Ransomware: How Secure is Your Business?

Ransomware

Safeguarding Your Computer System From Ransomware

These days, ransomware attacks are on the rise, and just one can devastate your business. Discover seven ways you can protect your company from cybercriminals.  

Your business hasn’t been a victim of a ransomware attack yet?

Don’t press your luck. Ransomware poses a real threat.

The number of cases of ransomware attacks against businesses of all sizes has exploded. In fact, the number of incidents has more than doubled during the first quarter of 2019. Cybercriminals are not only targeting hospitals, municipalities, and financial institutions but businesses of all sizes. Seventy-one percent of ransomware attacks are against small businesses since they are the least likely to have adequate back-up systems in place. According to research from Beasly, the average payout cybercriminals demand from small business owners is $116,000.

This terrifying stuff, but it is something that you need to address to protect your business.

There is No Better Time to Focus on Cybersecurity Than Right Now

October is National Cybersecurity Awareness Month. Now is the perfect time for you to address ransomware and work with your staff to find ways to protect your company against this major issue.

So how can you do it at a reasonable cost?

  1. Talk about this very real and urgent issue with your employees. Conduct informational and training workshops with your entire staff, so they are aware of the severe nature of the situation. Most importantly, tell them that they are the frontline defenses. Remember to provide them with the tools they need to help prevent ransomware attacks at your company.
  2. Install high-quality spam filters and scan all incoming emails for possible threats. The root cause of many ransomware attacks is careless clicking on a link or downloading the wrong file. Make sure your email server is set up to prevent phishing emails and utilize security protocols like Sender Policy Framework or Domain Message Authentication Reporting to stop spoofing emails.
  3. Restrict network administrative roles. No one should have access to administrative accounts with the ability to install or update any software unless, and only when, completely necessary. Take a hard look at the permission you grant each of your employees. Unless necessary, limit employee accounts to ‘read-only’ status, and handle all patching and updating through a single dedicated account.
  4. Disable Remote Desktop Protocol and lock access to common ransomware disk locations. Remote Desktop Protocol allows a person to take control of your computer off-site. Unless there is a and specific reason you need this feature to be active, deactivate it immediately to prevent nefarious use by cybercriminals from accessing your system and installing ransomware. As an added precaution, enable a Software Restriction Policies to stop your network from executing files in locations where ransomware typical embeds itself like the AppData/LocalAppData folder or the temporary folders associated with browsers.
  5. Install and maintain a firewall and limit which applications can run on your servers. Controlling what is allowed into your computer system can significantly reduce the threat of a ransomware attack. While you should set up clear guidelines on which sites your employees can visit through a company computer, a good firewall is invaluable. Consider using technology to create a whitelist of applications and websites your staff can use while blocking everything else.
  6. Create a strict Bring Your Own Device policy or forbid the use of personal smartphones and computers. Setting up a strong defense against malicious cyber attacks is useless if you allow unregulated electronics to connect to your network. The small amount of inconvenience is worth it, and your employees will understand once you explain the reasoning behind any new rules.
  7. Back-up your data regularly. If the worst happens, and your business suffers a ransomware attack, having a separate off-site back-up is invaluable. Make sure there is no direct connection between your primary computer system and your back-up data to maintain the highest level of security.

This month may be National Cybersecurity Awareness Month, but protecting your company’s network from those who want to co-opt it a 365-day job. If you feel you need additional assistance safeguarding your technology, speak with a cybersecurity expert today.

Ransomware

Cybersecurity Essentials for Business

Cybersecurity Business

Cybercrime is on the rise, and every business must have cybersecurity protocols in place. Read on to learn what steps you need to take to keep hackers at bay.  

Cybersecurity Business

Cybersecurity is a vital pillar of modern business. Hackers are shifting their attention to smaller enterprises, and data breaches can cost you time, money, and the trust of your customers. Below is a checklist of cybersecurity practices you should employ to minimize your risk of being hacked.

Use a branded email account

A branded email account exudes professionalism and gives you more control and security options than a free email service. Invest in an email provider that has the features you need, and make sure that your employees use only their business email to communicate with team members, customers, and business partners.

Keep software up to date

From operating systems to individual apps, it’s vital to install software updates in a timely manner. Outdated software may contain vulnerabilities that hackers can exploit. Rarely, an OS update may cause issues with certain programs, which brings us to our next tip.

Back up your data

Even the most comprehensive cybersecurity plan has its faults, and you’ll want a way to recover your data if the worst happens. Back up your data on a regular basis to an onsite and/or remote server. Consider investing in cloud storage or automated data backup solutions.

Educate and train employees

To maximize your company’s cybersecurity, you’ll need everyone to be on board and well-versed. Work with your IT team to design a versatile training program that caters to multiple learning styles. For example, you may have a bulleted presentation with concrete examples and a hands-on practice session. The program should teach employees daily security habits, signs of phishing, and what to do if they suspect a data breach.

Monitor all activity on your network

Data breaches can occur externally or internally, 24/7. A managed services provider (MSP) can monitor when devices connect to your network and what files are being accessed. Large data transfers or odd access times may point to a security risk.

Implement layered email security

Phishing is one of the most prolific tactics hackers use to steal data. By pretending to be a co-worker, supplier, or another person of trust, a hacker may send a malicious attachment or link to an infected website. When the victim opens the file or link, the system becomes infected with malware that may log keystrokes or encrypt files with passwords known only by the hacker. Using tools such as DKIM (DomainKeys Identified Mail), DMARC (Domain-Based Message Authentication, Reporting, and Conformance), and SPF (Sender Policy Framework), you can greatly minimize email vulnerabilities.

Manage accessibility and user permissions

It’s important to manage who can access certain files. By setting user permissions, you can grant or deny user access to certain documents. This helps prevent employees from sharing sensitive files with people outside the company or accidentally modifying a report. You’ll want to update these permissions when employees leave the company to prevent remote access.

Set password requirements

Weak passwords are a major vulnerability, especially if a hacker has done research on the account owner. Passwords should be at least eight characters in length and contain a combination of upper and lower case letters, numbers, and symbols. You should also mandate that all employees change their passwords at least

Use multi-factor authentication

Multi-factor authentication (MFA) uses multiple layers of identity verification in conjunction with the traditional username and password requirement. These might include security questions, a retinal or fingerprint scan, randomly generated PIN sent to the user’s mobile device, or a physical token that only the rightful owner of the account would have. The more layers present, the lesser the risk of a hacker getting through.

Just like the technology behind it, cybersecurity is constantly evolving. Whether you have an in-house IT team or an MSP you can trust, it takes teamwork and vigilance to keep your data safe and your customers confident in your business.

Celebrating “Get To Know Your Customer Day” On October 17

Get To Know Your Customer

October 17 is Get To Know Your Customer Day! Knowing our clients is foundational to everything we do – do you know why?

You may have heard that industry-leading, award-winning, unbeatable IT services come down to one specific thing.

Maybe it’s offering the latest, greatest, fanciest, tech gimmicks (which also tend to be the most expensive). Maybe it’s the lowest possible monthly price (coming, of course, with a long list of addendums, conditions, nickel-and-dime fees, etc.)

But what really matters in IT? People, of course.

Why Is It Important To Know The Customer?

Understand What They Need.

It sounds simple, right? Knowing what the client actually wants out of their IT should be the first step to delivering those services, but often, the opposite is true.

It can be easy to think that whatever services being offered are everything that a client could need. But the truth is that often a given client is really interested in one specific service or solution – an answer to their problem that got them looking for a new IT support provider in the first place.

It seems obvious, but it’s crucially important to good service: once you know what’s needed, you can ensure it’s provided.

Understand How They Communicate.

We’re very careful about the technical jargon that technicians and engineers are prone to use when talking shop. While it’s acceptable around coworkers, that kind of high-level, incomprehensible language won’t be very helpful to the client during a support call.

Also, we make sure not to forget to take into account the medium in which our clients prefer to get in touch. More and more these days, when someone has to get in touch, they do so via text or email instead of over the phone.

Understand Their Goals.

Lastly, for long-term success in service, we need to know where the client is headed – or, at least, where they’re trying to get to.

After all, no business can get stagnant. It’s vital that they continue to grow and improve, and their IT environment is a big part of that.

In our preliminary discussions with the client, we want to be sure to find out what they’re plans are for the next year, five years, and so on, and what role their technology could play in that plan.

Bottom line: the user experience is the single measurement for the quality of any given solution or service, and that includes IT services. That’s why Get To Know Your Customer Day is such special day!

Your Healthcare Business Is HIPAA Compliant—Is That Enough for True Security?

Healthcare computers

Is HIPAA Compliance Enough for Absolute Security?

HIPAA is designed to help healthcare organizations keep patient information secure, but is it enough? Find out where HIPAA could be lacking and what needs to be done for absolute protection.  

Healthcare computers

The Health Insurance Portability and Accountability Act (HIPAA) is in place specifically to protect sensitive information in the healthcare operation. With a complex and diverse listing of standards regarding how information can be handled, how systems should function, and how things should be done within an organization, HIPAA does do a lot to protect patient information. While most organizations stick closely to these standards, there is no real way to certify you are actually compliant.

Sadly, the inability to check compliance and the lacking aspects of HIPAA compliance can lead to a cyber-attack or major data breach. Healthcare cyber-attacks cost as much as $1.4 million in recovery, so making sure compliance is where it needs to be and considering whether more needs to be done is important.

Reasons Why HIPAA Compliance Alone May Not Be Enough

Even though HIPAA policies and standards are generated to protect private and sensitive information in the healthcare industry, the truth of the matter is, HIPAA alone does not address every security concern. It is unfortunately not uncommon for a healthcare industry manager to foolheartedly put all of their faith in HIPAA compliance and completely miss that certain security defenses are missing.

In the most basic terms, HIPAA standards are designed to provide the most basic security setup in the healthcare industry. There is nothing stating that following these minimum standards will protect your healthcare business from every single threat there is where information security is concerned. Furthermore, cybersecurity threats evolve and develop so quickly that HIPAA doesn’t catch up fast enough to make much of a difference. Pair this with the fact that many healthcare organizations already struggle to keep up with newly developing security concerns associated with cloud data storage and the Internet of Things (IoT), and you have a lot of looming risk to speak of.

Rely On More Than Just HIPAA Compliance and Amp Up Security Efforts

Of course, HIPAA compliance is important, but it never hurts to up the efforts to make sure every aspect of the digital operation is secure and safe. There are multiple areas where security must be address in a healthcare organization’s digital infrastructure according to Health IT Outcomes, including:

  • Controlling access to the system in a way that yields sensitive information only to those who would need to see it within the company
  • Maintaining a stable protocol that dictates how risks are identified and handled on a daily basis
  • Having an excellent security plan in place that acts as a go-to guideline for proper security practices
  • Maintaining assets in a way that carefully documents the existing location of all assets, data, and other components of a system
  • Implementing an information security incident management plan
  • Controlling the physical hardware and keeping it secure at all times
  • Organizing security plans that work for all aspects of the organization

Naturally, handling HIPAA compliance is also part of what is necessary, but as you can see by this detailed list, it is only one part of ensuring network security. It is not the only process to be considered for absolute security.

Final Thoughts On HIPAA Compliance and True Security

Even though HIPAA sets forth decent standards, the process of applying these standards to put them to work within a healthcare operation can vary considerably. Furthermore, some HIPAA compliance standards only cover the basic necessities of having a secure system. Unfortunately, these two facts can leave a healthcare facility with digital security concerns they have no idea exist. It is always a better idea to take things further than even HIPAA recommends to secure the system properly with the help of an IT managed services company and make sure all aspects are covered.

A day of turkey, pumpkin pie & thanks 🍁

Thanksgiving wouldn’t be complete without sending a thank you to all of the local businesses who trust us with managing their technology. Working with you is a true pleasure and we appreciate your continued trust in our team.

Naturally, we’ll be closed on October 14th, 2019 to allow our team to spend time with their friends and family.

As we spend the day reflecting on what we’re thankful for, we hope you’re doing the same (and enjoying some delicious pumpkin pie while you’re at it!)

Have a great thanksgiving!

Sneaky Cybersecurity threats you need to know about

Security Threats To Business

Clever Cybersecurity Threats That Will Make Your Skin Crawl

Do you know these clever cybersecurity threats? Learn their sneaky methods and how to create a comprehensive strategy to manage the risks to your company.  

Security Threats To Business

Norton Security, the online security company, estimates that the average major cybersecurity data breach costs a single US company nearly eight million dollars. Although you’d prefer to invest that eight million in growing your company, you could be spending it to regain access to customer data, reputation management, fines and the like.

Cybersecurity threats are costly. But they’re also sneaky, making protecting yourself seem elusive and out of your control. But the truth is that a business of any size can take comprehensive steps to reduce their risk and it all starts with understanding what those threats are.

The Four Types of Cybersecurity Threats

Cybersecurity experts break threats down into four primary categories. While there is some overlap in these methods, ultimately cybercriminals are trying to find innovative ways to get past your defenses. These four corners must be considered in any cybersecurity strategy.

Ransomware

A cybercriminal gains access to your systems often through a downloaded malware file. They lock down your customer and/or company data with encryption. The only way to unlock it is to pay a ransom to the criminal.

The ransom amount is typically scaled to the size of the business to increase the likelihood you’ll pay them. But paying makes this type of sneaky cyberattack profitable, perpetuating the exploitation of more victims. Cities, health systems, financial institutions, public transit and more have all fallen victim to these attacks.

Malware

Trojan horses, viruses, spyware and worms all fall into this category. This type of threat may be used to steal proprietary, financial, or other private information. In other cases, its role may simply be to disrupt business operations. The latter may seem like an attack from a competitor. But, more often, it’s for no other reason than the power-trip and bragging rights that some people get when they take advantage of others.

Social Engineering

These attacks trick employees into breaking security protocols. Someone may pretend to be your boss’ boss, a government agency, client, student, patient, etc. in an attempt to get your employees to relay private information they can then use to steal identities/money or otherwise wreak havoc.

Phishing

Phishing usually comes in through email but could also be a text or phone call. Similar to social engineering, it makes statements to build trust as it encourages someone to take any action that will compromise security. This may be to something like:

  • Download a file (malware)
  • Enter login information on a spoofed site
  • Send money

The Six Pillars of Cybersecurity

Just like there are four types of threats, there must also be several solutions that target these threats from different angles. Just having virus protection or a firewall is not enough. Let’s look at these six pillars.

  1. Operational security – This is a process of identifying protected assets, classifying them, considering who has access to what, evaluating the risks posed to each and then developing an action plan to manage those risks.
  2. Application security – This involves deploying software, hardware and protocols to protect your applications from corruption. This might include anti-virus, firewall, rules about use of 3rd party software and similar measures.
  3. Information security – These are the steps you take to protect customer and company data. It may include things like encryption, passwords, levels of access and policies on how information is accessed, who can access it, etc.
  4. Network security – This is online security, locking down your network so that no one can use it without authorization or intercept information transferred on the network.
  5. Disaster recovery/business continuity planning – This comprehensive written plan details how you’ll recover in the event of an attack. It will include things like secure cloud backup as well as an operations plan during and after an event. That event could be virtual or a physical disaster. It’s important to plan for both.
  6. Employee education – Cybercriminals are clever and the methods of deceit are ever-changing. These people are professional scammers who know exactly what to say. So all employees must know about these tricks and understand their role in managing security risks.

Cybercriminals deploy many sneaky methods to steal or ransom your data. Because of this, it’s important to tackle security from all angles using a comprehensive strategy.

An Examination of Blockchain Technology Features and Limitations in Healthcare

Blockchain Healthcare

Blockchain Technology: Features and Limitations in Healthcare

Blockchain technology is meant to create a more streamlined data handling process for all of healthcare. Find out the blockchain advantages and limitations.  

Blockchain Healthcare

More and more in the modern-day, business data is being examined as something that could benefit from the implementation of blockchain technology. Medical data interoperation between all care providers is considered to be like the holy grail of medical care. No barriers would exist between doctor’s offices, hospitals, or even pharmacists no matter where in the world they were located. Here is a bit about what you should know about blockchain technology in healthcare as a healthcare business owner.

Blockchain Features That Can Benefit Healthcare

There is good reason why companies like Medicalchain are getting in on blockchain technology. Blockchain technology brings with it a full list of advantages that are easy to assume and understand. Here is a shortlist of some of the most apparent blockchain technology advantages.

Blockchain Provides a Distributed Ledger of Patient Care

First and foremost, blockchain technology allows for a full ledger of patient care. If a patient goes to a hospital in one country while they are visiting, for example, their information would be completely accessible by their care provider. When that patient leaves a care provider, it would be completely possible for them to already have a followup appointment scheduled for when they get back home where their primary care physician is located.

Blockchain Data Is Stored In a Secure Way

Security is a huge concern in healthcare, and the nature of blockchain data makes it secure already. Therefore, companies that are implementing blockchain technology gain the advantage of those already-secure processes that keeps the patient’s data protected in the right way. Companies that struggle to comply with HIPPA regulations may see that things are not so difficult to achieve with blockchain technology in place even.

Blockchain Can Give Patients More Control Over Their Own Records

With blockchain, patients could potentially create their own rules around how their particular records are handled and shared, which is something that is limited in current healthcare data handling. For example, a patient could choose to make their current list of medications accessible to every provider so they never have to carry along their own list of medications to share or so every provider would already know what they are taking.

Blockchain Limitations That Can Be Problematic in Healthcare

So far, the real limitations of blockchain technology are lacking when you consider the advantages. According to Macadamian, there is one big limitation that has to be considered in blockchain technology where healthcare is concerned:

“Blockchain technology on its own is not sufficient to create a complete electronic healthcare record (EHR) solution.”

The primary limitation or concern comes in with pairing certain forms of cryptocurrency blockchain with healthcare operations. Cryptocurrency blockchains have this anonymity that is naturally attached because the actual name of a payer or payee never has to be revealed. For example, someone using something like Bitcoin never has to reveal their true identity during a transaction. Naturally, healthcare blockchains could not exist so anonymously; a patient’s identity would have to be revealed at some point in transactions and during the transmission of patient data to other providers. Therefore, there is a bit of a conflict there that exists between how blockchain technology is meant to function and how it would have to function in healthcare environments.

Final Thoughts On Blockchain Technology in Healthcare

Blockchain technology is consistently evolving and stepping its way into a lot of everyday processes. The technology could potentially revolutionize many processes of healthcare, and the ongoing implementation is proving that fact. There are some companies that are already experimenting with blockchain technology in the medical care environment, but the numbers of companies doing so are bound to grow in the coming years. The final thought is this: blockchain technology could very well make drastic improvements in healthcare. Therefore, it is well worth it to talk to a managed IT services provider to find out how blockchain technology could be used in your healthcare business.

How Can You Celebrate October National Cybersecurity Awareness Month?

Cyber Security Awareness Month

Celebrate October National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month. It provides a framework for companies, individuals, and organizations to examine past and current cyber threats to reduce their risks.  

 

October is National Cybersecurity Awareness Month. Started by the Department of Homeland Security, it provides a framework for companies, individuals, and organizations to examine past and current cyber threats and audit their devices, networks, and data to reduce the risk of a data breach.

This is a great time to talk to your staff about the importance of cybersecurity in protecting the company, and, ultimately, their livelihood. Events and training are great ways to raise awareness and garner support for security and prevention initiatives.

Why Is NCSAM More Relevant than Ever?

The following considerations make it more important than ever to raise awareness and prevent bad actors from walking away with your sensitive data:

  • Ransomware damage could rise to $11.5 billion in 2019 and criminals will conduct ransomware attacks every 14 seconds.
  • Malware and advanced intrusion devices let attackers remotely control compromised computers. These botnets sometimes begin a campaign of proxy and spam attacks and other organized criminal activity.
  • Cybercriminals use online resources to steal intellectual property and identities.
  • Sexual predators stalk their victims on social media.
  • Dark websites provide illegal goods and services on networks that mask IP addresses and leave a cold trail for investigators.

The FBI and federal, state, and local authorities work with industry experts to encourage people to take cybersecurity seriously. These efforts include:

  • Investigating hacks and attempted hacks
  • Disrupting cybersecurity threats
  • Collecting and analyzing intelligence
  • Warning the public about known or suspected cyber threats

Use October’s NSCAM designation to reach out to your corporate users and anybody connecting to your system. For example, you can remind everyone of the company’s policies and procedures regarding email usage, remote sign-on and password protection.

How Is the Government Supporting These Goals?

The FBI-led National Cyber Joint Investigative Task Force provides a way for businesses and individuals to report and anticipate threats. Private and public initiatives help prevent the spread of malware and ransomware.

You can also turn to InfraGard—a place where participants share information and coordinate efforts with partners in the private sector. InfraGard has the following goals:

  • Train members to find and reduce vulnerabilities
  • Develop detailed response systems to track attacks
  • Enact best practices to prevent successful attacks

The FBI’s Safe Online Surfing website teaches young students about online security to protect them from predators. Children are most vulnerable to malware, cyberbullies, and other hazards on the internet. Unfortunately, if employees access your network on a compromised devise, it may also pose a threat to your systems.

What Are Event Ideas for Cyber Month?

One of the easiest ways to increase awareness is through cybersecurity awareness tips that can be emailed to employees and posted in shared areas.

As part of National Cyber Security Awareness Month, you can educate employees with email tips to keep them vigilant. Recommended tip topics include:

  • How Two-Factor Authentication Works
  • Threats Associated with the Internet of Things (IoT) Devices
  • Everyday usage guidelines including emails and web browsing habits.
  • Social Media Threats Regarding Personal Data

Cyber Security Awareness Month

5 Cyber Security Statistics You Need to Know For 2020 and Beyond

Cybersecurity 2020

Cyber Security Statistics You Must Know to Keep Your Company Safe

Cyber threats are constantly evolving. Here are 5 critical cybersecurity threats that you need to know to develop a strong strategy to keep your company safe.  

Cybersecurity 2020

Cybersecurity is more of a struggle for businesses every single year. With the number of data, users, and systems constantly growing, there are more points of attack and a greater prize for nefarious users. This is why new threats emerge on a practically daily basis.

In order to keep yourself and your company protected from these evolving threats, you must stay updated on the latest threats and trends. To help you get a better idea of the current state of cybersecurity and why it’s important to stay constantly vigilant, here are five of the most important current cybersecurity statistics:

1. New Ransomware Attacks Occur Every 14 Seconds

Ransomware attacks can be costly and put your valuable data and systems at risk. Unfortunately, experts estimate that a new ransomware attack happens every 14 seconds. That’s an average of over 25 attacks per hour and 100 per day! If you aren’t actively working to deter ransomware attacks, you’re bound to be a target sooner rather than later.

2. Almost Half of All Cyber Attacks Target Small Businesses

Many people think of cyber attacks as something that only major corporations need to worry about. After all, they’re the ones with the most valuable data. However, these businesses typically take a lot more effort to infiltrate. As a result, 43% of all cyberattacks target small businesses. These businesses are across all industries and sizes, proving that nobody is entirely safe when it comes to cyber threats.

3. Cyber Security Spending is Growing Massively

By the end of 2021, it’s expected that over $1 trillion will be spent on cybersecurity globally. Unfortunately, not all of those dollars are being spent very efficiently. In order to truly combat cyber threats, you must develop an all-encompassing cybersecurity strategy. That means spending on the right technology, but also training your employees on how to identify and protect themselves from cyber threats, and how to react in the case of an emergency.

4. Data Breaches Can Take Over Six Months to Detect

On average, some companies don’t even know that there has been a data breach for six months. By then, the damage has been done over and over again. This doesn’t take into account the amount of time required to actually identify the root cause and resolve it.

5. Average Cost of a Cyber Attack is Massive

As attacks become more sophisticated and user data continues to grow in value, the actual cost of a cyber attack is rising rapidly. In 2019, it’s now estimated to be over $1.6 million! If your business is smaller or just getting started, a single successful attack could put you out of business. There’s no bigger threat facing your company today.

Clearly, developing a strategy for comprehensive cybersecurity is a task that all businesses must take special care with, no matter how big or small they are. As the digital world continues to grow in scope, the threats will continue to grow as well. Keep the cybersecurity statistics above in mind as you develop your own strategy and work to stay a step ahead of the threats and hackers.

5G Networks Present Need for Improved Security

5G Networks

The Security Risks Are Real with Coming Rollout of 5G Networks

Discover what the arrival of ultra-fast 5G networks means for cybersecurity, driven by the significant number of devices that will be connected to each network.

5G Networks

As ultrafast 5G networks emerge, so too do potential cybersecurity threats. For security experts, the unknowns make predictions for what risks to address more challenging

What is 5G?

5G is a new approach to wireless connectivity. It features speeds 20 to 100 times faster than the existing fastest speeds on 4G long-term evolution (LTE) networks. 5G (which stands for the fifth generation of wireless technology to be available in the United States and worldwide) networks also will support larger numbers of wireless devices.

Given the proliferation of connected devices (the Internet of Things), the ability to connect more objects without affecting performance is a significant benefit.

How Does 5G Technology Differ from Previous Network Solutions?

5G delivers faster speeds and lower latency due to fundamental changes in the network structure. Among the key changes are:

  • Use of higher radio frequencies than 4G, allowing for more data to be transmitted at faster speeds
  • A new technology, Massive MIMO (multiple input multiple output) that uses targeted beams that follow a connected user around a cell site, providing better capacity, coverage and speed. Massive MIMO acts like a spotlight, directing the technology in a specific direction, as opposed to existing 4G tower technology that’s more like a floodlight, firing data in all directions, wasting power and energy.

What Are the New Cyberthreats?

With any new technology comes the new potential of attacks and intrusions. With 5G, more devices can be connected at once, more data is flowing, and data exchange happens at a far more rapid pace. Here are some of the main challenges that come with the new wireless protocol.

  • More Devices Means Lack of Scalability. Today, companies that have large numbers of connected devices on their networks find it difficult to manage and secure these objects. As those businesses adopt 5G, they may be managing hundreds if not tens of thousands of devices. The challenges of scalability of security solutions will only magnify.
  • New Risks Will Emerge. Today, most cybersecurity solutions focus on traditional connected devices — desktop computers, servers, smartphone and other mobile devices. 5G increases the opportunity to connect more types of objects. With each newly connected object comes an increased network threat, another possibility for hackers to expose a security flaw in a device that’s not updated or fully protected.

    5G also encourages more businesses to invest in connected devices as part of their business operations. That means a growing number of new devices, interfaces and technologies.

    Consider the potential number of smart devices in your home — refrigerator, coffee machine, washing machine, doorbell, television, digital assistant and security system are all connected and potential targets.

  • More Privacy Issues. More entities are passing laws and regulations that govern how data can be stored, transmitted and used. That means organizations using 5G will need to comply with multiple regulatory hurdles related to information collected by, stored on and used by connected devices.
  • Unknown Capabilities. Today’s network security systems and processes are constructed to monitor traffic and identify potential threats based on activity and data, all in real time. Doing so allows them to detect and contain suspect activity quickly. The solutions are designed to work with the existing bandwidth speeds and restrictions. With the higher capacity and speeds of 5G, that model may go out the window. New protocols are necessary for encryption, monitoring and prevention, which may mean existing firewalls may no longer work with 5G.

    Yet with few 5G networks operational, there is little to baseline for testing or assessment. Hardware will likely need to be upgraded, processes changed and new guidelines developed and implemented.

  • Integration and Automation. Today’s solutions can operate independently of other systems, but the impending 5G revolution means integration and automation will need to become part of future solutions. Security solutions will need to connect to the entire IT operation and data will need to be synchronized throughout multiple security layers.

What Can the Security Profession, Carriers and Businesses Do to Prepare for 5G Security Needs?

The solution to 5G security challenges will be multilayered and the responsibility of multiple parties. Among the key changes necessary are:

  • Carriers will need to extend firewall protection to cover new distributed networks of connected devices
  • Improved authentication and management of devices
  • Self-updating, self-reporting, self-hardening and self-healing devices will need to become the norm
  • Access and discoverability protocols will need to be built through multiple layers

The benefits of 5G are significant. With the right security programs and solutions in place, it’s likely to be a big leap forward in connectivity.