Let’s do some myth-busting. Many people believe that cyber-attacks only happen to large corporations. This is 100% not true. Small and Mid-Sized businesses are just as likely, if not more likely, to be attacked as large organizations are.
“But I’m just a small business. I don’t have any critical information or loads of money.”
Let me state it another way; does it surprise you that convenience stores get robbed far more than banks? Probably not. Why? Banks have a lot more money and critical information in them than a typical 7-11 store. But because of that they also have heightened security to match.
Similarly, large corporations know they need to invest in security to protect their data (and their money). It’s the small businesses that don’t invest in their technology to protect themselves. The statistics reflect this too.
87% of businesses were attacked at least twice in the last year.
Pay close attention that this is at least two attacks. The average puts it closer to five. Five!
This is the modern world we live in. Everything revolves around technology and therefore one of the biggest frontiers for criminal activity is cyber in nature.
But we’ve busted the myth. You now know that it isn’t just large corporations at risk, but everybody. Now you can do something about it.
Let’s look at some reasons why attacks are successful, then we can address what you can do to build up your security.
Obviously, there are a multitude of factors for how and why cyber attacks are successful, but these are a few that you might not have thought about.
Factors for successful Cyber Attacks:
BYOD
In today’s work landscape, it is very common for businesses to adopt a Bring Your Own Device (BYOD) policy. This means exactly what it sounds like, and employees use their own personal devices for work use. It might be a smartphone or could very well be a laptop or workstation. The thing is, it’s hard to secure somebody else’s device. There are ways to do so, but many companies don’t do it correctly, if at all.
Every device connecting to your business data is a potential risk, which is why they need to be secured.
Number of Devices
In addition to personal devices being used, the total number of devices has increased as well. We are a “data access everywhere” world, and it’s brilliant for productivity. As long as you have an internet connection, you can get your data on your PC, laptop, tablet, or phone. You can sync and share across devices, and collaborate with your team. It’s great! However, it also needs to be viewed from a security standpoint. Each one of those devices is a door that needs to be secured.
Productivity Apps
See how I mentioned sharing data and collaborating with your team? That’s productivity software at work. Again, these are great tools that help us succeed. But the increase in productivity software being used also increases the risk of attack. The more apps you use, the more access to your data there is that needs to be secured.
None of these things are bad things. They are great things that help us run our businesses. But they are some of the reasons why cyber attacks have become more prevalent and continue to increase. It’s not all for not though. You can take action to protect yourself.
How to protect your business data from cyber attacks:
Password Policy
You should use strong passwords. That’s a given. I say “policy” though because there’s the implication that there’s a system and structure involved. That means rules to follow. Things like complexity (length, use of special characters, etc…) as well as not repeating the same password for any two accounts. Since it’s a policy, it is global. It’s what you should do, and what your entire team should do. Imagine having separate, complex passwords for every account you have, only to find out that Karen in accounting is using “Password123” for hers. As the saying goes, a chain is only as strong as its weakest link.
By the way, you should just get a password manager to handle all of this for you and make your life so much easier.
Up-to-date software
You know those annoying alerts that pop up for your software. You dismiss them and put them off for later. I know this because I have the same feeling. I just opened that app to use it. Don’t tell me I need to update it right now. I’ll do it later. I get it, but be real. Will you forget and keep putting it off? Software updates include security patches, and without them you are more at risk. Are all your apps and devices up to date? What about your entire team?
Staff training
Do your employees know what threats are out there and how to spot them? Will they open that file or click that link? They are your front line; you should empower them to protect your company.
I know, you don’t really want to take the time to train them on that. They don’t want to take the time to learn. But you still should because it will help protect your company. And trust me, the training doesn’t have to be boring. It can be made like a game, so the team actually likes learning and they retain the information.
Data Backups
Backup as protection? You bet! Backups come in handy for a multitude of disaster recovery scenarios, be it natural, accidental, or malicious. If you can always recover your data, then you don’t have to worry about losing anything. Mind you, this only recovers data. It doesn’t stop your data from being stolen and sold on the dark web.
Protection Software
You should have software in place to protect all of your systems. This includes antivirus, but it’s not just antivirus. Antivirus is good for detecting known threats based on virus definitions. But there are new threats daily, and it can’t protect against something it doesn’t know about. These are called zero-day threats. In addition, viruses are only one kind of malware. There are others, such as trojans, worms, spyware, keyloggers, and ransomware. The variety of attacks needs advanced protection. Things that involve artificial intelligence (machine learning), behavioral analysis, and exploit blocking. This is the type of protection that should be on your network, servers, and workstations alike. If you want to be really secure, 24/7 detection and response monitoring would cover you around the clock with a team of people keeping a watchful eye out on your systems.
These are some ways you can strengthen the cybersecurity of your business. Another saying, an ounce of prevention is worth a pound of cure. It really is better to prepare in advance than react to threats as they happen. It’s less disruptive to your overall business and keeps your data from being stolen and leaked outside your organization.
If you have any questions, need a little guidance, or just want us to take the reigns for you, we’d be glad to help. Just reach out on our live calendar for a meeting.