Cyber Attacks Are Growing Exponentially
Recently, Microsoft shared that ransomware and supply chain cyber attacks are on the rise. Just as we saw a massive SolarWind hack take place, IT supply chains hacks are growing exponentially via resellers and technology service providers that provides customized technology solutions behalf of their customers, including SaaS based tech firms via disruptive and passive hack attacks. We have collectively had as much as 3 years of hacks happen in 3 months! This is quite alarming and all businesses, including freelancers, contractors, and small businesses, needs to take cybersecurity risks very seriously and be prepared and plan as much as possible against a cyber attack or data breach.
Being a Small Business Does Not Take You Off of the Responsibility of Having a Cyber Culture.
Wether you are a 1-person private or government contractor or a small business under 50 employees, all it takes is that one vulnerability for a hacker to be successful. As we enhance our digital capabilities, the hackers are also looking for that one vulnerability to take advantage of. The recent hacks were mainly caused by ‘phishing email attacks’ and ‘password spray’. We, as in technology users of any age, for personal or professional purposes, need to realize that we all be proactive and take cybersecurity risks seriously.
How Can You Protect Your Small Business Against Cyber Attacks?
To improve your organization’s resilience and readiness for a cyber event, improving and fixing some simple cybersecurity overlooked practices could be a major influence in preventing a possible digital attack as your organization would have the know-how to reduce security risks and effectively response to attacks. Even if you are not an enterprise, your small business can implement a few things to build cyber resiliency
6 Simple SOLUTIONS to IMPROVE your Small Business Cyber Security:
- Leaders of the company need to have a buy-in on building cyber resiliency and practice cyber culture top down at all times!
It starts at the top and needs to be practiced on a daily places. You, as a leader, need to give cybersecurity a 100% priority. Your livelihood and the success of your company depends on this proactive step in realizing that cybersecurity is the ‘foundation’ of your business operation. Small and medium-sized businesses (SMBs) are critical components of global supply chains. SMBs can be compromised and used as gateways/access points to larger companies in the supply chains. Your small company is also vulnerable because you hold or pass through the data or may have access to supply chain system that hackers are after.
- Emphasize the importance of strong passwords with MFA for email, remote, system/network access!
Passwords are the door to your organization. Emphasizing the importance of strong passwords coupled with multi-factor authentication (MFA) is one of the easiest and best ways to protect from password spray attacks. Password spraying attack is one of the types of password attack where bad actors run sets of common passwords in attempt to gain access. These attacks are very successful on accounts with users who set simple, predictive, common, generic passwords to log in on daily basis.
The first line of defense against opportunistic hackers is a hard-to-crack password. Making a strong password that’s hard and unique, preferably with 15 characters, takes just a few seconds, and is a simple ask of employees including leaders of the company. With MFA activated, this adds on additional layer to make it harder to be tapped into your system with bad intention.
- Protect your business from phishing attacks and other cyber hacks by providing cyber awareness training.
Phishing is a cyber attack that uses deceptive emails and messages to get access to an organization’s network. Phishing targets individuals by tricking the email or text recipient into clicking a link or downloading an attachment that can result in infecting that device with malware or allowing a hacker to gain access to a person’s systems or accounts. These messages are often opportunistic, disguised as real communications that a person may legitimately receive. Phishing emails can actually look like they are coming from someone within your company, client, vendor or prospect. Empower everyone in the company by providing effective training, anti-phishing software and helpful ‘Look For’ reminders of danger of phishing and staying alert and vigilant.
- Prioritize & Automate software updates to ensure your devices and software are downloading patches when they become available as they include critical fixes for vulnerabilities to protect against ransomware attacks and cyber hacks!
Your company likely uses many kinds of software, or at minimum email system, which is constantly being updated with software updates and patches which plugs the holes in security vulnerability that hackers could exploit. Not updating software right away could leave a gateway open to your system and the access points could end up being a devastating cyberattack or start into malicious activity to swim up to your supply chain. Protect your company against ransomware attack by immediately activating auto-software updates and patches as they become available.
- Avoid using unknown and unexpected removable media whenever possible to protect against USB Attacks!
Since USB attacks depend on human error, educating employees and monitoring how USBs are being used is critical. USB drives and other removable media are popular for storing and transporting files. They make it easy to share information, but they’re also easy targets for malicious software. USBs and other removable media can be infected with malicious software and there’s no way to tell until it’s too late. When your employees are using USBs and removable media without proper inspection and monitoring, your company is at risk. Hackers will infect USBs with malicious software, such as viruses, spyware, rootware, etc. This can cause irreversable damage to your network. Avoid using removable media whenever possible. Install anti-virus solution(s) on your computer that will actively scan for malware when any type of removable media or device is connected.
- Have an Cyber Incidence Response plan which includes Cybersecurity Insurance!
It is important to realize that your company is more than likely to have to deal with a security incident at some point that could impact business operations. Establishing cyber readiness culture and responding effectively to cyber issues helps in reducing risks and response time is critical to minimize the damage. Cyber Incident Response Plan determines how to respond during an incident. Having a clear plan in place can be the difference between an incident and a catastrophe. Incident Response plan walks you through the steps in preparing and responding to cyber event. It allows you to be proactive and strategic on recovering and resolving a security incident.
Even though cyber exposure is a significant business risk, many companies remain unprepared or assume that general liability policy would cover their cyber incident costs, expenses and lawsuits. Some policies may claim cyber liability protection, but that coverage is minimal. Cyber Liability Insurance is a specialized insurance product designed specifically with cyber exposures in mind as it also cover additional costs associated with ransomware/cyber extortion, business interruption, digital damage and recovery along with data privacy and regulatory laws for facing data breaches and cyber attacks. Having a cyber policy in the event of a cyber incident could make the difference in the survival of your business.
To learn more about cyber awareness training, cyber incident planning guide or cyber insurance and what cyber liability policies cover and exclude, speak to our cyber experts today. Cyber resiliency is a continuous and ever-evolving practice that will constantly be a continuous and dynamic process for anyone utilizing technology in today’s exponentially digital-era!
Don’t wait, mitigate!