaries remains an email. Cybercriminals have come a long way with their email skills. We’re well past the days of the annoying male performance enhancement emails and the ever-humorous Nigerian prince scams. These days, you’re more likely to receive very believable and sophisticated emails that seem to come from trustworthy sources, like your bank or UPS – but they contain attachments that will place malware on your system in seconds.  These general phishing emails are getting trickier to spot, and as a result it’s not uncommon to get malware on your systems by email spoofing and customized spear-phishing campaigns.

Beyond emails, companies also should be concerned about websites that appear to be legitimate but have embedded malicious code to infect your computer.  An interesting New York Times article described one example of this type of attack: “Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business’s vast computer network.”

Of course, there are other attack methods including physical removable media (like USB drives), hacking public facing websites, and the ever-popular remote desktop.  The threats are all around us and the situation will worsen as the number of people online continues to increase.  By 2020, Microsoft estimates that:

2. Small businesses are the primary target of cybercriminals

We often hear about the major breaches in the news.  It started with Target and has continued with a string of high-profile hacks: Facebook, Home Depot, Yahoo, Sony, Experian, Anthem and Equifax.  The problem with all the high-profile cases is that it often masks the real target of cybercriminals, which are small businesses.  In last year’s Manta poll of 1,420 small business owners, 87% didn’t think their business was at risk of experiencing a data breach, because they didn’t think they had anything worth stealing.  Do NOT make the same mistake. Last year more than 55% of small businesses were hacked.  In fact, the Securities and Exchange Commission wrote in a 2015 report, “Cybersecurity is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses. The reason is simple: small and midsize businesses (‘SMBs‘) are not just targets of cybercrime, they are its principal target.”  Why is that?  Well, first of all, SMBs have more computers than individuals but less security than large enterprises.  The other reason small businesses are appealing targets is that hackers know these companies are less careful about security, partly because they don’t think they are at risk.  SMBs also generally lack the time, budget, and expertise to properly address network security.

3. Security is getting more expensive and difficult to manage

As attacks grow in size and complexity, it is hard for SMBs to keep up.  Only a third of organizations believe they have adequate resources to manage security effectively, assuming they can afford the systems in the first place.  Then they have to worry about hiring people to manage these systems and watch for compromises.  This is no easy task given that there is a 0% unemployment rate in the cybersecurity field.

Adding to the challenge is the fact that organizations now have an average of seven different agents installed on endpoints, each requiring its own monitoring and expertise along with a constant stream of software updates.  Simply put, the majority of organizations feel like they’re underwater when it comes to cybersecurity.

4. Who is behind cyberattacks and what are they after?

The days of single individuals in hoodies trying to hack you are long over.  How long did it take for Matthew Broderick’s character in the movie War Games to figure out the password was “Joshua” anyway?  Today, well-organized crime syndicates are responsible for much of the cybercrime.  Sure, there are hacktivists and nation state actors and the like, but the real threat are the crime organizations.  Why are they so interested in cybercrime?  The same reason why a robber robs a bank – because that’s where the money is!  If the end goal of a cyberattack isn’t to directly steal money (which they can do by stealing credentials to access banking accounts), it’s to steal employee details or customer data (including credit card information or social security numbers) which they can quickly turn around and sell on the dark web.  Did you know the cyber adversaries can also take over your computer and use it to mine for crypto currency, all without you knowing it?  Cyber-crime pays, and it pays handsomely.  In fact, it pays so much that criminals are incentivized to constantly invest in developing new ways to infiltrate data-rich environments.  There are 111 billion lines of new software code being produced each year — which introduces a massive number of vulnerabilities that can be exploited – and cybercriminals want to be the ones to exploit them for their financial gain.

5. The most common types of cyberattacks are…

While the threat landscape is constantly changing, it is important to understand the most common types of attacks out there right now.

6. The cost of a network breach continues to go up

While the number of data breaches have gone up recently, the costs associated with them have also risen significantly over the past two years. For small and medium businesses, the average financial impact of a data breach now stands at $120k for SMBs, a 36% increase from 2017.  What makes these breaches so costly?  There are many factors that play a contributing role, including downtime when compromised devices are taken offline, theft of data, productivity loss, damage to infrastructure, lawsuits and fines, and reputation damage.  All of these factors can add up to devastating consequences that go far beyond the initial compromise.  In fact, 60% of small businesses go out of business within 6 months of an attack.

7. Prevention is cheaper than the cure

Another reason why SMBs are not properly securing their networks and data is the perception that security is too costly.  More than half of businesses cite cost as a reason why they aren’t doing more for their security.  When you look at the costs of a breach and compare it to the costs of protecting data and networks, it is clear that prevention is cheaper than remediation.  Most companies that suffer a large-scale breach end up paying thousands, sometimes even millions of dollars to fix all the damage – and monetary damage is not the only thing to repair. A damaged reputation can put a company out of business just as easily. The Benjamin Franklin axiom thus holds true here: an ounce of prevention is worth a pound of cure.

8. Network security requires a comprehensive approach

When trying to protect your data and networks, it is important to know where your key assets are.  Since price is a concern for businesses, knowing where the sensitive data is can help companies focus their limited resources where they are needed most.  A perimeter firewall is a must-have for any business seeking to secure their network, along with an anti-virus solution on their endpoints.  Email is another important asset that needs to be protected.  These three areas make up what I like to call the “security trinity.”  Beyond that, businesses should look to encrypt their sensitive data in case there is a breach.  Also, two-factor authentication is a great way to combat brute-force password attacks and confirm identities on the network.  Because threats are constantly changing, regular patching of systems and computers is necessary to limit vulnerabilities.  Finally, a backup solution can ensure that whatever may happen on the network, critical data and systems remain accessible at all times and avoid that costly downtime.

There are also some approaches that can help protect data that don’t necessarily cost businesses any money.  The most important thing anyone can do is to use strong passwords.  Companies that enforce a strong password policy will be better protected than those who don’t.  Along with passwords, companies can restrict access to sensitive data and systems to only those who need access.  This can also be done with permissions, but because we know that credentials can be stolen, it is often more important to use access control lists to restrict even the ability to get a log in prompt.  Systems should not be reachable via the public Internet whenever possible.  Network segmentation is another way to restrict access and will also help reduce lateral movement in case there is a compromise.  Most importantly, businesses need to educate their employees on security.  The human factor is by far the greatest factor when it comes to breaches, and it is best dealt with through education.

9. Security is not a set-it and forget-it type of thing

Network security threats are constantly evolving, and businesses need to transform their security along with it.  If what was true 5 years ago still applies today, now there are at least ten times more things to worry about.  One of the most significant trends we’ve seen in 2017 and 2018 is the ongoing shift to fileless attacks.  This type of attack doesn’t install new software on a user’s computer, so antivirus tools are more likely to miss them.  In 2017 over 40% of US businesses were compromised due to fileless attacks and exploits. To address the rise of fileless attacks, many businesses are looking to augment their traditional anti-virus solutions with an Endpoint Detection and Response (EDR) solution, which looks at the processes running on a computer to determine if something malicious is happening.  Businesses also need to update their old firewalls with more robust Next Generation Firewalls (NGFW) that can more easily adapt to changing threats.

Just remember – you simply can’t just implement security and forget about it.  In the cybersecurity industry, things change rapidly and businesses need to change too.  You need to review and modify firewall policies, patch your systems and update permission lists regularly and often.  You also need to constantly evaluate your endpoint protection to ensure it is meeting current threats.

10. There’s no silver bullet to security

In the end, every business needs to understand that there is no silver bullet when it comes to cybersecurity.  No single system or approach can fully protect a network, and even the most secured networks may be compromised.  If an attack does happen, it helps to detect it as soon as possible so the damage can be minimized.  The compromised host may not be where the sensitive data is, so you’ll need to stop the intrusion before it can get there.

It is important that businesses are prepared in case there is a breach.  Visibility and logging of network traffic can go a long way in helping to get ahead of the problem when it does occur, but this means nothing unless there is someone watching the logs or monitoring the network.  The famous breach against Target triggered alerts that a breach had occurred, but no one acted on it. As we move forward, we are likely going to see the rise of cyber insurance as another means for businesses to augment their security.

If all of this sounds pretty bleak, don’t despair – there is good news.  All of this has led to the development of more robust security offerings as a service.  Even better news is that a Managed Service Provider (MSP) can help you handle your security needs for less than if you were to do it all by yourself.  TPx has invested in state-of-the-art technologies and seasoned security professionals who help thousands of clients nationwide with cybersecurity. You have enough to worry about – let TPx deal with your security challenges so you can focus on your core competencies and grow your business. Request a free consultation today.

 

About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.

 

Want to learn more? Here’s a video with 10 more things you should know about cybersecurity.

 

5 Things You Must Know About Firewalls

How much money will your company need to lose before you stop procrastinating on cybersecurity matters?

There is always a “too late” option, when the cyberattack puts you out of business, which happens to 60% of small businesses within six months of a cyber-incident. Although most companies know of the dire consequences of cyber threats, they postpone addressing them for various reasons. Many assume that “everything is fine right now,” so their response is reactive instead of proactive – which is a lot more stressful, and most of all, risky.  According to the Better Business Bureau and their 2017 State of Cybersecurity Report, the top five factors that prevent SMBs from advancing in their cybersecurity efforts are as follows:

  1. Lack of resources
  2. Lack of expertise or understanding
  3. Lack of information
  4. Lack of time
  5. Lack of training

Just like putting off going to the dentist, that decision can often come back to bite you (pun intended).  When this happens, we often remember the old Benjamin Franklin axiom: “An ounce of prevention is worth a pound of cure.”  According to the PwC Health Research Institute analysis, the likely cost of a serious cybersecurity breach in the healthcare industry is $200 for every patient’s record, when the cost to thwart a cyberattack is only $8 for every patient’s record. This figure alone should motivate you to take action.

Many small businesses don’t know where to begin. One of the first lines of defense a business can take is to have a properly configured and installed firewall on their network. Here are five key things you should know about firewalls:

1. What is a firewall and what does it do?

A firewall can be either hardware or software-based.  Our Windows-based machines have a built-in firewall, but generally speaking, when talking about firewalls we are referring to hardware.  A firewall is a network-based perimeter security device that is intended to protect your network’s devices from the dangers that exist on the Internet.  Data is exchanged between your network devices and destinations in cyberspace and firewalls monitor this data (sent in packets) to check whether they are safe or not.  The firewall does this by establishing whether the packets meet the established rules and rejects any packets of data that don’t.  If it didn’t do this, within minutes of connecting a device to the Internet, attackers would attempt to compromise our computers.

2. All firewalls are not created equal

We talked about software-based firewalls which may live on a computer’s software, but these types of firewalls are very limited in what they can do.  Older physical firewalls have the same types of limitations.  They are good at blocking and allowing specific ports, sources, and destination IP addresses, and they can also translate and route traffic into your internal network.  This type of functionality used to be sufficient, but with the advanced threats out there today, that’s no longer the case.  Nowadays, we talk about Next Generation Firewalls (NGFW).  What sets these devices apart from their older counterparts are their advanced features: specifically, their ability to inspect individual packets for malicious payloads.  Unified Threat Management (UTM) consolidates multiple security and networking functions such as anti-virus protection, web content filtering, application control, and intrusion detection/protection (IDS/IPS), all on one appliance protecting the network.  While we want our firewall to inspect every packet individually, what we don’t want is to feel that the firewall is slowing down the network.  We want the firewall to be transparently running in the background providing peace of mind without demanding our attention.  That is accomplished by sizing the firewall properly and using one with a security-centric processor to handle all those UTM tasks.  Providing that is a pretty sophisticated challenge, so don’t make the mistake of buying a firewall at a big box store thinking that it will solve all your security problems.

3. Firewalls and firewall rules must be constantly updated

Things are constantly changing in IT, and managing all the changes is one of the biggest problems that businesses face.  Maintaining a clean set of firewall rules is one of the most important firewall management functions. However, many businesses continue to struggle with this task, leaving them open to increased risks such as open ports, unwanted VPN tunnels, and unnecessary complexity which could lead to the firewall being unknowingly bypassed altogether.  On top of that, the firewall itself needs to be constantly updated to ensure that it can detect the most recent threats.  The firmware on the firewall itself may need to be updated if engineers discover a vulnerability.  Keeping up with all of these updates can be overwhelming, and most businesses simply forget to do them.  That’s a potentially fatal mistake.

4. Encryption can be bad for your firewall

Encryption was created to prevent unwanted eyes from viewing the data we are transmitting and receiving.  The paradox is that this increased security could be preventing your firewall from doing its job of inspecting packet payloads for malicious content.  If a packet reaches a firewall and the firewall has no way to decrypt the packet and inspect what is inside, it will most likely be passed on to its final destination.  The way to resolve this – and get the firewall back to where it can look for malicious payloads – is to institute SSL Deep Packet Inspection (DPI) on the firewall. DPI allows the firewall to become a “man in the middle” for all Internet traffic and ensure that the local network is properly protected.  This process is CPU intensive, so again, a properly-sized firewall is critical.

5. Firewalls aren’t just about security

We put firewalls on a network to help secure it from malicious attacks, but there are some great added benefits from NGFW that aren’t necessarily security-related.  Good firewalls will give you the ability to run and view detailed reports about network traffic.  These can be critical if you have to meet certain compliance requirements, such as PCI or HIPAA. Because a firewall is a network device at its core, you will gain increased visibility into your network.  No more need to create a mirrored port on your switch and run Wireshark or another packet capture program, because today’s firewalls will allow you to view real-time and historical traffic on your network –  a great aid in troubleshooting network issues.  Firewalls can also help enforce company HR or other group policies by leveraging web content filtering controls; these can also maintain productivity by limiting access to certain time-consuming sites.  Application control helps prevent bandwidth overutilization by bandwidth-hogging applications such as video streaming services.  Since company employees are not always local, the firewall’s ability to support remote users – and doing it in a secure manner – is critical for increased productivity.

 

While there are many things to consider when implementing firewalls or updating your existing firewall, a basic understanding of what they do and what they can’t do is important.  Firewalls are evolving constantly with more functionality and advanced features. That’s an important aspect in combating today’s threats, but often makes implementing firewalls and firewall policies more complex.  Small businesses often have a hard time implementing and maintaining security on their own, largely due to the fact that security professionals are hard to find and expensive to keep on staff.  As a result, more businesses are turning to a Managed Services Provider like TPx for their security needs, which allows them to get that enterprise level security at a price they can afford.

Ready to get peace of mind and stop procrastinating on your security? Talk to a TPx specialist today.

 

About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.