Cybersecurity Threats in 2022 - What can SMBs Do?Feb 18, 2022
Recently, the number of cyberattacks on Small & Medium-sized Businesses (SMB) has increased. Such attacks against SMBs almost never make it to the news. These unreported attacks give a false impression that only large corporations and government agencies get attacked. More attention is given to these large attacks because of the huge ransom demands and/or the cost of the damages incurred when these large attacks are successful.
What are the most important things small and medium-sized businesses can do to protect and minimize their vulnerabilities to attack? The job at hand is to secure the networks, systems, and data from cybersecurity issues. Core responsibility is the prevention of data loss, as the sale of Personal Identifiable Information on the Dark Web, is a catastrophic event with crippling consequences.
Control of these factors is among the essential elements for the SMB to remain in business. It may look challenging, threatening, or even frightening to manage the cybersecurity landscape in the SMB market. Yet, there are a few small and rather inexpensive measures and best practices you can implement to hopefully prevent or at least recover from a cybersecurity attack.
Employees Cybersecurity Awareness Training
Employees and their interaction with the email system are a leading cause of data breaches for small businesses. Stolen credentials, the clicking of a phishing link; these actions enable a direct path into the company’s systems. One of the most important things executives at SMBs need to do when it comes to cybersecurity is educate their employees and themselves about the potential risks and how to go about mitigating them. They should provide mandatory training programs for all new employees and refresher courses for the existing workforce.
Among the topics the SMB should deliver awareness education on are:
- How-to avoid phishing and spear-phishing scams
- How-to practice good password usage and management
- How-to spot potentially harmful links and downloads,
- Best practices when using Public Wi-Fi
- Guidelines on the proper use of mobile devices in the workplace
- Social media behavior: what is acceptable and what constitutes an unnecessary risk
Many insider threats due to user negligence can be avoided with proper training and retraining. Senior executives can set a good example by promoting their importance to the organization and participating in these training programs themselves.
Implement & Testing Business Continuity Plan
Most SMB’s have some sort of Business Continuity Plan (BCP), but many may not have tested the plans to see if they work as documented in the plan. The BCP should identify the most critical aspects of the business and include a plan of how to get them up and running again, or even make sure they never stop. The company should know how long until they are up and running again, and how much data can they afford to lose.
A good business continuity plan will cover the areas like how company data & servers are backed up, the frequency. If you use business applications, can they be assessed remotely, and how those application data are backed up? If the workstations and laptops need to be wiped & reinstalled, would they still have their data? If not where are these data backed up? If you utilize various Cloud Services for your service/products, are they backing up your data, or are you responsible for backups? Most of the major cloud providers do not back up your data.
The BCP needs to be tested at the place of business to see how effective it works. The exercise and testing of specific disaster scenarios are known as a Table-Top Exercise. The whole point of conducting this test is to ensure the BCP plan fits the organization’s needs and limits the impact of a disruption to critical business functions and processes. This test provides continuous improvement to the BCP and allows all personnel to be engaged and fully trained on how you need the BCP to operate when an outage occurs.
Mandate “Turn on MFA”
According to Microsoft, MFA prevents an estimated 99.9% of attacks on accounts. Employees at times are poor in managing their passwords, either they reuse the same password for all their logins or use a very basic password for convenience’s sake. MFA protects SMBs from these bad habits.
MFA sometimes referred to as two-factor authentication or 2FA, is a security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). Your credentials must come from two different categories to enhance security – so entering two different passwords would not be considered multi-factor.
This can be a verification code sent via text or email, a notification received through your phone, or a code in an authenticator app that rotates a unique code every 30 seconds or so. Requiring this additional layer may add just a few seconds of inconvenience but prevent a leaked password from compromising your accounts. The use of an authenticator App is preferred over the sending of codes through SMS, as it is more secure.
Most all the web applications & email services have included MFA as part of their service. If it is not already turned on, turn it on. SMBs must ensure that every login in the company must be validated by MFA. This action alone will prevent most of the attacks. Password Crackers are software programs that use the 3 trillion instructions per second processing power of today’s computer chips to quickly determine your password! The use of MFA removes this vulnerability.
Install / Patch Software Updates on time
Whenever there are updates or patches released for the operating systems or business applications; a sense of urgency must be the mindset. These patches and updates are time-sensitive; they must be applied promptly. Updates are always found on those products’ websites and you can also sign up for updates that allow you to know as they release those updates or patches. New threats and vulnerabilities are constantly emerging. Companies need to regularly update and patch operating systems and other software resources. Check each day for the presence of any security updates.
The computers at every business must be equipped with antivirus software and antispyware and updated regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically.
They also must maintain and update security tools such as firewalls, intrusion detection systems, and anti-virus software as needed. Good security maintenance also includes conducting periodic and comprehensive risk assessments. The Risk Assessment will identify gaps in the security posture of the business, recommending remedies to apply that will close these gaps. A periodic Health Check, done by conducting a new Risk Assessment is essential. The Health Check will identify any situation that might have changed since the last assessment, such as the addition of new cloud services. These new gaps will be identified and a remedy to close them will also be reported, ensuring a continued secure Cyber posture is maintained.
Data Security and Backup
The execution of a successful backup of the data within the SMB is the foundation for achieving successful disaster recovery and business continuity. A regular cadence of running the Backup process should occur daily. Some SMB’s should consider multiple backups during the day, as driven by the need to recover at any point in time. Backup solutions are smart enough to back up the data on all computers, only the data that has changed, or all of the data, to any frequency of time. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Automate the backup of data and always store a full copy offline, with the capability to restore it back to the last business day. The Best Practice is to store the backups online daily, store a second copy off-premise and a tertiary copy in the cloud.
A backup and recovery solution should be designed to rapidly recover lost, deleted, and ransomed files. Administrators should be able to retrieve actual file contents so they can determine whether a file contains sensitive data during investigations; recover prior file versions and deleted files and provide self-service so users can recover from everyday data loss events.
SMBs need to be willing to invest in tools that can boost security and reduce risks. This includes platforms that automatically and continually monitor files across internal systems and the cloud.
Regular Cybersecurity Audits
Many companies assume their systems are secure, but this is difficult to know without performing regular in-depth audits of your security. Cybersecurity audits are about assessing compliance. These cybersecurity audits will be able to assess if the proper security mechanisms are in place. An Audit will also ensure compliance is certified with relevant regulations. Fines for the non-compliant SMB can put them out of business quickly. These occurrences are typically not reported, as the SMB cannot afford the cost of the negative publicity and shame.
SMBs should meet with their IT team/vendor on a quarterly basis to make sure that the company’s future goals align with the company’s technology capabilities. The IT team should be able to assist with compliance, security, business continuity, and even workflow improvements. It’s recommended that at a minimum, these audits are performed at least twice a year.
Engage Cybersecurity experts for help.
Many SMBs simply don’t have the internal resources or budgets to create and maintain a robust cybersecurity program. Even many larger companies struggle to do this. That’s why it’s a good idea to consider bringing in expert help from outside.
Managed security services providers (MSSPs), consultants, “ethical hackers,” and others can provide help such as suggesting affordable tools, deploying products, updating them, and performing penetration tests to evaluate the strength of products such as firewalls.
SMBs can’t afford to operate with lax security. In addition to data loss and systems downtime, they can experience a decline in brand reputation, a loss of customers, a rise in legal fees and regulatory fines, and other negative impacts. Preparation is always better than damage control. Businesses should act now to ensure they comply with all relevant cybersecurity laws. Failure is too costly to risk. For those companies that have not developed a strong security strategy and infrastructure, the time is now.