The Cyber-Security Threat to Small Businesses
Going to try something new, both as an individual and as a business. I have never written a blog before, but I’m going to try my best to both make it both interesting and unique. I won’t just be copying and pasting from somewhere else, this will be home grown. I’m going to kick this very first one off with some facts that are probably surprising.
· 77% of small businesses believe they are safe from a cyber-attack.
· 83% Have no cyber-security plan.
· 43% of all cyber-attacks target small businesses.
· Of those that are successfully attacked, 60% fail within SIX MONTHS.
The list goes on and on with numbers and metrics. The point is, attackers will continue their assault if victims are available. Small businesses are on average less secure, primarily due to the cost and experience required for a full IT team. Most cyber-attacks are automated and have no intended target, they just scan the internet looking for known vulnerabilities. Once they have identified a target, the attack is often automated as well. When an attacker is in, there is very little to stop them. The worst part is, that most of these attacks can be prevented with very simple countermeasures, many of them ‘one and done’.
This isn’t to say that large businesses don’t get targeted by random attacks, because they do. Large businesses are more vulnerable on average, mostly due to how complex their network architecture is. It can be extremely difficult to cover every approach, but they have huge teams and multiple systems in place to protect themselves in the case they are attacked. Big businesses usually keep their data quite secure, but anyone can look at the recent history of large data breaches. Facebook and Equifax are the most notorious.
With all that scary information here are a few easy things that anyone can implement to keep themselves and a business from being an easy target.
1. Keep your software up to date. Don’t push off those windows updates, application updates, and anti-virus profiles off. Sure, a lot of those are for usability and features but they are also patching security issues.
2. Always verify the sender of an e-mail. Just this week I received a very convincing phishing email. It looked completely normal, even had a “Verified Sender” tag on the message. It wasn’t until I checked the sender did I realize the threat. Always verify identity before sending money or documents.
3. Use good passwords and keep them unique. Realistically you don’t need a complex or hard to remember password, length is actually more secure. “footballspaghettiwalletcouch42” will be much harder to crack because of the length and how vast the English language is. The most secure option is to use a password manager like LastPass with randomly generated codes. It will be not only easier to use, but much more secure.
4. Finally, keep backups. There are numerous ways to keep your data safe, but it can only be truly protected if an individual or business is practicing good redundancy. Whether it is saving it to the cloud or saving it in multiple places. One thing to remember, is that a backup is only good if it actually works, it needs to be tested.
There are many things that need to be considered for a safe network and this list only covers some of what your users should be practicing. Business security solutions are mostly automated and far more comprehensive. They can be expensive to setup sure, but not quite as expensive as losing a file server to ransomware.
-Lyle Baumgaertner, Operations Director