When the nightly news and the major headlines focus on breaches of large enterprises that everyone has heard of, it's ...
When the nightly news and the major headlines focus on breaches of large enterprises that everyone has heard of, it's easy for smaller businesses to think they're not a target for hackers. Surely, they're not worth the time or effort?
Unfortunately, when it comes to cybersecurity, size doesn't matter.
Assuming you're not a target leads to insufficient security practices in many SMBs who lack the knowledge, expertise and often times the budget to put the appropriate security layers in place. Few small businesses prioritize cybersecurity, and hackers know it. According to Verizon, the number of smaller businesses being hit has climbed steadily in the last few years – 46% of cyber breaches in 2021 impacted businesses with fewer than 1,000 employees.
Cyber security doesn't need to be complicated
Securing any business doesn't need to be complex or blow your budget out of the water. Here are six simple tips to help the smaller business secure their systems, people and data.
1. Install Anti-Virus Software everywhere, every device
Every organization should aim to have anti-virus on their work stations and laptops, but what about all of your other devices? Unfortunately, systems such servers get overlooked all too often. It's important for SMBs to consider all entry points into their network and have anti-virus deployed on every server, as well as on employees' personal devices.
Hackers will find weak entry points to install malware, and anti-virus software can certainly help keep them out but it's important to know that it's not a silver bullet. Through continuous monitoring, done by MSPs like us and vulnerability testing you can identify weaknesses and vulnerabilities before hackers do, because it's easier to stop a burglar at the front door than once they're in your home. We can run vulnerability scans on your network to see if there are holes that can let the bad guys in so we can fix them before they get in the front door.
2. Minimize Your Attack Entry Points
Your attack surface is made up of all the systems and services exposed to the internet. The larger the attack surface, the more entry points you have, the bigger the risk. This means exposed services your email service, content management systems, like Wordpress or any other services that have similar access can be vulnerable to brute-forcing or credential-stuffing, and new vulnerabilities are discovered almost daily in such software systems. By removing public access to sensitive systems and interfaces which don't need to be accessible to the public, and ensuring 2FA is enabled where they do, you can limit your exposure and greatly reduce risk.
A simple first step in reducing your attack surface is by using a secure virtual private network (VPN). By using a VPN, you can avoid exposing sensitive systems directly to the internet whilst maintaining their availability to employees working remotely. When it comes to risk, prevention is better than cure – don't expose anything to the internet unless it's absolutely necessary!
3. Backup Your Data
Ransomware is on the increase. According to research done by Insurance Business, inn 2022, 73% of businesses were hit by some form of ransomware. That number is staggering and increasing as it has every year. Ransomware encrypts any data it can access, rendering it unusable, and can't be reversed without a key to decrypt the data.
Data loss is a key risk to any business either through malicious intent or a technical mishap such as hard disk failure, so backing up data is always recommended. If you back up your data, you can counter attackers by recovering your data without needing to pay the ransom, as systems affected by ransomware can be wiped and restored from an unaffected backup without the attacker's key.
4. Keep Software Up to Date
New vulnerabilities are discovered daily in all kinds of software, from web browsers to business applications. Just one unpatched weakness could lead to full compromise of a system and a breach of customer data. Patch management is an essential component of best practice, and there are tools and services to help you check your software for any missing security patches. Having these scheduled and as part of a routine helps to ensure that everything is kept up to date.
5. Keep Your Staff Cyber Aware and Trained
Cyber attackers often rely on human error, so it's vital that staff are trained on what to look for so they recognize risks and respond appropriately. Research has shown that he most common types of breaches have been employees receiving fraudulent emails or phishing attacks, followed by people impersonating the organization in emails, viruses, spyware and malware, and ransomware.
Increasing awareness of the benefits of using complex passwords and training staff to spot common attacks such as phishing emails and malicious links, will ensure your people are a strength rather than a vulnerability. We use phish testing and training for our staff and our clients. We actually "phish" our team and our client's every week. If someone clicks on a link or gives up their credentials, it opens a training video to show them what they should have seen and why they shouldn't have opened the email. For more about phish testing and training, check out our page, https://cloud-cover.me/phishing-testing-and-training.
7. Protect Your Business Relative to Your Risk
Cyber security measures should always be appropriate to the organization. For example, a small business which handles banking transactions or has access to sensitive information such as healthcare data should employ far more stringent security processes and practices than a flower shop.
That's not to say a flower shop doesn't have a duty to protect customer data, but it's less likely to be a target. Hackers are motivated by money, so the bigger the prize the more time and effort will be invested to achieve their gains. By identifying your threats and vulnerabilities with help from your IT partner or an MSP like us, you can take appropriate steps to mitigate and prioritize which risks need to be addressed and in which order. We can help you decide what layers make sense for your needs, your team and your budget.
For more information on Cyber Security for small businesses, check out our page https://cloud-cover.me/cyber-security-for-small-business