Monday, February 17, 2020

Security Briefing for Small Businesses - Courtesy of Sprint

 


As you all know by now, I have a passion and perhaps a mild case of ADD when it comes to cybersecurity issues.  I’ve got lots of reasons for this, but one of the biggest is that it’s the right thing to do.

It also keeps your office out of trouble with the folks who enforce HIPAA regulations.  Security is one of the best examples of emergency preparedness.  If you prepare for an emergency, it won’t be an emergency when it happens.

One of the biggest problems in the world of cyber security is the “human element”.  Social engineering can make any of us vulnerable to giving up valuable data.  I’ve been coerced a few times myself, but those issues had nothing to do with my practice.  However, I am willing to gamble that if someone as paranoid about security as I am can be tricked into giving up info, you and your staff are probably vulnerable too.

Social engineering tricks are the easiest ways for cyber criminals to get inside your system.  Oh, of course they can also attack through brute force, but it’s SO much easier if you just give them the passwords yourself.  I was wandering the “Interwebs” the other day as I usually do and I found a great resource from Sprint on ways to protect your small business.  It’s so well written and provides so much info that I wanted to share it with you here.

I’ve been a Sprint customer since they first brought their mobile service to market and they are the only company I’ve ever used.  I thought I’d let you all know that as I the last stats I saw said that a 50% of mobile customers were dissatisfied with their providers.  Anyway, without further ado, here is the info courtesy of Sprint.  If you like to learn even more, you can follow this link.  

First, the bad news.

Small businesses are a big target for cyber criminals—even “I know everybody in my office by their first name, surname and the name of their dog/cat/goldfish” businesses.
No one is too small to pop up on a cyber criminal’s radar. Even though, as one report found, 54% of businesses believe they’re too small to be the target of ransomware.1 Unfortunately, this common assumption is a big mistake.

Why? Because even the smallest businesses have more money and valuable data to steal than a single consumer has—and also have a lot less protection in place than big businesses.

But what can you do about it? After all, without the money a medium-sized business has, let alone a big business, you can’t actually afford to protect yourself. Right?
This is another common assumption—and thankfully, this one is also wrong. The truth is that even very small businesses can put up a damn good defense against cyber attacks.

(That’s the good news.)

To start with, you need to know what to defend themselves against. With that in mind, here are the biggest threats facing (really) small businesses like yours in 2020—and what you can do about them.

1. Phishing
Phishing emails—which trick recipients to click on links they really shouldn’t click on—are the most common attacks out there. To make matters worse, they’re increasingly sophisticated and difficult to spot.
What to do: The key thing here is to educate your people in how to identify phishing emails. Happily for you, your team isn’t too big to train. Tools such as multi-factor authentication can help make it harder for phishing attacks to be successful—but ultimately your people are your first line of defence.

2. Ransomware
This involves a hacker getting into your network, encrypting your precious data and demanding that you hand over money in exchange for access. Small businesses are highly vulnerable to ransomware attacks because attackers know they’re more likely to pay up. Why? Because small businesses are much less likely to back up their critical data. They’re also more likely to be crippled by having their access to it blocked.
What to do: Don’t be one of those “we’re too small to back our data up” businesses. Look into backing up your mission-critical systems and data in the cloud. Today. (Right after you finish reading—and sharing—this blog, in fact.)

3. Malware
Malware comes in many forms (including spyware, trojan horses and “worms”). What these forms have in common is that they all contain malicious code designed to infiltrate, disrupt and damage your business. And small businesses are targets for all of them.
What you can do: Make sure your operating system, browsers and software are up to date to stay ahead of the hackers. There are also “as-a-service” solutions that can monitor all your internet traffic—you pay for such services per head, which makes them absolutely affordable for businesses of all sizes.

4. BYOD attacks
A BYOD policy makes a lot of sense for small businesses. It gives your people the option to work remotely on devices, without requiring you to pay for those devices yourself. But personal devices aren’t always subject to the same controls as company devices—especially in businesses without IT departments—which makes them potential trojan horses travelling into your business network.

What to do: What you need here is a mobile security solution that gives you “over-the-air” control of your employee’s devices. A solution like this will enable you to remotely monitor, manage and secure phones and tablets, automatically enforcing your security policies at all times and in all places.

5. Man in the Middle Attacks
These take place when employees connect to a public Wi-Fi network, thinking it’s legitimate, not realising that they’ve inadvertently connected to a fake network access point, set up by a hacker, who is now intercepting their (and your) data. Most of us now connect to public Wi-Fi networks with a degree of nonchalance, so it’s easy enough to fall for this.
What to do: A good virtual private network (VPN) service can be installed on employee devices and, having automatically detect an unsecured network, will encrypt all data and sessions taking place on it—leaving the man in the middle out in the cold.

6. Password attacks
In the era of cloud services, many of us are now using multiple passwords at work to access sensitive information. The temptation to use easy-to-remember passwords is ever-present. And easy-to-remember is easy-to-guess.
What to do: Education is a great start: impress upon your employees the importance of using strong passwords. You can also invest in password generation and management software.

7. DDoS attacks
A Distributed-Denial-of-Service attack is when a hacker uses malware infected devices to bombard your network (typically a website) with requests in order to slow it—or shut it—down. Downtime be disastrous for any business—let alone a very small one where every website visitor counts.

What you can do: As mentioned earlier, back-up your systems and files wherever possible in case of a DDoS attack. Ideally, though, you need to be able to detect and filter out incoming DDoS traffic. For businesses with modest budgets, cloud-based services that can be paid for on a monthly basis are available.

We hope this blog has given you some insight and ideas into how you can start protecting yourself. If you want more advice on how to approach security as a small business, why not check out our blog ‘How to establish your first security policies if you’re a small business’?

1 https://www.keepersecurity.com/assets/pdf/Keeper-2018-Ponemon-Report.pdf

No comments:

Post a Comment