Is Your Business Exposing Itself to Cyber Attacks?
How safe are your business computing systems, the networks, and cloud services? Are your employees well-trained to identify red flags in attachments, emails, and security best practices? Most small to medium-sized businesses have a limited budget to hire a full time IT expert to run all the systems and security protocols 24/7. Without that experience and expertise, many companies leave themselves vulnerable to cyber attacks without even realizing it.
A Look Back at Cyber Crime Stats
Did you know that in 2018, there were 2 million cyber attacks with a 12% increase in business-targeted ransomware, leading to $45 billion in losses, according to the Online Trust Alliance’s Cyber Incident & Breach Trends Report? More than 94% of companies surveyed changed their security policies due to the high number of cyber attacks. Has your company changed its security protocols? In 2019, data breach statistics found that 63% of successful attacks came from internal sources, either control, errors, or fraud. That same year also saw 12.4 million malware infections. Are your employees trained and prepared for a cyber attack? Sadly, 2020 has seen even more of an uptick in cyber crime due to the global pandemic. Some experts have found that cyber crimes are up 600% due to COVID-19 scams and vulnerabilities. Due to the outbreak, an increase in sophisticated phishing email schemes by cybercriminals has emerged. In addition, malicious actors are posing as the Center for Disease Control and Prevention (CDC) or World Health Organization (WHO) representatives.
Common Mistakes and Vulnerabilities
Let’s face it, cyber security is not front-and-center in the minds of many business leaders until an event happens such as: a virus, ransomware attack, hacking event, or user error. When you are neck-deep in computer issues, it is not always the best time to consider what your protocol should have been. Here are a few common mistakes that can leave your company vulnerable to cyber attacks.
Not training your staff regularly to spot malicious emails or links.
Having a weak BYOD policy that leaves individual devices lacking proper security even as they gain access to your company’s sensitive data.
Relying on a single IT personnel rather than hiring an IT management company.
Not updating or reviewing your disaster recovery plan regularly.
Failing to regulate access to different areas of your computer systems based upon position and need.
Using weak passwords or passphrases.
Failing to activate and maintain a stringent backup policy.
Forgetting or delaying software and patching updates.
Being unaware of permission grants on devices for: cameras, photos, and microphones.
Failing to use access protocols for your cloud-based services.
Steps to Protect Your Business
There are several steps that business owners can take to further secure their personal and sensitive business data. Here are a few that are fairly simple and straightforward. Many you can conduct on your own, while others you will need an IT team like our experienced team here at Spectra Networks.
Conduct a Security Risk Assessment
One of the first steps business leaders should take to protect their growing business is a thorough and unbiased review of security protocols. We suggest conducting a security risk assessment with an IT management company. This will allow for a third party to impartially examine all the aspects of the system, employee access, permissions, and backups to see if there are areas that can improve. Sadly, many small companies only have the budget to hire a one-person IT personnel who is left handling day-to-day questions and troubleshooting from employees as well as planning for the future. Our IT management program allows you to worry about your business while we take care of all the security and troubleshooting for you.
Create a BYOD Policy
With the outbreak of COVID-19 across our nation and the globe, more and more companies are requiring that employees work remotely. For many, that stay-at-home order expired once the immediate threat of the coronavirus was over. Now that some employees have returned to the office, there needs to be a policy on using devices brought from home. If employees got used to using their own laptop, tablet, or smartphone to conduct business remotely, they may need some upgrades to the security systems on those devices. A simple review of security systems and access to data can ensure that your business is protected from external threats via a personal device.
Review Access Controls
One major issue that businesses face is determining which employees can gain access to client or consumer data. A regular review of access controls can help. According to a cyber security report from Thales, the most popular and recommended access management tools are two-factor authentication, biometric authentication and smart single sign-on. Two-factor authentication is the most popular tool, used by 58% of the businesses surveyed. It requires both official credentials in addition to confirmation of identity, such as a texted code, before logging on to the company’s site. Biometric authentication uses identifying factors such as fingerprints to access company information and is used by 47% of companies surveyed. The extra few minutes that these security steps take could mean the protection of your most valued data.
Regular Employee Training
Most cyber experts agree that your employees are the frontline of defense when it comes to cyber attacks. They will be the first to notice when a system is locked or not working properly. They are also the potential target of hackers who hope to trick untrained employees into opening malicious attachments or links via email or text messaging. Regular employee training can assist in educating your team members on the current risks and how to spot them before they become problems. Training can also hammer home what practices are best at maintaining the privacy of company data, especially if remote workers or employees use their own devices. In these training sessions, review with every member of your team what permissions should and should not be granted to applications on mobile devices, cameras, and microphones. For example, if your company laptops use a camera and microphone to conduct virtual meetings, be sure you are positioning those so that maximum security is allowed. It is also a good idea to review all of your apps and whether they have access to photos, data, or a microphone.
Conduct Regular Backups
No one knows better the value of secure backups than a company that just experienced a hack or natural disaster where data was lost or stolen. Regular backups will mean that your company can suffer the least downtime possible, whether the backup was on the cloud or through a third party. The easier it is to access your data, the faster your company can bounce back regardless of whether the event was caused by Mother Nature, one of your own doing, or caused by a ransomware attack.
Update Software and Passwords
As we have mentioned in previous blogs, updating software may seem like a real hassle, but there is a method to the madness. Sure, each update keeps you away from working for 15 or more minutes, but in the end, updating your software means that you will have the latest security measures that can protect you and your sensitive data. Passwords. Passwords. Passwords. We can’t stress this enough. Your passwords should be managed by a Password Manager. In order to keep your passwords strong and unhackable, they should be regularly updated. This is especially true if your business sees a frequent turnover of staff. Each past employee may have access to data once they leave the company unless you update regularly.
The Bottom Line
Determining to what extent your business is putting itself at risk for a cyber attack is no easy task. There are many components that come into play, including employee training, security updates, access controls, conducting regular backups, creating a BYOD policy, and, of course, starting with a security risk assessment. Don't know where to start? Let our team evaluate your system and security practices. We can conduct a thorough risk assessment and determine where your vulnerabilities lay. We can also take a look at how your company is adjusting to remote work, BYOD, and other access issues. These are truly strange times we are living in, and our computer use is only one aspect that has shifted in accordance.