Large and small businesses alike are evolving their tech stack to stay competitive. But the evolution of devices and technology also means increasingly complex networks—and small businesses especially must be aware of the network security risks. Read on to learn the considerations to keep your business secure.
The overwhelming tide of cyberattacks continues to rise. Even well-funded IT departments are having trouble keeping up with the threats. According to most major reports, hackers are now able to spend more than 200 days snooping about a network unnoticed, allowing them ample time to access all of the information they need.
There are many reasons for the growing number of cyberattacks. Static defense systems like firewalls are becoming easy for competent hackers to circumvent because of the increasing complexity of networks. At the same time, the expensive defense efforts of organizations are quickly thwarted by their bring your own device (BYOD) policies, which enable a whole host of unsecured employee devices to access formerly secure networks.
There’s a target painted on everyone’s back
There’s no doubt the number and diversity of attacks have exploded. According to a 2018 Symantec report, there was a 600 percent increase in attacks on IoT devices from 2016 to 2017, and cybersecurity defense mechanisms revealed 8,500 percent more unauthorized cryptocurrency mining programs.
It’s true that cryptocurrency-mining programs are seen as just a nuisance when compared to the complete loss of availability or confidentiality that ransomware and banking trojans respectively cause. In fact, Bob Rutherford, CEO and founder of Hedge, points out that law enforcement units have gotten better at tracking the digital currency when crimes occur: “Because this (cashing out) requires bank account numbers and other personally identifiable information, no matter how many times a criminal transfers money between online wallets, he or she will still be associated with the illegal activity.” Still, no matter how easy or complex the cleanup, any data breach is costly, and preventive measures are well worth the effort.
Who has the biggest target on their back?
Banks are some of the most tempting targets for hackers, given all of the sensitive information they house. To decrease exposure, financial institutions are considering every possible avenue when it comes to preventing their worst fears as well as what actions to take if a hacker is successful.
And while the headlines are reserved for major data breaches affecting the largest corporations, many other hacks occur with very little fanfare. Unfortunately, when small businesses are compromised, most of them end up closing their doors for good. That’s right — 60 percent of small businesses that experience a cybersecurity breach will go out of business in as little as six months. When you add up the fines, litigation, potential ransom, and loss of consumer trust, the costs are just too much to bear.
You might think your data is worth little on the dark web, but hackers are increasingly targeting small businesses. Small-business owners are more likely to pay a ransom so they can get on with their work. Most typically lack the sophisticated defenses of larger organizations. Small businesses can also be a foot in the door if they do business with bigger companies. Meaning an attack is both easier to pull off and more profitable for a hacker.
Defense is the best offense to protect your company from getting hacked
You certainly don’t want to become a statistic, but cybersecurity is a complex field that you might not fully understand. To ensure your business isn’t the next victim, creating a robust defense should be a major priority.
From the boardroom to the mailroom, get universal buy-in.
It really does take a village. Train your employees on how to recognize phishing emails and other attempted exploits they may be exposed to — knowledge is the best defense. Employees who compromise security rarely have malicious intentions; rather, employee ignorance is the most significant threat.
Consider the Ponemon Institute’s “2016 Cost of Insider Threats” study. The results indicated that, for 191 security breaches caused by malicious employees or criminals, there were 568 that stemmed from employee or contractor negligence. This is evidence that you should involve your entire company, starting at the top. If you arm your employees with the knowledge they need to recognize a red flag. This will help your team to be able to better fight off potential attacks easier.
Shore up partner networks.
Your partners have a wealth of information about your company. Some information could be used against you if it got into the wrong hands. If a business you partner with is hacked, it’s likely that your data could be compromised as well.
CyberGRX founder and CEO Fred Kneip points to an attack earlier this year in which cybercriminals stole more than 5 million credit and debit card numbers from Saks Fifth Avenue and Lord & Taylor customers. He notes that the breach “shows how the parent company bears the reputational impact of breaches at its subsidiaries just like a company does when its vendors are breached.” Before partnering with a company or signing up to work with a vendor, make sure they take cybersecurity as seriously as you do. Ask what processes and security precautions they have in place. And if you’re not satisfied, don’t be afraid to demand more from their efforts or walk away.
Batten down the ID hatches.
It’s far easier to prevent cyberattacks than it is to clean up the mess after hackers have struck. Your investment will deliver the best ROI if you center your strategy around protecting identity. One particularly effective measure is requiring multifactor authentication, not just for administrators but for all users.
Multifactor authentication has proven to thwart many bad actors attempting to steal login credentials. It also relatively easy to implement. It’s as simple as requiring users to provide more than one piece of identification to access a system. For instance, systems with multifactor authentication typically ask for a combination of something the system’s user knows — like a password or PIN — and something the user has — like an ID card or a code sent to his or her phone.
Cybersecurity threats aren’t going anywhere. As attacks increase in quantity, breaches are increasing in severity. This creates a loss in consumer trust, companies can face heavy fines from governments and regulatory bodies. Ultimately, a failure to prioritize cybersecurity will turn today’s business leaders into tomorrow’s headlines. Don’t become the cautionary tales for those who rely on luck to protect their data.