Did you know:
- One of the best ways to protect your business from a cyber attack is to have: strong passwords, be up-to-date on antivirus software and all patches and to have implemented best practices for your small to medium-sized business?
- More than 60% of all data breaches impact small to medium-sized businesses?
- Man in the middle (MitM) and distributed denial of service (DDos) are the most common types of cyberattacks?
When you read the above information, do you know what that means to your business? Do you have a business continuity and data recovery specialist on your staff or hired as a consultant to help assure your small to medium-sized business isn’t the victim of a cyberattack?
Let me ask you this: What are you willing to risk in your business in the event of a cyber attack?
As an entrepreneur today your business is faced, almost continually, with cyber attackers attempting to infiltrate your databases and infect your systems with ransomware. Many small to medium-sized business owners aren’t aware their business has been infiltrated until the demand for ransom is levied.
Cyberattacks can cripple your business and it may never recover from the ransomware attack and data breach. A 2019 study found that close to 50% of all data breaches impact small to medium-sized business owners. Point of fact is that businesses of this size are easy targets. The business owners either aren’t fully aware of the need for a multi-layered approach to cyber security, haven’t trained staff to recognize the potential for a cyber attack and are of the mindset “we’re too small… it won’t happen to us.” It can. And it is.
Why are small to medium-sized businesses an ideal target for a cyber attack?
If you aren’t aware of the potential of a cyber attack you’re likely “leaving the door” open to an attack. Many small business owners underestimate the level of risk at which they’re operating. You don’t want to be one of the close to 60% of all small to medium-sized businesses that fail after a cyberattack or ransomware attack do you?
What should a business owner be aware of in a cyberattack protocol?
- Advanced persistent threats (APTs). These are attacks in which a hacker sets up his or her own computer system that will persistently attack your system until it finds a way in. If a cyberattacker can find a way to infiltrate your system, he will then be able to gain a stronger foothold.
- DDoS. This is an attack in which your server is intentionally overloaded with requests for access until the server shuts down.
- Malware. A malware attack can enter your small business in the form of a phishing email or in any other forms of worms, Trojans or viruses as a way to capture your data and disable your network.
- An inside attack. These are one of the worst, because you may have a trusted individual who will misuse his or her credentials in order to gain access to your confidential company or customer information. Have a protocol in place to immediately terminate all access when an employee is no longer with the company.
- MitM is a cyberattack in which two parties are exchanging e-commerce or digital information with one another and hackers know they can find a way to infiltrate that conversation or transaction and steal personal, private or financial information.
- Brute force password attacks. This type of attack involves a hacker simply guessing at passwords, by using a computer program, until it can determine the combination that will get the hacker into your system. Employees need to be made aware of how critical it is to use strong passwords.
- Phishing scams come in the form of an email that may look legitimate enough that the recipient will “click here” on a document that has been enclosed. Once that click is made malware and spyware and ransomware programs now have an open door to your data.
What can a small business owner do to protect data?
- Hire a business continuity and data recovery specialist. It is not enough to have an IT person on staff. This person is likely charged with keeping the computers up and running and providing staff with passwords. A BCDR specialist focuses on keeping your data safe from attack. His or her role is also to ensure your business continuity plan allows you to remain viable and restore access to your data in the event of a cyberattack.
- Use antivirus software but don’t rely solely on that software to protect you. You need to have multiple layers of protection in place.
- Make the investment in a data backup solution, a business continuity and a disaster recovery plan.
Implement a cybersecurity training protocol for staff
- Employee education is critical. Your staff is your first line of defense in helping protect sensitive company data. The human factor is one that opens the door for a cyberattack whether it’s intentional or unintentional
- Software patches need to be kept current.
- Cyber security policies need to be put in place and enforced.
It’s important to have a BCDR in place, but it’s equally important to practice that plan. Don’t wait until a ransomware attack occurs before you jump into action and hope the plan you’ve implemented works the way you intended.
I run an IT & Cyber Security Consultancy focusing on Business ContinuityDisaster Recovery (BCDR). We work professionals in many fields including legal and medical.
If you have security and business continuity and cybersecurity questions let me know. I am also filling up my calendar with guests on my Security Disciple Podcast. If you’d like to be a guest, please DM me @waregeeks, call (877) 653-7146, or email me email@example.com. www.waregeeks.com