Let’s make a bold statement: small and medium-sized businesses have not been served well by the overall conversation around cybersecurity. Weekly, media stories of massive data breaches targeting high-level corporate targets, even entire US cities. However, it lulls smaller targets into a sense of “security through obscurity.” According to this narrative, hackers exclusively attack the larger targets and refrain from targeting what they can’t see. However, this security has proven time and time again to be false. In 2016, a Symantec report determined that 43% of all cyber attacks targeted businesses with 250 employees or less. And in an SEC hearing on the threat of cyber security to small and medium-sized business, it was revealed that 50% of them go out of business within six months of being attacked.
What accounts for the frequency and devastation data crime wreaks on businesses large and small? First, consider the increasing role data plays in your business. This data, along with network endpoints both on-premises and in the cloud, creates a fertile attack surface for cybercrime. With 51% of businesses polled in an ESG survey admitting to a shortage of skilled cybersecurity workers on their teams, global enterprise faces a perfect storm: very few cops on the beat, and unsecured data and networks ripe for the taking/disruption.
By and large, most hackers use the same tactics they always have to steal or disrupt your network. Malware, phishing, brute-force password attacks, DDoS denial-of-services, man-in-the-middle attacks, drive-by downloads, cyber fraud, ransomware – variants of them evolve, but the basis of these hacking tactics abide, as do their countermeasures.
In physical health, it’s often said that an ounce of prevention is worth a pound of cure. We take this position in cybersecurity through practicing good data hygiene. More often than not, this means identifying and instilling good workforce habits. A 2017 study sponsored by Keepers Security, and conducted by Ponemon Institute, found that 54% of SMBs experienced a data breach due to negligent employees/contractors. These pointers can help you reduce your small and medium-sized business reduce its exposure to a crippling cyber attack.
- User education: Well-informed employees should exercise caution before clicking. Companies such as Wombat and Coalfire conduct simulated attacks, often using pseudo-malicious “phishing” emails, that test your staff’s ability to decipher between genuine and harmful links or attachments. Cybercriminals rely on uninformed personnel. Leaderboards and rewards/bonuses for good data hygiene can further instill data hygiene into your company culture.
- Passwords: If your employees are using dictionary passwords for their credentials, they’re opening you up to an eventual breach. Make sure they use a combination of upper and lower case letters, symbols, and numbers, with each password containing at least eight characters. And change them at regular intervals.
- Patch/Software Update Maintenance: Hackers behind the 2017 Equifax breach gained entry into 245 million records through an old, insecure version of Apache Struts. Simply updating your system’s software – and upgrading your firewall – on a regular basis may seem basic, but it is crucial to keeping your business safe.
- Encrypted data: Encrypting data at rest and in transit can greatly reduce the success and effectiveness of any Man in the Middle (MITS) attacks. If you handle sensitive data, your employees should use encrypted wireless access points that at a minimum use WPA security whenever possible. They should also use a virtual private network (VPN) if they need to connect to websites.
- Data back-ups: Good storage and redundancy of your company’s data mean that even the worst ransomware attack will not disrupt your organization for long.
These pointers, however, only indicate where your data security program should start. With more and more transactions moving online, cybercriminals will continue to innovate in their core arsenal. Moreover, the core protocols upon which all data on the internet flows are inherently insecure, so all individuals are vulnerable to attacks conducted in cyberspace. It’s a matter of when, not if your business will be targeted in such an environment, so developing and constantly improving on data security increases your company’s competitiveness and resilience. A professionally managed IT firm can identify your vulnerabilities and suggest custom-made IT solutions. You’ll know you’ve found the right one if their SLA holds them accountable for any disaster that happens on its watch.
And remember: ANY investment you make upon cybersecurity, measured against the cost of disruption and remediation after a cyber attack, ends up paying for itself.