It’s not uncommon these days to hear about another data breach from a large company in the news, or that there was some sort of “attack” from things like botnets, which use fancy terms like “DDoS”(Directed Denial of Service). As a small business, we think, I’m secure, those things won’t ever happen to me, or I’m small, why would any hacker want to bother going after me. Problem is, this simply isn’t the case. The 2018 Verizon Data Breach Investigation Report found that small business made up 58% of all data breaches and attacks in 2018. While this might not sound to alarming, cybercriminals generally go after small businesses because they are easier to penetrate, and leverage. This is due in part, that large corporation’s and companies have the budgets, resources and training programs to make sure they are protected, although this isn’t always the case. With this in mind, small businesses don’t focus their attention on keeping their systems safe, and this is what cybercriminals and the like are counting on.
Why are small business at risk?
This is largely due to a lot of reasons. For one, improper knowledge and carelessness are one of the main reasons small companies are vulnerable to these types of attacks. Adding insecure remote connections to the network is probably the #1 issue for access. Remote desktops, security cameras, or simple file access without proper security are all ways in which the firewall can be bypassed and allow cybercriminals to access your data. #2 error would come from in-proper knowledge or training. Phishing scams and malware are rampant on networks these days. These methods allow cybercriminals to trick you into doing things, allowing them access. #3 would be improper protection on devices. I always hear people say, well I’ve got Microsoft Security Essentials, or AVG, or Malware bytes. These are basic defense systems, and don’t give you the full scope of protection that you require in your network. And #4 would be 3rd party access. This is a hard one, but can allow for some big problems no matter the size of your business. Take for example the rogue access that happened in the breach of Target in 2013. A 3rd party vendor who was performing some work on a location, plugged his laptop into the network. As his laptop was compromised already, cybercriminals were able to use his machine, and penetrate Targets systems simply by having inside network access. I have seen this even in the small business realm, which infected computers whether company owned, or 3rd party taking down certain aspects of their business through external means.
All of these issues point to the fact that most small business don’t have any type of real cybersecurity strategy, due to budget or not knowing where to begin. The Verizon report found that 1/5th of all cyber related problems are human error. Simply clicking on links, or emails that instantly installed some type of malware, or ransomware on their systems. These types of issues can be devastating to a small business, as we can’t afford the clean up and money it would take to deal with some type of breach on our networks.
What can small business do to fix their issues?
I think the first step is admitting you don’t know, or you did know, and you did it anyways due to convivence. We live in a world of technology, and it’s here to stay. Having the tools and the knowledge to protect yourself is key.
Remote connections can easily be accessed these days through VPN’s which encrypt the communication between the computer/mobile devices and the network allowing for secure access.
Upgrading your “home grade” Netgear, or Linksys router to something more robust such as a full unified threat management device, like a Sophos UTM for example is like upgrading from keeping your money in a mattress to Fort Knox.
Monitored, restricted access is another great tool. This can come in many forms. From usernames and passwords, allowing access to specific systems, and only allowing access as needed is a great protection. This also would fall under the category of who’s accessing your network. Restricting access to your internal systems are key. You can side steps this by giving access to guess networks, that restricts access to your network in the even of their systems being compromised.
All of these methods allow to help build a plan to protect yourself and your business from cyber threats and give you peace of mind.
Like most companies, you might don’t know where to start. Give DirectLine-IT a call and allow us at no charge to come and perform an assessment on your business. We will provide you with the recommendations and tools you need to be secure in this age of technology!