According to a Ponemon Institute survey published in 2017, 61% of small and medium-sized businesses (SMBs) said they experienced a cyber attack.
The most common type of cyber attack came through web-based attacks and social engineering (such as phishing). In addition, ransomware has become a major threat: 52% of SMBs reported having experienced a ransomware attack, with 79% of said attacks occurring through phishing.
It’s clear that SMBs suffer from cyber security problems, and make no mistake, these problems are certainly very costly.
According to Cisco, the average cost for SMBs recovering from cyber breaches is $500,000 — i.e., enough to shutter your business. In fact, 20% of SMBs reported that they incurred costs as high as $1 to $2.5 million following their cyber breaches!
You can’t afford dealing with such damage. To help you shield yourself from cyber attacks, we’ve taken a look at the leading preventative steps other SMBs are taking in 2018.
1. Antivirus Software
A staple for nearly 20 years, antivirus software is a trusted way of keeping malware out of your laptops and workstations. However, 52% of SMBs aren’t satisfied with the effectiveness of their antivirus software in keeping every cyber threat out (Ponemon via CSR).
There are two issues at play here.
First, you must keep your anti-virus’ definitions up-to-date; otherwise, it’s useless against new and emerging cyber threats. Second, you can’t just rely on antivirus software — it’s just a piece in a wider cyber security effort.
2. Next Generation Firewalls (NGFW)
Cisco states that a firewall is “a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of IT security rules.” Firewalls have been a critical piece to cyber security efforts for 25 years.
NGFWs are an evolution of firewall technologies. Besides improving upon the monitoring and filtering capabilities of firewalls, NGFWs go a step further by focusing on complex threats such as malware and application-layer attacks.
For example, NGFWs are equipped with Integrated Intrusion Prevention (IPS) systems to detect unfamiliar network activity and alert your team. They come integrated with antivirus,online traffic filtering, encryption systems, malware blocking and other key cyber security capabilities.
3. Vulnerability Scanning
Simply deploying antivirus software and firewalls isn’t enough. How you deploy them matters as well. You can’t afford gaps in terms of outdated antivirus definitions or open network ports, these are all vulnerabilities waiting to be exploited.
To prevent such risks, 40% of SMBs told Ponemon Institute (via CSR) that they had each of their IT systems — i.e., computers, networks, databases, applications and servers — scanned for vulnerabilities by their IT Managed Services Provider (MSP).
These scans enabled these SMBs to both ensure that each of their IT systems are configured correctly and, if not, identify and close their gaps. Put another way, these scans have equipped SMBs to use their antivirus and firewall investments efficiently by minimizing their risk of failure.
Is Your Company At Risk of a Cyber Security Attack?
4. Securing Hardware & Software
No matter the size of the business or industry, your employees use computer hardware and software for their work. Be it laptops, workstations, productivity applications or smartphones, each of these is an “endpoint” through which cyber attacks could occur.
You need to secure each of these ‘endpoints’.
As noted earlier, your computers need antivirus software, but that only secures the devices you’re currently using. What of old laptops and desktops? You need IT asset management to ensure that the hard disks of your old devices are clean of any company data.
Not Sure How to Prioritize Your Cyber Security Spend?
Get Our Cyber Security Experts to Find Your Gaps.
Mobile Device Management
To secure your smartphones, you need Mobile Device Management (MDM). With MDM, you’re able to enforce specific rules on mobile devices connecting to your applications and data, e.g., emails, analytics software, etc. These rules can include requiring a PIN, segregating work and personal emails into different apps, and preventing high-risk app installs on employee devices.
In case an employee loses their phone, you can use MDM to remotely delete your company’s applications, emails and other data from that lost or stolen phone.
Software Asset Management
Besides hardware, your software — including work applications and operating systems — are also at risk of being compromised. You must ensure that you’re using the latest versions (at least in terms of bug-fixes and security patches) of your software.
5. Access Controls
You can’t rely only on technology to keep your IT system secure, you must pay attention to your processes as well. For starters, you must ensure that only the right people have access to your sensitive corporate information and data. To achieve this, you need Access Controls.
With Access Controls, you can restrict access to certain data and applications to only your most trusted staff. This lets you mitigate the risk of an insider attack by closing-off easy opportunities to steal data. You can also revoke the access of former employees to your IT system.
6. Securing the Cloud
Regulatory standards such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) require SMBs to collect and manage their data according very specific rules. If you break these rules, you’re liable for costly fines.
To achieve these regulatory standards, you must work with cloud hosting providers that entirely comply with these (and other) regulations. However, there’s more than just checking-off a few boxes; as an SMB, you have unique constraints as well in terms of configuring and managing your cloud solution. Ideally, your cloud host will provide all of those services for you.
7. Cyber Policies & Training
According to the Ponemon Institute (via CSR), 54% of SMBs reported that the “root cause” of their data breaches were traced back to “negligent” employees and contractors.
These are clear signs that the lack of cyber security training and processes to audit vendors are serious obstacles for SMBs. In fact, no level of cyber security technology investment is going to help when all it takes is a wrong click to trigger a cyber breach.
You must train your employees to spot potential cyber attacks and — instead of falling for them — escalate such issues to your cyber security staff. This way, your staff become cyber security assets instead of vulnerabilities.
You also need policies to govern your vendor or partner relationships. In fact, some regulatory standards, such as the New York Department of Financial Services (NYDFS), require you to have policies and systems in place to prevent third-party vendors from seeing your data.
There are clearly many parts in play when it comes to building a strong cyber security posture.
Unfortunately, most SMBs do not have the time, human resources or capacity to respond and address their cyber security issues right away. This is where finding a MSP to take on your cyber security challenges is critical. Your MSP can handle each of the issues discussed in this article while you can focus your energy on your actual business.
Power Consulting brings over 25 years of experience in managing the IT needs of small and medium-sized businesses in complex and highly regulated industries, such as health, finance, law and others. Contact us today to see how our cyber security consulting and assessments will simplify the issues and challenges your business faces into one effective and comprehensive package.
- The Complete Guide to Cybersecurity for Small to Medium Sized Businesses
- How to Create a Business Continuity Plan
- Managing Cyber Security Internally VS. Outsourcing to a Provider
- How Your Employees are Your Biggest Cyber Security Risk
- How Managed Cyber Security can Protect You Against Cyber Threats
- What’s The Cost of Managed IT Services & How to Manage The Costs
- Is your Managed Service Provider Secure?
- How to Prevent Ransomware Attacks