Cybersecurity and Why It Is so Important for Small Business
Cybersecurity is still one of the hottest topics discussed at trade shows and conferences. It is truly amazing that being as connected as we are as a society, we do not spend more to protect the data that we are so willing to expose through online platforms. It is almost like we have given up and accepted that people are going to access our data regardless of what we do to protect ourselves.
According to Security Magazine July 2016, only about 31% of small businesses take active measures to protect themselves against cyber security breaches. On top of that, only 22% are willing to improve security measures and spending over last year.
Small and Medium size businesses continue to be one of the largest targets for cyber-attacks. This is primarily due to the business owner’s lack of awareness of the threats they face, along with underestimating their exposure to cyber threats.
It is estimated that in small and medium size businesses, 75% of workstations are unprotected or unrestricted to prevent unauthorized access. This is an amazing statistic since local workstations are one of the primary access points to your network and data. Workstations are basically the front line to your business, and too many business owners still believe that traditional anti-virus and firewalls are sufficient to protect their businesses--think again.
Social Engineering and Cyber Security
Social Media, we love it! Next time you are in a restaurant look around. Families paying to have dinner together but not one conversation going on between them. They are all face down in their phones or mobile devices. Guess what they are doing that at work too.
So, what are the risks of social media, or better yet, how is social media being changed into social engineering and how is that effecting your business?
We have to keep in mind this is not a technology problem it is a human problem. The technology works, but humans make mistakes and those mistakes can be exploited. An example of social engineering in motion was outlined in an article from SmartFile written by Curtis Peterson in March of 2016 where he outlined a phone call from a hacker to the FBI. The hacker called the FBI helpdesk explained that he was a new employee and was having issues with the employee portal. The helpdesk asked if the hacker had a token code. The hacker responded no, the helpdesk said ok use one of ours. Following a two minute conversation, more than 20,000 FBI records and 9,000 Homeland Security records were released to the public. This is simply an example of how we need to recondition our employees to be less trusting, ask better questions and to increase security awareness training.
The rules of engagement have not really changed over the years. You have to take an active approach to security. It is not "set it and forget it" any longer. Your team has to proactively manage security, implement countermeasures and constantly be aware of new threats.
Here are some basic things that you can do to help your employees and your business be more secure:
Remember, in most cases cyber security is not a technology issue, it is a human issue. Training your employees is key to a successful security strategy overall. If your employees do not understand social engineering, or current threats, and how the newest scams can affect your business then you are more likely to be a victim of hacking, ransomware, or stolen data.
Policies and Procedures
It is critically important that you have an idea of the electronic tools that your employees use to do their work. This must be understood in order to write policies and procedures to protect your company or organization. At Winning Technologies, we have always told our clients the policies and procedures they have are their legal teeth and protection. However, when you have teeth you can decide how hard you want to bite if necessary. Without these procedures though, you have no protection and you are simply accepting the outcome of others actions.
Keep up to date
Keeping operating systems, networks, firewalls, routers, and software applications up to date should be a priority. Most manufactures and software companies spend a lot of effort to harden their hardware and software. However, if you are not up to date than you are exposing your business and your data to known weaknesses. Those weaknesses can lead to breaches and data loss.
The Future of Cyber Security
So what does the future look like for cyber security and cyber threats? You’ll see cybercrime become mainstream, organized crime will expand in the online world, malware including file-less malware will continue to grow and cost companies millions to protect themselves.
You will see further expansion of Ransomware and Crypto locker style viruses as they become more and more intelligent.
You’ll also see Ransomware spread to cloud based applications and big data warehouses as hackers further develop methods to attack areas of the cyber world that haven’t been exploited yet.
You will also see further expansion in social media attacks and the use of malware that attacks mobility devices that have network access in order to go after corporate networks.
As you evaluate your business, keep in mind there are countermeasures and protections that can help protect you. However, you have to take a proactive approach that has a layered methodology to security that casts a wide net to stay ahead of new threats. Don’t forget--it’s about security.
By Scott M. Lewis, President / CEO Winning Technologies, Inc.
About the Author: Scott Lewis is the President and CEO of Winning Technologies Group of Companies. Scott has more than 30 years of experience in the technology industry and is a nationally recognized speaker and author on technology subjects. Scott has worked with large and small business to empower them to use technology to improve work processes, increase productivity, and reduce costs. Scott has designed thousands of systems for large, medium and small companies and Winning Technologies goal is to work with companies on the selection, implementation, management and support of technology resources.