While technological advancement has benefitted organizations and often improves employee productivity, it has also created more risk. Security breaches have become more common and expensive as technology has become more complex. Ransomware attacks, for example, hit businesses every 11 seconds in 2021. Therefore, if you want your business to grow and succeed, you need to understand the risks of technology and, since no business can stand to get rid of technology in today’s business environment, how best to manage your cybersecurity.
The average cost of downtime due to cybercrime was $274,000 in 2020. Lest you think an attack couldn’t happen to you, note that 43% of all cyber incidents target small or medium-size businesses, 61% of which go out of business shortly thereafter. Both severity and costs are increasing. It takes an average of 280 days to identify and contain a breach, malicious attacks with financial motivations are responsible for 52% of breaches, and personal identifiable information is compromised in 80% of data breaches. That said, you should be alert to the risks, but there’s no need to panic. We have several suggestions to improve your readiness and cybersecurity practices to minimize your risk and avoid as much downtime as possible. However, the first step is to understand what you’re up against:
Ransomware is malicious software that either locks down or exposes your files until you pay off the attacker. Failure to pay when the attacker demands can result in data leaks or irreversible data loss. Note that the FBI recommends against paying a ransom.
Phishing involves a hacker impersonating a person or organization via email, generally either to gain access to your company’s network or files, or to steal your personal information. Smishing is a similar attack conducted through text messages. Malicious actors will also sometimes send attachments loaded with malware, and this malware will infect your computer if you download or click links. This is why if you receive an email from your bank asking for your personal data, you should always call your bank directly (not at a number provided in the email) to address the issue. In most cases the bank will not have sent that email.
An insider threat is a threat from someone who works for the organization and has access to sensitive data. Generally, attackers will aim for the weakest link, but sometimes a disgruntled current or former employee may intentionally expose the data or provide access to attackers. Insider threats are tricky because they emerge from within, which is often unexpected, and are not always intentional (in fact, the majority are neither intentional nor malicious).
Denial-of-Service/Distributed Denial-of-Service (DoS and DDoS)
These attacks are widespread and easy to carry out. When a DoS or DDoS attack occurs, the system crashes due to repeated requests. This creates a problem for legitimate customers or clients trying to access your website, resulting in downtime and financial loss.
Ways to Help Secure Your Business
Now that you know what types of cyberthreats to look out for, let’s take a look at some measures you can put in place to protect your business against cybercrimes.
Strict Password Policies
Your organization should enforce strong passphrases and good hygiene. Discourage (or forbid!) storing passwords in browsers and instead recommend a password manager. Every website or account must use a unique password or passphrase (we prefer passphrases). This is your first line of defense.
Multifactor Authentication (MFA)
Is it annoying? Sure. But if it’s annoying for you to have to use multiple authentication methods to get into your email, imagine how annoyed an attacker will be when he discovers the roadblock you’ve created for him. Well worth it, we say. Consider using authentication apps, one-time passcodes, and security questions.
Regular Risk Assessment
You should be periodically looking at your people and systems to determine your risk levels and prioritize solutions. If you’re not sure how to do this, you can schedule a risk assessment with us, or check out our blog about prioritizing infrastructure gaps.
Virtual Private Network (VPN)
Many organizations allow (or even encourage) employees to work from home, but there are cybersecurity risks associated with remote access to files. To minimize this risk, set up a VPN for employees to use when they connect to company files and confidential information.
Business Continuity Strategy
In the event of disaster, you want to be prepared. Have backup plans in place so that a technological failure doesn’t stall your business processes
Security Awareness Training
95% of cyber incidents are caused by human error. To mitigate this, provide training that empowers your employees to recognize and respond appropriately to threats. Your cybersecurity is only as strong as your weakest link, so educating everyone is massively important.
If you’re ready to improve cybersecurity but aren’t sure where to start, we can help. Contact us today to schedule your IT risk assessment, and check out some of our other blog posts for some quick ideas.