Everything SMBs should know about cybersecurity

Everything SMBs should know about cybersecurity

Small- and medium-sized businesses (SMBs) are the favored targets of hackers and cybercriminals. They make great victims because they have more digital assets than individual consumers but less stringent network security measures than large enterprises.

Unfortunately, even SMBs that take cybersecurity seriously are more likely to be attacked than a big company. Verizon’s 2018 Data Breach Investigations Report revealed that 61% of all victims were in the SMB category.

Unfair as it may seem, West Palm Beach businesses must maintain information and network security solutions on par with those of large enterprises. But that’s not as unrealistic or expensive as it was 10 years ago. You just need to understand some cybersecurity basics:

In a 2017 poll of 2,400 business owners, 73% of respondents didn’t think they stored customer data that would be susceptible to a cyberattack. But the stolen information being sold in digital black markets and how much it goes for directly contradicts that belief:

  • “Full-profile” identities (social security number + address + birth date) – $40 per identity
  • Credit card numbers – $500–$1,000 per card
  • Online banking logins – $300–$1,000 per login
  • Payment services logins (e.g. PayPal) – $20–$200 per login
  • Subscription-based logins (e.g. cloud apps) – $5 per user

That means a generic business with 30 employees, a couple of company credit cards, and a few online banking accounts is worth several thousand dollars to hackers. Businesses in healthcare, government, education, or hospitality are worth 10 times more because of the wealth of sensitive data they store. Furthermore, businesses that provide business-to-business services within regulated industries such as finance are prime targets because they are a stepping stone to high-value victims.

Before you assume hackers don’t want to target you, audit your data.

Conduct a cybersecurity risk evaluation

A comprehensive cybersecurity assessment tests your current IT systems to identify weaknesses that make you an easy target. Before you design your network security strategy, you must:

  • Take an inventory of your IT hardware, network infrastructure, and software solutions.
  • Consider every possible threat, such as disgruntled employees, human error, unsecured communication channels, and unprotected data.
  • Audit your user authentication systems, passwords, and data governance processes to determine which are most vulnerable to attacks.
  • Consult with security experts who can assess whether your current antimalware program is equipped to defend against modern ransomware, denial-of-service attacks, and Trojan horses.
  • Identify the risk rating by multiplying the probability of a breach against the resulting financial damages.

C-suite executives need to have at least a basic understanding of common cyberattacks to ensure their security solutions are performing adequately. The aim of every cyberattack is to steal data or disrupt business operations, but most threats fall into one of these five categories:

  • Distributed Denial of Service (DDoS): These attacks occur when your servers are overloaded with requests, eventually shutting down your online services or office network.
  • Malware: This covers any program that causes damage or gains unauthorized access to your company network. Common examples included a virus, ransomware, or a program that secretly records what you type.
  • Password theft: Although malware can steal passwords, many hackers rely on programs that guess thousands of login credentials per second. If your password is even close to personally identifiable information (e.g. an important date, pet’s name, etc.), hackers can guess it without touching your network.
  • Phishing: Sometimes referred to as social engineering, this type of attack collects payment or sensitive information through believable requests, demands, or offers sent to unsuspecting individuals, usually via email. A common example is a fake message from the IRS demanding payment for late taxes.
  • Advanced persistent threats: These attacks combine a variety of methods to infiltrate a network in multiple phases, with the goal of avoiding detection and stealing information over long periods of time.

Any cyberattack is a big problem, but the ones you don’t even realize have happened are the worst. What if a piece of malware has been recording everything you’ve typed for the past month? Imagine how much damage it could cause.

If you and your team can recognize the early signs of a cyberattack, you could save yourself tens of thousands of dollars. Here are a few of the most obvious signs.

Your computer is slow or keeps crashing

There are only two reasons a computer crashes more often than once a month: a severe technical issue or a cyberattack. If it’s the latter, it could be because a hacker is trying to secretly steal large amounts of data without you noticing, or is using your computer to carry out an attack on another victim.

Your antimalware software is mysteriously disabled

If any of your cybersecurity solutions are acting out of the norm, one of the first things you should do is consult with a cybersecurity expert. A malfunctioning firewall or glitchy antimalware software could portend an impending data breach.

Your files are renamed, moved, or missing

Ransomware and other types of malware will often mess with your files before the final coup de grâce. If you notice your files changing soon after receiving an unexpected email or opening a suspicious attachment, shut down your computer and disconnect it from the network before the damage can spread.

People are receiving strange messages from you

You may still be valuable to hackers even if you don’t have valuable data. When dubious messages are being sent from your computer or mobile device, you’ve definitely been hacked. Someone is exploiting the trust that your employees, customers, and business partners have placed in the accounts associated with your name.

Unwanted programs keep showing up on your computer

Does your web browser have new buttons and search bars every time you open it? Is your desktop covered with icons for programs you didn’t install? Those could be more than mild inconveniences — they could be signs of a malware infection.

Awareness training

No amount of automated cybersecurity solutions can stop a hacker who has convinced one of your employees to reveal their password. Social engineering scams rely on trust and manipulation to “hack” your systems without any malware or computer programming.

Since most breaches start with human error, the most important thing you can do is train your employees to recognize and avoid threats. Training sessions should include everyone from the CEO to the receptionist, and should cover topics like phishing, password best practices, and avoiding public WiFi networks.

Regular software updates

One of the easiest things you can do to thwart cybercriminals is to keep your company’s hardware and software up to date. This includes installing updates for your operating systems, firewalls, web browsers, antivirus software, and third-party plugins.

A system that goes just a couple months without an update could compromise your entire business, as the 2017 Equifax breach taught us. No matter how busy your IT team is, make it a point to check for patches as often as possible.

Password restrictions

If your employees’ passwords are shorter than 14 characters and contain words from the dictionary, you should expect their accounts can be hacked. You should force employees to use long passwords that are different for every account. If they use the same login credentials for personal and professional accounts, one compromised account exposes all the rest. Ideally, your IT support provider will install and configure tools that generate impossible-to-guess passwords for every employee account.

Antimalware software

Even if they can’t detect never-before-seen malware, software that scans your desktops and mobile devices for infections is essential. Outdated malware programs are usually spread by inexperienced hackers and can be found lurking on USB drives, in spam emails, and packaged with free apps. Every time your chosen antimalware vendor uncovers a new threat, it is cataloged and included in the next update.

Firewalls

These hardware security systems filter digital traffic between the internet and your office network. Firewalls sift through data and block potential threats, which means everything coming into or going out of your network can be monitored via this gateway.

Mobile device management

Smartphones and tablets are critical to working quickly and efficiently, but with their convenience comes a raft of cybersecurity risks. Not only are mobile devices at a high risk of getting lost or stolen, but they are also exposed to unsecured WiFi networks on a daily basis. If your employees can access company data from these devices, they must abide by stringent security measures such as remote data wipe features, fingerprint authentication, and others.

Data encryption

Every company file you manage must be encrypted. Full stop. Data encryption ensures that even if a file ends up in the wrong hands, it will be unreadable. Supercomputers can’t crack today’s encryption keys, which makes this cybersecurity solution perfect for preventing all types of data breaches.

Data breach insurance

On top of proactive security solutions, cybersecurity insurance covers legal fees and other costs associated with data breaches. This coverage is invaluable in an age when new laws and regulations are piling up faster than most small businesses can keep up with. As long as you partner with a reputable managed IT services provider and have cybersecurity insurance, no cyberattack can put you out of business.

Unified threat management (UTM) integrates all the security solutions you need into a single, easy-to-manage system. Components include firewalls, intrusion detection and prevention systems, data loss prevention tools, and virtual private networks so you can maintain multi-layer protection that doesn’t need to be micromanaged.

Here are some of the key features of a UTM system:

Hardware consolidation

UTM combines several pieces of network security hardware into one cloud-accessible device. This means an in-house IT technician or managed IT services provider can deploy, configure, and update one system instead of several, which minimizes the number of cybersecurity vulnerabilities and simplifies the update process.

Intrusion detection and prevention

These advanced systems identify dubious software and network activity without relying on a catalog of malware definitions. They notify IT administrators of the activity and disallow network privileges until authorization has been given.

Data loss prevention

Even careful employees can accidentally send sensitive data to the wrong person or without encryption. UTM uses machine learning tools to control data privileges so you don’t have to worry about employees sharing, printing, copy-pasting, or deleting sensitive files.

App, web, and email filtering

Your data travels through a dozen different mediums on any given day, which is why centralizing visibility and control is so important. UTM systems filter every app request, web page, and email message based on the cybersecurity needs of your organization. This goes beyond the single point of control offered by firewalls by protecting you from threats that come from the internet as well as those that start and end inside your company network.

Virtual private networks

A virtual private network (VPN) lets you send and receive information across public or shared networks without unauthorized parties knowing. These invisible network connections grant users secure access to your corporate office network, which is perfect for remote workers and trusted third-party vendors.

Bandwidth throttling

UTM systems enable you to control network traffic and allocate internet speeds based on the importance of specific apps and solutions. Do you want your internet-based phones to always get more bandwidth than a YouTube video or a social media page? Bandwidth management is the answer. It’s also a great way to tighten up security because it reveals apps that are secretly exfiltrating data from your network.

The first step toward enterprise cybersecurity

Whether you need a full-blown UTM solution or a standalone managed firewall, your cybersecurity solutions need 24/7 attention. That’s a minimum, and the harsh reality is that’s not possible for most SMBs to manage sans outside help.

PC Lan Techs is an outsourced IT provider that creates customized cybersecurity bundles for businesses in West Palm Beach searching for enterprise-level protection. Our solutions are billed as monthly subscriptions and come with all the support you need to stay safe in a world where digital threats increase in number every day. Get in touch with us today to learn what we can do for you.

Like This Article?

Sign up below and once a month we'll send you a roundup of our most popular posts