Do your employees need up-to-date training on ransomware, cyber espionage, social engineering, password security, and cybersecurity in general?  Watch the video below and read on to find out.

“How Real Are Cyber Threats Today?”

Very real—Cybercrime is a huge business. It’s very easy to get the tools to become a successful cybercriminal.  As a small business owner or manager, you must take these threats seriously.  And you should make every attempt to mitigate them with the right IT solutions and tactics.

Ask yourself:

  • What would happen if your important proprietary data was compromised (including your client and financial data)?
  • What would the impact be to your business?
  • Would you even know if it was compromised?

Although they’re worried about cyber attacks, many small businesses aren’t taking proactive measures to mitigate cyber risks. Nor are they allocating expenses to risk mitigation. Don’t be one of these.  The risks today are great.  You must protect your business.

“What Are the Risks?”

Every year, cyber threats are getting more sophisticated and prevalent.  The following are some of the threats you should watch for:

The Verizon 2016 Data Breach Investigations Report reveals that 30% of recipients open phishing messages and 12% click on attachments.  That’s a dangerously high percentage when it comes to your employees.

It’s a lot easier for the bad actors to attack your employees than it is to get into a well-maintained IT infrastructure.  The primary goal of these hackers is to gain access into your network any way that they can.  From there, it’s exponentially easier to achieve their ultimate objectives, whether that’s financial gain, stealing data or passwords.

Speaking of Passwords—Most Employees and Companies Are Terrible at Devising and Ensuring Secure Passwords.

  • They use the same passwords many times.
  • Strong password policies aren’t strictly enforced.
  • They use easy-to-remember passwords that can be stolen with brute-force hacking tools.
  • They share passwords.

Many attacks start with stolen or compromised credentials.  Passwords, and the people who create and use them will remain the biggest weakness for the foreseeable future.

“What Should We Do to Protect Your Small Business?”

Here’s the challenge.  You must protect every:

  • Email
  • Website
  • Shared network file
  • Hosted file-sharing service
  • Device
  • Employee

And all of these, every time.

An attacker only needs to be right once. Bad actors have more information about our defenses than we have about their attacks.  Their attacks can be tested multiple times.

Don’t assume your IT guy is watching for these threats.  You, as the business owner or manager, must take charge!

You Must:

  1. Implement multi-layered malware protection. This requires a Secure Internet Gateway, Gateway Anti-Malware Protection on the Firewall, Email Filtering both for spam and malware, and Anti-Malware running on all your servers and computers.
  2. Stay up to date on software patches. This is vital to maintaining a secure technology system. Failure to patch systems led to major cyberattacks this year.  Everything has software, including your firewalls, switches and server hardware.
  3. Have an expert conduct cybersecurity awareness training for employees. An internal staff that’s educated on cyber threats will spot a phishing attack and won’t fall prey to financial scams. Effective security awareness training, combined with simulated phishing attacks to show employees the creative ways phishing scams may present, has proven to be very effective.
  4. Ensure good backups. This is critical to the security of your data. Not just for fire natural disasters, but in case your data is accidentally or intentionally deleted.  You must regularly test your backups to make sure your data can be restored. And be sure you have both onsite and offsite backups.
  5. Have Cybersecurity Insurance. Your insurance provider will be part of your Incident Response Team if you suffer an attack. Make sure you get coverage for both attacks and for CEO Fraud.  If you haven’t reviewed or updated your insurance policy in the past 2 years, you need to.

Resources:

Verizon 2017 Data Breach Investigations  http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/

SANS Institute Layered Security: Why it Works.  https://www.sans.org/

McAfee Labs 2017 Threats Predictions  https://www.mcafee.com/us/resources/reports/rp-threats-predictions-2017.pdf

Microsoft Ransomware 1H 2017 Review  https://blogs.technet.microsoft.com/mmpc/2017/09/06/ransomware-1h-2017-review-global-outbreaks-reinforce-the-value-of-security-hygiene/

McAfee Labs 2017 Threats Predictions  https://www.mcafee.com/us/resources/reports/rp-threats-predictions-2017.pdf

Experian CSID 2016 Small Business Security Survey  https://www.csid.com/

Are you convinced that your employees need up-to-date Cybersecurity Awareness Training? Contact Blue Star IT at (574) 975-0767 or info@bluestarpro.com to schedule your session and protect your business. 

Published on 12th October 2017 by Jon Morningstar

Make The Change To Michiana's Most Trusted IT and Computer Services Company

Looking to implement a new line of business applications or replace an old server? With our approach to IT project delivery, we help prevent scope creep and keep budgets in line with budgeted project costs.

Call us today at (574) 975-0767 or email info@bluestarpro.com. Stay social, Follow us!