The threat environment\u2014i.e. malware and zero-day attacks, drive-by downloads, watering hole attacks, and denial and distributed denial of service (DoS\/DDoS) attacks\u2014is worsening, and the news and analyses paint a dismal picture for cybersecurity: it\u2019s not a case of if you\u2019ll be attacked, but when. However, making your environment more secure\u2014and if not eliminating, at least drastically reducing your risk\u2014is achievable by implementing the appropriate policies, practices and technologies.\nBut first, the bad news, and why you need to make cybersecurity a priority:\n\n76% of identified vulnerabilities in the enterprise are two-plus years old\nMost organizations lack the security expertise to manage security solutions from multiple vendors\n33% of organizations have 4 or more vendors in use\n60% of all targeted attacks strike small and medium businesses\nThe indirect costs associated with security breaches outweigh directs costs by nearly 2 to 1\nIn the past year 70% of organizations were compromised by a successful cyber attack\n1 in 3 organizations do not have a written information security policy\nHalf of the small businesses that suffer a cyber attack go out of business within six months as a result\n\nThe bottom line, according to a recent IDC study, is that most U.S. companies are underprepared to deal effectively with potential security breaches from outside or inside their firewalls.\n\u201cThe study findings imply that the U.S. private sector is more exposed to cybersecurity threats than it needs to be, given the best practices that are available today,\u201d said Steve Conway, IDC research vice president, High Performance Data Analysis.\nSo with growing threats and limited resources, how do you maximize your protection while minimizing your risks? First, you start with a detailed description of the security risk profile of the assets, applications, and services that you manage.\nYou need to determine:\n\nWhat threats you\u2019re trying to defend against\nHow you are susceptible to external attacks\nHow to address a user doing something inappropriate in your environment\nWhat your overall risk is\n\nTo enhance your existing security to mitigate risks and keep employees safer online, start with these basic steps:\n\nImplement and\/or update a BYOD policy as part of the overall information protection security plan to help minimize security risks\nEducate employees on everything from visiting questionable websites to protecting system passwords\nReduce your threat surface by reducing the number of open ports and services on Internet-facing systems, implement a least-privileges policy, and consider firewall tools and next-generation technologies that allow for granular network control\n\nOn a more advanced level when looking at software defined networking (SDN), network virtualization, and micro segmentation, ensure each individual zone has its own security, making it a greater challenge for hackers to access the network.\nThe primary responsibility for cybersecurity rests with you, but that doesn\u2019t mean you have to try to do everything yourself. A trusted partner like PC Connection can provide expertise and resources that can enhance your protection and mitigate your risks.\nAt PC Connection, we focus on a concept of protection, detection, and reaction. It's a strategy to make sure you are covering all three of those very critical pillars. Our team identifies the vulnerabilities that exist in your environment, then works with you to develop a prioritized plan to bring that risk down to an acceptable level\u2014in accordance with compliance-based security requirements, such as HIPAA, HITECH, PCI, GLBA, and FISMA.