Hardly a day goes by without national news related to Cybersecurity. Target, Marriott, Yahoo, Facebook, and Home Depot have all had major incidents in the past few years. In addition, the cities of Atlanta and Baltimore, as well as many municipalities in Texas have all been hit with Ransomware in the past two years. Locally in the Boston area, schools, police departments, and several towns have all been hit.
At this point, everyone's aware of the big headlines, but too many small and medium businesses have heard the headlines and created a false sense of security thinking only bigger targets need to worry. In fact, over half of cyber threats hit smaller businesses, but individually, none of these is big enough to make national news.
Why are so many smaller businesses at risk? Many modern threats are automated, and cybercrime is now bigger than all other forms of organized crime. Simply put, it's become a money maker for thieves. As a small business, what would it mean for you to lose all access to your data? Perhaps you have a backup, but it could take weeks to recover. Often the backup is wiped away during an attack, and it wouldn't even be available to you. The threat actors don't care about how important your data is to them, they care about how important it is to YOU.
A layered approach to security is advised. This is also often called "Security in Depth" A business class firewall, antivirus protection on all systems, Security Patch Updates, AI based threat protection, DNS management... all of these are important. Tools that were previously only affordable to larger enterprises are now affordable to small businesses. When we engage with a business to provide IT support, the first thing we do is install a long list of security layers. No security is 100%, but implementing security layers greatly decreases your chances of being attacked.
However, as protection layers increase, the treat actors get more an more creative and think of new ways to get threats onto your network. In the Verizon 2019 Breach Investigation Report, the typical company reports that 94% of malware enters networks through eMail. Training users on what to click on and what to avoid therefore needs to be a major priority.
There are still a few days left in October for Cybersecurity Awareness Month, and it's always a good time to train your team. Many of the businesses we work with sign on for our formal training platform, but ANY training you do, even just once in a while will help. The Department of Homeland Security has some great links in support of Cybersecurity Awareness Month. The theme is OWN IT, SECURE IT, PROTECT IT, and the site has some great informational handouts for your team. The handouts include information on Travel Tips, Strong Passwords, MFA (Multi Factor Authentication), Phishing, Social Media, and more. All are free and available to everyone. If you're not incorporating security discussions in your staff meetings, then now is the time to start!
Call to action! Review the tip sheets listed above and review at least one at your next staff meeting. If you're a small business in the greater Boston area, reach out to us and we'll schedule a complimentary review of your IT infrastructure and security and we'll provide more detailed and specific recommendations.