While the news is dominated with headlines about cyber breaches in enterprises, many will be surprised to know that 43% of cybersecurity attacks are actually against small businesses.
Unfortunately, few businesses are taking cybersecurity seriously enough.
Many small businesses are taking a ‘wild west’ approach to their cybersecurity.
They either say, ‘it’s not going to happen to me’ or ‘I can’t afford cybersecurity’ and, in both cases, ‘I’m just going to risk it and gamble that it doesn’t happen to me.’
Sadly, 60% of small businesses fold within 6 months of a major cyber breach. So not investing in cybersecurity is actually a major gamble for your company, yet it’s not actually that costly to protect yourself from today’s cyber threats!
What Should Be Your Top 3 Cybersecurity Priorities?
1. End-User Training
Your end-user training is first and foremost.
The end user is the gateway to your network, and training them on some basic cybersecurity doesn’t cost very much nor does it consume much of your employees’ time.
However, your employees are one of the few things you can’t control through automation. They are unpredictable and no matter how many firewalls and cybersecurity software you employ, the end-user is still the one who can bypass them all.
So it’s really important that they understand what to not to click on, what to avoid downloading, how to keep company data safe, and how to properly maintain their passwords. In terms of the latter, it’s simple things such as not using the same password for every application or account.
Moreover, understanding that keeping data in the network and not emailing personal data out to others are basic pieces of end-user training and end-user understanding that we often granted, but you’d be surprised how little they do understand — and even a little training goes a long way.
2. Multifactor Authentication
Second, multifactor authentication (MFA).
Securing your network with MFA, and guarding your critical data, such as your email network and critical CRM infrastructure.
Most of us have experienced some sort of MFA. Usually, it’s with your bank where they text you a pin number to your cell phone when you try to login to your online account portal. You have to enter to access the portal.
That’s a basic form of MFA, which is fairly effective. You want to have a similar, but easier, MFA for your CRM, email, remote network-access, etc. You want to ensure that your MFA is easy to access — a mobile app works best.
When there’s a login, the app asks you, ‘is this you?’ There’s a little green icon and a red X; green for yes and red for no. If you hit no, it locks the person out from trying to access the system the way they were trying to access it.
It’s not intrusive to the employee, but even though you did user training, the password that they’re using are likely the same password they use for all the other systems, and possibly even their home systems (i.e., other places you cannot control).
If you do a dark web scan for your employees’ passwords, you’ll find that many passwords have been breached. If they’re still using those same passwords, then your network is now extremely vulnerable. MFA makes using those passwords much more difficult to breach.
Most Small Businesses Fold in 6 Months After a Breach
Make Your Business the Exception
3. Vulnerability Assessments
Third, regular vulnerability assessments. Understanding where your vulnerabilities lie allows you to make good business decisions on what you want to remediate. If you don’t understand your problems, you can’t make well-informed decisions about your risks.
You can’t know what you don’t know until you know.
I know that sounds a little like circular logic, but the whole idea is you have to understand where you stand, so you can make a plan forward.
Cyber security vulnerability assessments are a very easy way of going through your network — by using a few automated tools — and finding the most common breaches or the most common vulnerabilities.
It looks for things like systems not being patched, systems lacking anti-virus, systems having local admin rights that they should have.
Basically, little things that are easy to cure through some policies and remediations that plug big security holes in your network.
This includes patching, closing vulnerabilities — such as ports in your firewall that you’re not even using — and other measures that decrease your attack vector and reduce your exposure.
Thieves want easy targets. They don’t want to spend a lot of time trying to breach your network. So, if you make it a little bit harder, they’ll to move on to the next victim.
Small Businesses are Taking These Steps to Protect Themselves from Cyber Threats:
- Top 7 SMB Cyber Security Trends in 2019
- Managing Cyber Security Internally VS. Outsourcing to a Provider
- How to Create a Business Continuity Plan
Your starting point should be to reach out to a Managed Service Provider such as Power Consulting.
Get a free security Consultation and understand where you stand. Couple that insight with pricing information on basic things that can vastly improve your cybersecurity postures.
This would include end-user training and multifactor authentication, among other inexpensive, yet highly effective — if not necessary — cyber security solutions.
We’ve honed the tools, skills and processes needed to stop cyber criminals from harming your hard-earned investment through 20 years of world-class IT management work. Reach out to us today for a FREE consultation on understanding — and preventing — your cyber threats.