Technology Advisor Blog

Cybersecurity - Conversations with SMBs...

Posted by Ann Westerheim on 10/31/19 2:05 PM

Cybersecurity Awareness Training - Westford MANational Cybersecurity Awareness Month is drawing to a close, and its been a great month to have a lot of conversations with local businesses in the metro Boston area.  Threats against big businesses make the headlines, but too many smaller businesses think they're "under the radar".  Not true!

Here are some of the common misconceptions:

  • I thought we already had security
    • The threat level has increased significantly the past few years, and the foundational security (antivirus protection, security patches, etc) which we have always recommended just isn’t enough anymore.
  • It’s too expensive
    • Businesses need to assess risk level and balance with cost.  It is very important to fully understand the cost of down time.  What would happen if you didn’t have any of your data for weeks or if you could never restore it?  Think through all the costs of NOT taking action.  Every business will have a different acceptable risk level, and the time to think this through is BEFORE an event.
  • I’ll just pay the ransom
    • This should be a last resort.  There is no way to know for sure that you’ll get your data back, AND there’s no way to know for sure that your systems are free of threats after the fact.  You are paying CRIMINALS.
  • I’m not a target.  I’m just a small business
    • Threat actors don’t care about your data.  What matters is how important your data is to YOU.  Targeted threats are actually very rare, and most people are hit with automated threats of opportunity.
  • My data isn’t that valuable
    • Credit card numbers and social security numbers aren’t worth that much to thieves.  But how important is access to your data FOR YOU?  Can you run your business without your data and your computers?  What would your employees do?
  • I have insurance so I’m all set
    • Check your policy carefully.  You may not be fully covered, there may be exclusions, and there may be delays in payment.  Far better to avoid the downtime in the first place!  Can your reputation be fully restored?  Will your clients trust you again?
  • A cyber incident wouldn’t really affect my business
    • If you don’t have access to your computers or data for weeks or forever, how will you operate?  Work through these scenarios BEFORE you have a threat!

There's no such thing as 100% security.  It's a moving target and the best you can do is to help reduce your risk.  Layers of security or "security in depth" is the best approach.  With more technology protecting you, human behavior is key.  ONE person clicking on the wrong link can take down your network, and we strongly advise conducting ongoing Security Awareness Training - not just during Cybersecurity Month!

 

October is National Cybersecurity Awareness Month - Resources for SMBs

Posted by Ann Westerheim on 10/28/19 10:14 AM

NationalCybersecurityAwarenessMonth2019Hardly a day goes by without national news related to Cybersecurity.  Target, Marriott, Yahoo, Facebook, and Home Depot have all had major incidents in the past few years.  In addition, the cities of Atlanta and Baltimore, as well as many municipalities in Texas have all been hit with Ransomware in the past two years.   Locally in the Boston area, schools, police departments, and several towns have all been hit.

At this point, everyone's aware of the big headlines, but too many small and medium businesses have heard the headlines and created a false sense of security thinking only bigger targets need to worry.  In fact, over half of cyber threats hit smaller businesses, but individually, none of these is big enough to make national news. 

Why are so many smaller businesses at risk?  Many modern threats are automated, and cybercrime is now bigger than all other forms of organized crime.  Simply put, it's become a money maker for thieves.  As a small business, what would it mean for you to lose all access to your data? Perhaps you have a backup, but it could take weeks to recover.  Often the backup is wiped away during an attack, and it wouldn't even be available to you. The threat actors don't care about how important your data is to them, they care about how important it is to YOU.

A layered approach to security is advised.  This is also often called "Security in Depth"  A business class firewall, antivirus protection on all systems, Security Patch Updates, AI based threat protection, DNS management... all of these are important.  Tools that were previously only affordable to larger enterprises are now affordable to small businesses.   When we engage with a business to provide IT support, the first thing we do is install a long list of security layers.  No security is 100%, but implementing security layers greatly decreases your chances of being attacked. 

However, as protection layers increase, the treat actors get more an more creative and think of new ways to get threats onto your network.   In the Verizon 2019  Breach Investigation Report, the typical company reports that 94% of malware enters networks through eMailTraining users on what to click on and what to avoid therefore needs to be a major priority.  

There are still a few days left in October for Cybersecurity Awareness Month, and it's always a good time to train your team.  Many of the businesses we work with sign on for our formal training platform, but ANY training you do, even just once in a while will help.  The Department of Homeland Security has some great links in support of Cybersecurity Awareness Month.    The theme is OWN IT, SECURE IT, PROTECT IT, and the site has some great informational handouts for your team.   The handouts include information on Travel Tips, Strong Passwords, MFA (Multi Factor Authentication), Phishing, Social Media, and more.  All are free and available to everyone.  If you're not incorporating security discussions in your staff meetings, then now is the time to start!  

Call to action!  Review the tip sheets listed above and review at least one at your next staff meeting.  If you're a small business in the greater Boston area, reach out to us and we'll schedule a complimentary review of your IT infrastructure and security and we'll provide more detailed and specific recommendations.

Tags: cybersecurity

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.