There has been a long-standing thought that SMB’s have to think that your IT will just fly under the radar and not be targeted by hackers and cyber criminals because you are a small business, and these criminals would not be interested in anything that you have because they only target the large businesses. Unfortunately, this is a mis-conception as small business cyber attacks account for more than 50% of the total cyberattacks.
The reason these attacks happen, is down to SMB’s not focusing on the security on their IT systems for a number of different reasons.
Cybersecurity really is something that small businesses need to think about and put measures in place to protect their business.
Small businesses do face challenges when it comes to protecting their IT systems and data, the ever changing threats that your business face can become a real burden. As soon as you are protected against the latest Zero-Day threat, another one pops up, and this needs patching. Not only do you have to constantly protect against the vulnerabilities that exist now, but you also have to be aware of what is next on the horizon. It can be brutal for you, and not an enjoyable and efficient way to run your business.
Just think about what an attack would mean for your business.
Keeping your business safe and protected against cybersecurity threats can be tiresome, but it is not impossible to stay up to date and protected.
Ongoing Employee Training and Education
Training your team is at the core of avoiding attacks. It is essential that the team are all on board and pulling in the same direction, ensuring that everyone is taking their responsibility seriously. As many as 95% of all cybersecurity attacks on small business are down to human error. These can happen because your team aren’t paying enough attention, using poor or weak passwords or they just have one of those moments where they let their guard down and allow an attack through the back door.
Whatever the reason for it, employee training can have a massive impact on your business.
Cybersecurity training is not a one-off thing. Cyberattacks are becoming increasingly sophisticated. Criminals will take advantage of any situation, be it the global pandemic, a change in law or legislation or simply a new tax year. These criminals will tailor their attempts to trick and fool you and your team in any possible way they can, and your team will need to ready for this.
Your business will need to have the best security software possible, so that it is protecting you in several layers, and not just one piece of software that sits on a client machine so that you think you are secure, “because you have Anti Virus”.
Off the shelf / purchased online security products may be offering you a certain level of security and protection but how do you know if this is enough? How do you know if this is actually working? Your business needs security that is tailored to your business needs, the applications and software that your employees use, and how you use them.
Having a multi-layered security process is critical to keeping your business safe. Building the security software and services so that they work together, each part protecting you against cyber threats and software vulnerabilities so that you ensure you are receiving higher level of protection than a one solution fits all.
Ensuring that your business has implemented multi-factor authentication across all of your software applications where you generate a login code, or a push notification on a secondary device. So for every login, you physically have to allow the connection once your credentials have been entered and submitted.
Small Businesses should consider that a lost or stolen device can pose a huge impact to your business. These devices should all be encrypted and have a remote wipe feature so that all data can be securely wiped upon a breach of the device itself.
Do you know who has access to which files in your business? Can the whole team access everything or are you ensuring that your files are only accessed by the individuals who really need them?
Implementing strong access controls into your business IT systems is one of the ways that you can limit the impact a cyberattack can have on your business. If a hacker should breach your systems, they will only be able to see small part of it, only the parts that the user that has been breached has access to, everything else will be safe.
A simple rule of thumb to think about is the more people that have access to a file/folder, the more chance this file/folder has of being breached.
Automatic software patching and updates
Have you ever been frustrated that your computer or software application always needs to be updated? The reason being, these updates are critical to ensuring that your systems are as secure as possible.
These patches are generally updating core system files and are used to fix vulnerabilities that have been identified, some of which will have been actively attacked by hackers and criminals across the world. If you don’t install these patches regularly, or have a system in place to perform automated patching and monitoring you are leaving your system at risk for a hacker to potentially exploit one of these vulnerabilities.
Secure your WIFI
Network security is one of the larger parts of keeping your business safe, but if your business WIFI is a connection into your main local network, and this is secured with a poor or weak password then you are making it easy for an attacker to gain access easily and attack your systems.
Ideally you should be ensuring that your WIFI is protected with multiple layers of virtual networks. Unfortunately for many small businesses, WIFI access points act a gateway into your main network. Once the password has been successfully entered, you have access to everything.
The key for business is to ensure that they are providing adequate protected to their wireless networks, ensuring default security and credentials are change on all internet connected devices, separate Vlans (virtual networks) giving only access to what is required for that network and ensuring that you have active monitoring in place that can identify and nullify any brute force attempts against your WIFI network.
Backups and Disaster Recovery
We all know the importance of backups, but it still surprises us the amount of businesses that implement a backup strategy and then never check and test that this is working or checks to ensure that a restore of the data is possible.
Regular automated backups ensure that if something goes wrong, a system failure or a cyberattack against your systems or data, you have a current, untouched version of all of your business data. In a worst-case scenario with your backup, in the event of something happening to your data, you can wipe your systems down and restore from your backups to the point of the issue, without data loss.
A good backup policy includes a mix between on-site and off-site (cloud) backups.
Whilst you already communicate well with your team about your own business, do you do the same with your IT Security? It is important to tell your team why you do the things the way that you do them, and then remind them regularly so that cybersecurity is always at the forefront of their minds. Creating a great culture around your cybersecurity means that all employees are aware of their responsibilities.
For example, if employees fail to realise that files are restricted and/or password protected for a reason, they might then give the passwords, or files to another employee to make information sharing easier.
If a member of your team does not know the reason for using multi-factor authentication or secure password managers, then they may try their best to work around them, creating a security risk to your business.Clear communication across the whole of your company is key to keeping your business and data safe and secure.
There is also a physical element to cybersecurity. Ensure the location where your systems and data are stored is safe and secure. Firewall and monitoring will only be able to take you so far if your servers are sat in an unlocked room that everybody has access to. Making sure that your servers are stored in a place that is under lock and key and cannot be accessed by somebody that can enter your building and try to steal your information.
Similar to access control, you need to be sure people can only physically access what they need to do their job. Most employees will not need access to the server room, so using a system that prevents access, and authorises access when need is ensuring your business is implementing good security practices.
Whilst the list above is something that can be done manually, staying on top of it all can be a real challenge. There is only so many hour in the day that you can dedicate to your cybersecurity when you have your day job to do as well.
This is where an IT Support company can help your business. An IT Support company like Obsidian Networks can help with staff training, ensuring your staff are being tested to ensure that they are aware of your cybersecurity procedures, ensuring your network and file/folder access is protected and secure whilst keeping all of your systems and software updated and patched against the latest security vulnerabilities.
Obsidian Networks will also ensure that your systems and network are proactively monitored 24/7 and any cybersecurity or system alerts will be actioned by a member of our team to ensure that you are fully compliant and up to date against all known threats. You can rest assured and concentrate on what matters most, running your business in the confidence that your IT systems and data are fully protected.
If you are interested in protecting your business from cyberattacks, contact us today.