Even if you have the best firewalls, backup and disaster recovery strategies, password protection, and other security practices in place, the new cybersecurity crisis can make or break a business.
Cyberattacks on pipelines, meat companies, nuclear contractors, and others have been dominating the headlines.
As REvil (a notorious ransomware group) and others turn advanced tools into turnkey software, there is growing anticipation that this problem will get worse over time.
These cyberattacks have hit some of the largest and wealthiest businesses that seemingly have the proper security measures in place.
News that the Colonial Pipeline paid roughly $5 million and JBS USA Holdings, Inc. paid $11 million in ransom sparked conversations about the impact of the new cybersecurity crisis and whether businesses should pay the money that cyberattackers demand.
Federal agencies’ view on this topic is increasingly becoming a one-word answer: "No". Paying the cyberattackers what they demand just rewards cyberattackers for the crimes.
This is an easy stance to take when you are not a small business whose entire business operations may be at stake.
While large businesses that become victims of cyberattacks have been dominating the headlines, small businesses are also vulnerable to cybercrime.
What happens to small businesses that become victims of a cyberattack? What happens to the businesses that do not have sophisticated security measures and solely depend on mass-market tools? What can these businesses do to protect themselves?
We asked some experts in the industry about their views and opinions on how this new cybersecurity crisis will impact small businesses.
How Can You Cyber-Secure Your Small Business?
In this expert insight response, Ryan Wessling of Intelice Solutions discusses how to keep a small business safe from cybercrime:
Small companies are not immune to such attacks as evidenced recently by several of our clients that have neglected to invest in simple security measures and paid the price.
As these attacks become more commonplace small businesses can’t simply ignore the threat and think they won’t become targeted simply because of their size.
In fact, certain industries get targeted due to the nature of their businesses which despite their small size may deal in large financial transactions, or service critical infrastructure components.
So what can they do to protect themselves? Engaging with a trusted provider such as Intelice is an important first step. We deliver and manage the products and services that are critical in defending against cyber threats. To name a few:
Multi-Factor Authentication – Protect against unauthorized access via compromised or brute-force attacked user credentials.
Security Awareness Training – Educate your email users about the risks posed to an organization via email, how to identify and handle phishing emails, and what the latest trends are in these types of attacks.
Dark Web Monitoring — Monitor the Dark Web for compromised user credentials of your employees so you can take proactive measures to change passwords.
Endpoint Protection (Malware and Anti-Virus) – Protect your endpoints (Laptops and Desktops) against the threat of Malware and Ransomware
Web Filtering — Protect users against the threat of malicious websites
Email Filtering — Protect not just against SPAM, but phishing, spoofed, and other unsolicited messages attackers send to infiltrate your networks.
These are just a few of the many solutions offered by Intelice in addition to standard best practices such as:
- Password complexity policies
- Restricted local admin rights of users (Protects malware and ransomware from executing)
- Device encryption
- Device backups
- Known folder redirection to cloud storage
All employees in a workplace need to be educated and aware of the measures that can be taken to protect confidential information.
There are industry experts available to help educate small businesses on the best ways to protect sensitive and confidential information.
Nick Allo of SemTech IT Solutions was asked for his view on the role of industry experts during the new cybercrime crisis, and this is what he shared:
“I think organizations can best protect themselves by partnering with industry experts at Cyber Security so they can do all the proactive testing to help reduce risk on the corporation’s network.
To beat the bad actors we need to be proactive. We just cannot wait for something to happen and hope a backup is sufficient. We need to do more and test the strategy. Fix the weak areas.”
Cyber Security Best Practices Must Evolve
"We anticipate the evolution of cybersecurity over the next few years as threats like ransomware continue to spread. The cyber threat landscape continues to evolve, with different strains of malware attacking network systems every day."
Troy Drever, President of Pure IT was asked to share some insight on the evolution of the threat landscape and how businesses must adjust, and this is what he stated:
As the threat landscape continues to evolve, businesses of all sizes – large and small – must continue to evolve their security posture and practices to defend themselves from the myriad of threats that exist today and evolve tomorrow.
One of the most important aspects of cybersecurity is education. The end-user is the weakest link to a potential cyber-attack.
Ongoing cybersecurity training and testing is a must. This training is readily available from I.T. service companies to help businesses of all sizes to access high-quality, ongoing security training for their staff.
Multi-Factor Authentication is another key defense used to protect corporate systems from hackers. This security measure is very affordable for all sizes of organizations.
With COVID-19, the work from home revolution has created a huge security risk for corporations. DNS filtering is a key system used to protect end-users that are not behind the corporate firewall from ending up on the wrong website where they can easily be compromised.
Another key security measure is Managed Threat Response. It’s no longer enough to deploy anti-virus and anti-malware systems, those systems must be managed 24×7 by a Security Operations Center who are highly skilled and trained in threat hunting and remediation of threats in corporate environments.
This is possible today for small organizations who cannot afford their own 24×7 security team to outsource that function to a Managed Services Provider who can provide that service for them.”
Many businesses are losing the cyberwar and as a result, cybersecurity needs to evolve to withstand the rise in cyberattacks. This may take the form of Managed Threat Response, Multi-Factor Authentication, or stricter regulations so businesses of all sizes will take all threats more seriously.
We asked Dr. Bennet Hammer of Hammer IT Consulting what his advice or recommendations are for small businesses that want to protect their assets against cyberattacks, and Dr. Hammer shared this:
As the number of cyberattacks increases, it is important for any type of business to take the extra step and protect their most important asset, their data.
You don’t need to have an enormous cybersecurity budget to protect your business from the latest cybersecurity threats. We have compiled a list of recommendation for any business to follow to make your environment more secure:
- Install Updates
- Create Unique and Complex Passwords
- Password Protect and Lock Your Computer
- Backup Your Data Regularly and Check the Backup
- Use The Latest Internet Browser
- Be Careful What You Click On
- Don’t Open Any E-mail Attachments or Click On Any Links from Unknown Senders
Small Business Vulnerability to Cyber Attacks
Small businesses across all types of industries are vulnerable to security breaches and attacks. Small businesses generally do not take advantage of network security and this makes them ore vulnerable to attacks.
"Small businesses are the most vulnerable when it comes to cyberattacks, and the truth is, most can’t afford to properly protect themselves using traditional security solutions", states Craig Beam, President of MicroXpress.
Craig also shared the following when asked what small businesses can do to change this:
"The best way for a small business to protect themselves without breaking the bank is to adopt a zero-trust security strategy."
Instead of “allowing everything” and trying to filter it, you instead “block everything” and only allow what has already been approved.
It sounds like a nightmare to manage, but there are actually some great tools out there that make it easy to deploy and maintain. ”
Small businesses must implement a robust and sophisticated security strategy to defend confidential information against ever-present cyber threats.
Cybersecurity is Accessible and Affordable for Small Businesses
Carl Fransen, Founder, and CEO of CTECH Consulting Group were asked to share some insight on his thoughts about the accessibility of cybersecurity for small businesses, and he shared the following:
"Cybersecurity is now accessible for small businesses around the world at a competitive price. There are now many cybersecurity vendors that offer a comprehensive offering that is priced based on usage."
A small business will be able to purchase a single-seat, 5 seats, 10 seats, etc. depending on the size of their business. From there, they now have access to a wide range of threat detection, automated response, 24-hour monitoring, and even user training sessions.
The biggest challenge is simply twofold. The first is identifying that they are a potential target to start looking for this type of security solution.
The second is to have the technical skillset to deploy this solution. Both of these factors are easily mitigated with a competent IT department of any size.”
While acquiring the proper cybersecurity measures mays seem daunting, there are options that make it accessible to small businesses across all industries.
As cyberattacks become more frequent and advanced, small businesses must take action to protect their valuable assets.
Adoption of Cybersecurity Tools
The adoption of cybersecurity tools can be effective at tackling a variety of threats, including ransomware. For instance, through the use of AI, systems can identify oddities.
Kenny Riley, Technical Director for Velocity IT believes the adoption of enterprise-grade security solutions that are accessible to small businesses should not be ignored:
"Enterprise-grade security solutions are readily available to the small business market and should not be ignored."
Technology such as AI-based anti-virus, two-factor authentication, encryption, regular system patching, and backup/disaster recovery solutions are all cornerstones of a successful cybersecurity solution to protect your sensitive business and customer data, brand reputation, and are all very cost-effective to implement.
There’s just no acceptable reason to not have these basic security items instituted in your small business with the accessibility and affordability of these technologies. If you lack the knowledge to implement these technologies, contact a local IT service provider in your area to get their assistance in deploying these items in your organization.”
Ilan Sredni, President of Palindrome Consulting also believes small businesses can protect their assets just as larger businesses can:
"Small businesses can take care of protecting their data just as much as any enterprise. Although they are smaller and their budget is smaller, they will likely have fewer locations to protect. Additionally, they have fewer employees to train and support.
Endpoint protection with AI will protect on the majority of attacks and a good business continuity plan that has data backups at an offsite location will help recover if something gets in."