Do you think your business' size will protect you from cybercriminals. It won't.
Simple fact: cybercriminals are coming for you.
That's anyone reading this – individuals, 2-person businesses, Fortune 1000, or the mom and pop store on the corner.
All businesses have customer and other data that can be hacked. Criminals want that data.
Most SMBs attempt to secure themselves. However, they don't have the money or access to expertise that larger companies do. Their defenses aren't as strong as larger companies.
It's a lot easier to pick the lock on a doorknob (just to be 100% clear, this is you SMBs) than on a maximum security safe. Who do you think cybercriminals are going to target?
Here are seven things every SMB must know about cybersecurity.
1. You ARE a target.
You really must take security seriously: 43% of cyberattacks target small business, according to Symantec's 2016 Internet Security Threat Report.
The Ponemon Institute's report, The 2016 State of SMB Cybersecurity, show how exposed small businesses are to cyberattacks:
- 50% of SMBs have been breached in the past 12 months
- 55% report being attacked
- 59% of SMBs have no visibility into employee password practices
- Web-based and phishing/social engineering attacks are the two most common attacks on SMBs
2. There's a growing cybersecurity gap in hiring.
There are more open security positions in IT in the US alone than there are qualified IT professionals to fill them. This gap means that cybersecurity pros are in-demand and command salaries that can be more than a small company can pay. Fewer (and less qualified) staff available to SMBs means that they each have to cover more issues and are likely to fall behind on basic issues like keeping up with software patches, much less getting ahead of looming threats.
On the dark Web (yes, this is a real thing – not a TV show or movie), criminals can buy ransomware kits. Who do you think these unsophisticated criminals are going to target? Anyone with easy-to-penetrate security systems.
4. Anti-virus is just the beginning.
Anti-virus software and firewalls aren't a security plan. They're part of a security strategy, but are the bare minimum of what you need. Plus, here's a scary fact, criminals are often ahead of the security software. Why do you think patches are needed? Hackers find the weaknesses in software. Security companies discover these weaknesses and write patches to cover the holes. If you're IT department isn't regularly patching your in-house software, you're ripe for a ransomware attack or other hack.
5. USB ports.
If you aren't using them, disable them. One security professional, testing the security of a company (he was hired to do this!), spread malware-infected USB sticks in the employee parking lot of the company. A few overly curious employees picked them up and inserted them into their computers. Voila! Security breach.
6. Educate your employees.
If you don't educate and train your employees on security best practices, you'll always have a hole in your security strategy. Teach and enforce best practices in passwords. Periodically remind everyone to be wary of phishing emails and not to click on suspicious links (or anything from Nigerian princes offering a cut of their inheritance!).
7. Security is never “done” and never 100%.
Update your policy regularly to address changing technology. Don't think that because you have a sound security strategy, a great managed network partner, and well-trained employees that you're 100% secured. All you can do is the best you can do. There's a constant struggle between cybercriminals and security professionals – and unfortunately the criminals win sometimes.
Managed Network Services
If you're thinking, “that's a lot to be worried about,” you're right. It is.
It's also a very short list.
The good news is you don't have to do it yourself. You can outsource some of your security functions – like network monitoring – to a managed network provider.
Even the best SMB IT teams will have a hard time keeping up with managing the network, keeping patches updated,, and supporting other staff. Keeping the necessary security knowledge on your team is going to get harder as the cybersecurity expertise gap continues to widen.
Take a look at what a managed network services partner can do for you.
There are other issues in information and data security, of course. However, if you understand these seven things, you'll be in better shape than most other SMBs by adding some chains and deadbolts to your door.