Follow the Leaders
Think cyber criminals are most interested in targeting big business? Think again. The U.S. Small Business Association (SBA) reports that 43% of the nearly 42,000 online security incidents that took place around the world last year targeted small businesses.
No matter how skeptical you may be of the stats heard around the world, data breaches can lead to stolen customer data and financial losses, and can severely damage brands. Businesses can be crippled for days by a breach – some taken down altogether. It’s undoubtedly a growing problem for businesses of all sizes.
Data security is Sklar Technology Partners’ primary mission. President Randy Sklar reports that his business has grown steadily busier in the past three years. Fortunately, innovation and proprietary services have kept his clients ahead of the bad guys – for now.
What are some of the biggest threats that small and mid-sized businesses face? “Ransomware remains a major threat, and wire fraud is something we hear about, as well,” says Sklar. “The biggest threat I hear about is credential stuffing. A local salon just lost $12,000 in a payroll heist, and [the owner] was using breached passwords for her ADP and email accounts. The cyber crook tried to get $80,000 and made off with $12,000.”
We all know our passwords should be a complicated jumble of characters and numbers, and that we should update them and our business software regularly. Still, if you’re concentrating only on those actions, you could be leaving your business exposed to hackers. One of your best defenses is a solid offense. Here are four ways to get started.
A formal assessment by a professional will help you identify your vulnerabilities and the conditions required to exploit them. A sound assessment will help you understand the likelihood that an attack would succeed and the potential impact it would have on your business. Sklar suggests performing a risk assessment annually or if any major changes happen to your digital assets, like implementing a new application.
“A typical assessment focuses on technology issues and the assessment should be solely focused on the asset. In this case, digital asset. And the report should be an easy-to-read graph outlining the impact vs. likelihood an asset will be compromised or lost,” says Sklar, who is a member of Virginia Council of CEOs. Sklar Technologies offers a good risk assessment discover tool here.
You know where you’re vulnerable. Now formulate a plan that outlines the procedures and policies your organization will follow to prevent and recover from a data breach. Not sure where to begin? We found a good customizable cybersecurity planning tool designed by the FCC. Or, better yet, contact a trusted local resource for plan set up and training.
STEP 3) HAVE A SOUND DETECTION SYSTEM IN PLACE
We’re often focused on keeping hackers out via firewalls, antivirus software, etc., but we come up short when it comes to breach detection. “Nothing is secure without detection,” says Sklar. “Just like at home, you want to have alarms, motion lights and barking dogs to detect the intruder. Make sure the person or organization in charge of your cybersecurity is comfortable in their ability to detect and quickly respond to a breach.”
A key component of any business’ cybersecurity defense system is to make cybersecurity a priority for leadership and staff. Show your commitment. Keep it short, simple, and fun! For example: Why not a game show or competition? Avoid boring videos and lectures, they are ineffective. Make it a team building opportunity, if you can. Cover topics like:
October is Cyber Security Month! Don’t let a cyber crime cripple your business or, worse, bring it down. Make a serious commitment to assessment, a comprehensive detection system and plan, and ongoing education.
Additional resources used for this article: “3 Simple Things to Protect Against Cyberattacks” by Anita Campbell.