These days cybersecurity is a constant headline in the news. It can be easy to go on with business either feeling helpless or like this doesn’t pertain to my business. But with recent headlines highlighting crypto-extortion/ransom-ware and hacking of large enterprises by way of their small business partners, cyber threats have become something that affects all our businesses. But this problem is so-big and so-nebulous, what can we do to stay safe and secure in this ever-changing connected world?
Myth #1 – I’m not a large enterprise, hackers won’t attack me:
Did you know that more than half of the data breach victims are businesses with under 250 employees?1 Hackers are intelligent, and sophisticated, but they’re also often looking for something quick and easy. Small and medium businesses who believe they are not at risk, tend not to invest as much in cybersecurity; thus, making them an easier target. They collect and store a wealth of data, but often don’t realize it’s true value, and therefore don’t put the right measures in place to protect it.
From there, attackers take various routes. They might just encrypt your systems and hold your business for ransom, preventing order processing and other critical functions – often not restoring service when paid. Further the attackers might use data or access gained from the small business to leverage an attack on larger partner organizations. In 2014 Fazio Mechanical Services provided the vector for hackers which lead to Target’s massive breach. What big clients would you lose in this situation?
Myth #2 – Technology will fix everything:
It’s true that professionals use robust technology systems and tools to be prepared against cyberthreats, but technology is only part of the solution and buying and implementing technology solutions without expert configuration and monitoring is a lot like using WebMD.com in place of a doctor to diagnose and treat diabetes. Might you end up doing some beneficial things and even improving your situation? Absolutely! But are you positioned to understand all the complex intersections of causes, tools and treatments, side-effects, etc, to lead to an ideal outcome? It’s possible, but the truth is that you’re probably busy running your business and family.
Beyond technology, one critically underutilized tool in this fight against cybercrime is employee education. The number one risk factor since something like 1995 has been and remains human interaction. According to Verizon’s 2017 Data Breach Investigation Report, 99% of malicious content came from email (93.8%) and web browsers (5.8%). Though all of these threats are not easily detectible by humans, many are. As such, one of the most effective things we can do is to teach employees how to identify and avoid these sorts of threats and to pro-actively test them with controlled and measured phishing tests to determine where additional education may be needed. If employees are properly trained to detect a scam or raise a suspicion, we can prevent many attacks before malware is even in the system.
Myth #3 – I Don’t have funds or resources for cybersecurity:
It might feel like you’re not in a financial position to invest in cybersecurity yet – especially if you believe your business is too small to attract the attention of would-be-hackers. But have you stopped to think about the cost implications of a breach? There’s loss of business due to reputational damage, legal fees, loss of competitive edge, and so much more at stake.
Your local MSP (Managed Service Provider) has an IT Service that can help you. They will take an in-depth approach to cyber security which has proven highly effective by creating layers of security measures which minimize user impact and cost while maximizing return on investment. For instance, endpoint protection as a service solution, which is composed of industry leading anti-virus and web defense software married with best-in-class management and response procedures, has been deployed on 1000’s of systems as best practice.
Cybersecurity Ventures predicts $1 trillion will be spent globally on cybersecurity from 2017 to 20212. Ensure you’re a part of that investment, so you don’t get left behind.