Cyber Threat to Small Business 101

We’ve all heard the sob stories of businesses who have suffered  a ransomeware attack – but it’ll never affect me!  Surely!

Think again.  As technology is developing, so too are the opportunities being targeted.   And the small business is today as much at risk as ever before.  Cyber crime has recently been identified as one of the most “high-profile” threats to business operations – our core small businesses should be aware of and have strategies in place to avert these threats.

Some simple and prudent steps to mitigate this risk include

  • Layered Security

This sounds like a mountain to climb, but simple things like ensure you have a modern, efficient, anti-virus suite.  A decent antivirus suite can protect against ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, adware, and spyware. Products exist which detect other threats, such as malicious URLs, phishing attacks, social engineering techniques, identity theft, and distributed denial-of-service (DDoS) attacks.

Activate device level firewalls.

Deploy a sophisticated “learning” email filtering system.

Ensure your web browsing provides click-through validation to ensure your browsing reputable destinations.

Use SSL/TLS and encrypted tunnels for your communications.  If you have multiple branches, consider a secure WAN.

  • Firewalls

Your network should be protected by a comprehensive firewall.  In fact anything is better than nothing here, but the more robust this is, the better.  Firewall design is a specialist art, so ensure you get adequate expertise.

  • Patch Management

One of the most common vulnerabilities exploited by cyber threats, is the fact that many users are not “bothered” to maintain security patch levels – not only of operating systems (Windows, MacOS, Linux), but also of software applications.  One can understand this, so  employ a reputable and responsive provider who will remotely manage patch levels for your devices and software to ensure your security is as good as can be.

  • Password Management

Ensure your staff and users are using complex passwords.  76% of data breaches originate from poor and weak password practices and policies. Simple passwords are one of the most frequent methods cyber-criminals gain access to systems.  Define and enforce an appropriate password policy for your organisation.  Get a specialist in to speak to your staff on acceptable and responsible behavior when interacting with IT systems.

  • Backup/Restore

Many smaller businesses operate and use cloud drives to store and share business artifacts.  these however are not immune to crypto viruses – they can infect devices across your network, including cloud drives and network attached storage.  Step one is to adopt a true back technology which allows roll back to a specific point in the backup history.  Then, adopt a three tier approach to location of the backup files namely, on local machine AND on a local network drive AND offsite on a cloud data store.  Whilst this may seem overkill, these three stages each provide speedy recovery depending on where the recovery is being staged from.  Oh!  and do consider virtual recovery of your machines which will allow rapid spin up of an equivalent snapshot of your workstation to allow you to continue functioning as BAU.

 

If you’re overwhelmed at the prospect of cyber threat and mitigations against this, SME Tech provides specialist services and support to businesses in this arena.  Contact us for a no obligation consultation.  We’ll even undertake a free network security assessment at the same time.