Small and medium-sized businesses (SMBs) are increasingly being targeted by cybercriminals and hackers, because they are seen as easy targets with an relatively risk-free payday. For many SMBs, they do not realize that the data they possess has a great deal of value, and we’re not simply talking about credit card information here, but the whole range of data they maintain. They are also seen as an easy target because SMBs do not understand the risks they are facing, nor realize how relatively simple it is to access the kind of IT protection that is available and is also within their budgets.
For many SMB owners and managers, the idea that they can afford enterprise-class security and protection from Next Generation and emerging data threats is a surprise. The sad truth is, for many they immediately switch off, and regard cybersecurity as something they should do something about, but just what is problematic, and in any event they mistakenly believe it is beyond them.
Hackers are now tapping in to this mistaken pool of ignorance, and their nefarious work is being made easier because of it. The reality is that if a hacker can get past your defenses, they are very unlikely to be caught, and even if they are identified, they are usually overseas or the evidence against them is not strong enough to warrant an arrest or charges.
The Ponemon Institute tracks issues surrounding digital security and data privacy, and they have calculated that it costs on average, USD $194 for every hacked customer record maintained by U.S. businesses. The shocking statistic is that this is just the cost to recover from the attack, it does not include the ‘soft’ or indirect costs associated with being hacked, such as loss of reputation, fines from regulators, e.g. HIPAA fines, the risk of litigation and compensation, and not to mention the loss of business stemming from a lack of trust. Even worse, a high percentage of businesses never recover after an attack, and many fall
So, just what can you do to secure your business from cyberattack?
Protect Every Device
We live in a Mobile world where there are multiple devices used to transact business, and not simply our desktop computers hooked up to a company network. Protect everything – mobile phones, laptops, tablets, guest wifi – anything that touches your business directly or indirectly. Always look to install anti-malware software, and there is some good, free solutions available from McAfee, Malware bytes, Trend Micro and Symantec.
Run Unified Malware Protection
The anti-malware listed above is not strong enough to protect your business IT infrastructure, and you will need something far more robust and effective. Solutions from vendors such as Sophos, provide Unified Threat Devices (UTMs) and Next Generation Firewalls, which provide network security and active defense, but also alert you when you need to patch and update software and hardware used on the network. This is essential, as over 90% of successful attacks gain entry to your sensitive systems because of a failure to keep everything up-to-date.
Educate and Train Your Staff
This is like teaching your children to floss: the principal is the same, to foster good habits, in this instance cyber security habits. Don’t write passwords down, don’t use easy passwords, or the same ones over and over. Watch out for suspicious emails, and don’t click on links in them if you are not sure as this can download malicious code. Learn how to spot a phishing email, and make sure everyone is kept up-to-date and reminded of the risks.
Conduct a Security Audit & Assessment
This is a fairly straight forward exercise for most companies, and for a very small cost (even free in some instances) you can arrange for a penetration test which will actually test your network defenses, and help establish exposure and weaknesses. Even if there is nothing you can do to close the holes, at least you know they are there and can take steps to ensure such loopholes do not lead into sensitive areas or to your valuable data.