TARGETED CYBERATTACKS ON SMALL BUSINESSES IS ON THE RISE
In an article written by CNBC, it’s noted that more than half of all small businesses suffered a cyber breach in last year. Equally frightening is the impact of the attacks. A recent study performed by Hiscox revealed that cyberattacks cost small businesses an average of $200,000 to remediate with 60% of those businesses failing within six months of being victimized. The cost of cyberattacks is at an all-time high and increasing. Likewise, the frequency of targeted attacks on small businesses is on the rise – 43% of cyberattacks are aimed at small businesses.
With all of this information, why are small businesses still so ill-prepared to defend themselves against cyber criminals? Well, there are a number of reasons. The fist being that two-thirds of senior decision makers and owners of small businesses don’t see their business as a high value target. Because of this belief, think they won’t be attacked and do not put much thought into cybersecurity. The simple fact is that hackers don’t care. They don’t care about the size of your company or who’s data you house. They take what they can and un-protected small businesses are easy targets.
Additionally, small business owners tend to wear multiple hats. This is an admirable trait as they work to grow their business, however, it often means IT security is the last thing on their mind. Recruiting, HR, marketing, operations – these are the items owners typically focus on before even thinking about IT security. It also doesn’t help that IT security can be confusing for many decision makers. This is where the managed services industry comes into play.
Although small business owners must learn to prioritize cybersecurity, it is the job of the managed services community to proactively advise clients on cybersecurity issues. Something the industry is severely lacking in. If managed services providers do not educate small businesses on their cybersecurity risk profiles, improving their security posture, and how to reduce the risk of a cybersecurity attack, who will? Sure, that anti-virus software installed a year ago might still be a good defensive measure, but it’s not enough.
5 WAYS TO PROTECT YOUR SMALL BUSINESS FROM CYBERATTACKS
The tech industry has witnessed a massive evolution over the last couple of years. The downside to all the positive advancements from this evolution is these advancements have led to advancements in threats as well. Attacks carried out today didn’t exist two years ago, one year ago, or even six months ago. To keep up with the changing landscape, you need to be having regular risk assessments and conversations with your IT provider. Without good consultation on what is out there, you’ll never know how to protect yourself.
So where do you start? How can you help protect your small business from cyberattacks? Strengthening your cybersecurity posture can be a huge undertaking. To help, we’ve compiled a list of five of the most fundamental ways to protect your small business from cyberattacks.
- Patching & Updates – Make sure you have a good patching policy in place and that all computers are getting all the necessary security updates. With this, it is also important that you stop use of any end of life system or software such as Windows XP.
Looking ahead: In January 2020, Windows 7 and Server 2008 will both be end of life and become major security holes as Microsoft will no longer release patches for those applications.
- Backups – Have backups at the ready and take a copy those backups offline. If you store all of your backups on the same server, or a server right next to the server you’re backing up, an attacker who gains access could easily delete your backups first, and then move on to your system. This way you have no option to recover and are forced to pay a ransom. Keeping a copy of your backups offline is failsafe.
- Revoke Locale Admin Rights – No user should have full administration rights all the time on the network, the domain, or on their computer. Instead, you should have dedicated admin users that can approve or deny downloads on all other machines.
- Training – One of the biggest oversights in boosting cybersecurity is end-user training. Educating your users on cybersecurity awareness, what the cybersecurity landscape looks like, what that means to your company, and how each end-user plays a part in cybersecurity defense will undoubtably have a positive impact on your security standings.
- Two-Factor Authentication – Where possible, license and enable two-factor authentication, or 2FA, for anything accessible outside of your organization. 2FA is a security measure using what you know (your password) in combination with something you have (such as your cell phone) to verify your user. Account take over attacks are common and use simple/weak passwords to hack into accounts. This is an especially popular attach in Office 365 environments. Enabling 2FA will add a layer of security to defend against cybercriminals.
Each of the five items listed above with help strengthen small business cybersecurity. With the rise in targeted cyberattacks, ensuring your business is protected from cyber criminals is critical to the success, and longevity, of your business. Contact Streamline Technology Group today for your Managed IT Services needs.