Cyber criminals generally are looking for easy targets. Showing a strong foundation of cyber security has proven to discourage attempts. A strong exterior security posture is representative of strong interior security. We often find small businesses do not enable exterior security settings or misconfigure security settings that actually already exist in their current hardware and software. Here are a few tips to improve the cyber security profile of a company that can be self-administered.
Sender Policy Framework (SPF) is used to authenticate the sender of an email. With an SPF record in place, Internet Service Providers can verify that a mail server is authorized to send email for a specific domain. An SPF record is a DNS TXT record containing a list of the IP addresses that are allowed to send email on behalf of your domain.
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that is designed to give email domain owners the ability to protect their domain from unauthorized use (known as email spoofing). The purpose of implementing DMARC is to protect a domain from being exploited in business email compromise attacks, phishing emails, email scams, and other cyber threat activities.
SSL (Secure Sockets Layer) is the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. SSL secures communication between a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information).
File and disk encryption protects any stored data on your computer or network. If your business collects personally identifiable information (PII) such as names, birthdates, or financial information from clients or customers, that information must be secured in order for you to maintain compliance with various organizations and committees. If your organization is storing PII and it gets stolen or the information is leaked, you can be held liable for the massive fines. Encryption allows users with the correct key to access and decrypt your data. In some legal jurisdictions, if encryption is used for PII, your client may not need to notify their customers whose information has been compromised - thus lowering breach costs.