2015 was a year of many things, cyber-attacks was one of them. With the prevalence and growth of big data and emerging technology, it leaves many companies open to threats they’re not aware of.
Cyber-attacks have been a large threats for businesses, governments, enterprises, and startups in last year.
In 2015 alone, we had seen the uncloaking of guest credit card information of the Trump Hotel Chain, the hacking which exposed the personal information of dating site Ashley Madison, the hacking of the US Office of Personnel Management that exposed nearly 18 million current and former government employees, and Patreon whom lost nearly 15gb of customer names and email addresses in a massive data dump.
According to Symantec, 60% percent of all targeted cyber-attacks struck small- and medium-sized organizations in 2014, with these cyber-attack set to increase. This is why it’s important that SMBs continue to perform their due diligence and make sure they stay updated on the best ways to protect their network and data from outside intruders.
We at Quartet have collected the top 6 ways cyber SMBs can protect themselves. They will be listed below.
1. The Internet of Things (IoT) will leave you exposed.
The IoT is a private network that connects all your devices together, such as refrigerators, printers, conference room screens, thermostats and microwaves. This can be problematic as it is open and vulnerable to attack.
Rapid 7, Security Research Manager Tod Beardsley mentions that security in 2016 will be IoT security themed.
Connecting millions of business devices and application together through the IoT will make control and maintenance easier, but also raises a number of significant security flags. More devices means SMBs are exposed to greater vulnerability.
The problem in so far is that although a business’s computers are secure and have the proper security features installed, a device connected through the IoT could not, and is an easy point of access for anyone looking to break into your organization’s network. With the addition of more devices exponentially increasing your networks vulnerability to outside intruders and hacks.
With 2016 being the starting point for more and more businesses looking to use IoT, it can be problematic between trying to maintain a secure network and leaving themselves exposed to hackers.
The adoption of any new technology is always going to be problematic as the majority of its security concerns are not fully understood or solved it, the best thing if you’re looking to adopt IoT is to slowly introduce it into your workplace and make sure to update and look for any new security features that work in protecting you. As the IoT gains more traction, more and more platforms will consolidate and introduce better security to handle this new technology.
2. SMBs prose a greater risk of being hacked than larger businesses.
Due to their size and budgets, SMBs prose a greater risk of being targeted as they don’t have the same security system and infrastructure as their larger counterparts. This puts them at greater risk of being hacked.
According to a 2014-2018 forecast, data firm IDC stated that 71% of security breaches targeted small businesses.
The problem lies at the heart that cyber threats continue to grow exponentially in volume, complexity, and threat vectors and without the adequate resources and staff to support a security system, this leave a lot of SMBs open to being exploited and targeted.
Hackers are targeting and exploiting the fact that SMBs don’t have the expertise, knowledge or resources to monitor their security 24/7.
Another major pitfall is having an IT department that is too stretched and can’t do their jobs properly. This follows in the same vein and is huge issue for SMBs who don’t have the adequate resources to dedicate to their security system, but instead makes due with what they have. This can lead to an inferior and inadequate solution to an important issue and can lead to weak firewall or security system to protect them from intruders.
If you’re not capable of having a dedicated IT staff to monitor and secure your network it’s in your best interest to find a security firm to outsource your security needs. Outsourcing has proven beneficial in the past, as it allows SMBs the ability to get the expertise and experience of security experts for a fraction of the price it would cost to have them in-house.
Another additional benefit is consulting and participating in different industry events and conference regarding security. This can give your SMB a greater perspective on the ways hackers and intruders are targeting similar businesses such as yours and allows you to learn from the mistakes of others to improve your business. This can also introduce you to new technology and industry security practices to protect and keep your network secure.
3. Keeping your mobile options safe and secure.
Having a detailed and secure security network also entails keeping your mobile devices in check.
According to a recent study performed by Pryvate, 30% of US consumers share sensitive work data using a mobile phone, leaving them exposed to exploits and hacks without them knowing. This also brings up the issues of storing and keeping corporate or confidential data on mobile devices, if the device falls into the wrong hands or is exploited this private data could prove disastrous for a company.
The move towards BYOD and mobile devices in the workplace have helped businesses and cut costs, but not without faults, as it introduces a new security issues that weren’t apparent when they weren’t used.
This is compounded if businesses don’t have adequate mobile security installed and monitored by their IT departments, essentially leaving a large part of their network open to hackers and exploits.
With the addition and introduction of malware targeted at mobile phones, it will only be matter of time before a major data breached is caused by hackers breaking into a mobile device.
But this isn’t the end of the world, as mentioned above having an adequate security system to monitor and updating to the latest security updates can protect your data from falling into the wrong hands, and combined with policies surrounding the effective use and protection of mobile devices you can ensure they stay protected.
As technology evolves, so do hackers and their targets. Staying up to date and ensuring your system is running the latest firmware and mobile security software is paramount to staying safe. Especially when you’re doing business across the globe with sensitive work information through your mobile device.
4. Keep your friends close and your providers closer.
How protected and secure are the products or software you’re currently using? Third party providers such as hosters, payment processors, call centers, shredders have a significant impact on your SMB if they’re hacked or if their data is breached.
According to a survey done by the Ponemon Institute, third-party organizations accounted for 42% of all breach cases. This means in the case of an emergency or data breach of a vendors or service provider you’re information could be stolen or your network could be left vulnerable to an imminent attack due to theirs going down.
Therefore it’s important when looking to adopt or use a particular software, product or third party provider you should do your necessary research and ensure they’re services aren’t faulty or have any prevailing security flaw that leaves you exposed. This ensures that in the case of an emergency you’re business isn’t left out in the cold.
You can do so by inquiring and asking; what some of their security practices are? What certifications they currently have? Are they complaint with security best practices in their industry? Have they had any recent data breaches?
Asking these questions and doing your due diligence ensures you’ll be able to determine and identify whether any third-party providers, products or software is worth using. If they fail these questions or are unable to answer these questions, it’s probably not a good fit for your SMB to engage in business with them. You have to make sure you’re always careful.
5. Protect your end-users.
Protecting and ensuring your end-users are safe is one way to protect your network. This can be easily done by having educational workshops on safe guidelines of how to spot or notice any security breaches, and also the proper risk assessment guidelines In the case of emergencies.
Let’s face it, in the case of an emergencies your end-users are your first line of defense. If properly trained and educated, they will notice and notify your IT department if anything fishy is happening and can save you time, resources and effort in the case of prevent emergencies before they occur. Therefore it’s important that they are duly protected and know the ins and outs of your security system and how best to react in the case of emergency.
Additionally to better protect your staff you want to install and use two-factor authentication, as it adds a layer of protection and security for your end-users essentially making it harder for them to be the victims of phishing attempts, social engineering, malware, and other password rooting technologies.
Implementing and using two-way factor authentication is simple and through the use of multiple free options online such as Google Authenticator, offers a dual layer of security with very little investment or time consumed on your end.
Two-way authentication works by generating a random password and sending it to the end-users phone to be used to login on conjunction with their original password. This prevents intruders from breaking in as they wouldn’t be able to gain access to the second login credential needed, essentially making their attempts to break in impossible.
Your end-users can either be your first line of defense or your weakest link. The one thing that separates the two is whether there are educated and know how to protect themselves in the case of an emergency or data breach.
6. Stay up to date with data protection legislation.
As a business you have to be aware of the legislation and security industry standards. This means ensuring that your security system is in cooperation and meets or exceeds the standards set by your industry.
This differs and rightly so, the large majority of businesses and industries have different security thresholds and threats that are apparent to them. Finance, healthcare, technology and software, and governments have more rigorous and specialize security and data protection thresholds than grocery stores, universities or entertainment industries. This is because the threats to certain industries are higher and therefore they’re faced with more rigorous regulations and legislation than their counterparts or other less targeting industries.
Keeping up or going beyond the protection legislation can be a sure fire way to ensure you stay safe and protected and sets a standard with how and what kind of threats you can protect yourself against. When designing or looking to update your security system, it’s impertinent to be aware of these standards and always try to exceed them, this ensures you’re ahead of your competition and one step ahead of intruders or hackers looking for an easy mark. Doing so will prove hugely beneficial in the case of an emergency.
As we move forward the instances of data breaches and security incidents will increase and as technology evolves and changes so will the techniques hackers and intruders will user. Therefore it’s important to keep an eye out and routinely update your security system with any new technology or practices to ensure you stay safe and protected in the case of any emergencies.
For more information regarding security services, checkout our security tabs page.