A couple weeks ago, we told you about the five can’t-miss events at the NY Tech Summit. Today, we’re recapping one of those five things: Mike Hensley’s speech about why small businesses are prone to cyberattacks. Here’s what our Senior Manager of IT Solutions had to say.
- Why are small businesses at risk?
Most small businesses conduct their business online, and because they can’t afford enterprise class security products and protection in depth strategies, they have an increased vulnerability to attack. This weakness can be exposed by cybercriminals.Additionally, many small businesses partner with larger organizations to establish credibility for themselves in the marketplace. The problem is, though, that these partnerships can create pivot points for cybercriminals to enter larger networks and grab sensitive data in transit.As a result, small businesses in 2017 spent an average of 19% of their It budget on security, compared to 16% in 2016.
- What are the costs associated with cybersecurity incidents?
|Approximate Dollar Amount||
|External experts or loss of business|
|Staff wages spent during nonproductive downtime|
Credit card damages and insurance increases
Improvements to infrastructure to mitigate risk
Brand damage control
*Please note that exact dollar amounts will vary depending on size of the organization and the scope of its breach.
- How does a data breach even work?
There are four key stages of a data breach. First is incursion. Attackers get into a vulnerable system, in most cases because of a default password or targeted malware. Once they are in your system, they’re free to poke around. This is called the discovery phase. They map out your system and hunt for areas of compromise.The third stage is when the system gets corrupted. Your primary systems are compromised, and your exposed data is captured.Finally, exfiltration occurs. They capture your data and send it to a home base area in encrypted payloads.
- What can we do to prevent data breaches?
You need frequent and adaptive training that holds all users accountable for the systems. You also need policy development and enforcement—strict enforcement of policies and guidelines—if you want to stay safe.Here are our dos and don’ts:
- Use multiple accounts (business, personal, general use)
- NEVER send PI or financial information over unencrypted email
- Don’t trust every email from known senders
- USE the blacklist features of your SPAM package
- Utilize up-to-date antivirus, malware, and SPAM protection
- Use third-party services for layered protection
- Read and interpret all email before clicking links
- What should you do if you’re breached?
This is a critical question, but the answer, of course, is even more important. According to Mike, containing and remediating the breach is the best possible response. But how? To contain the issue, you need to select a containment strategy, and then gather and handle evidence. And to seek remediation, you’ll either need to consult your in-house experts or a third-party service/organization.
For most small business owners, these tasks might be easier said than done. So, what’s the best way for people to make sure they’re really protected? Well, that’s where Lume comes in.
At Lume, we provide proactive IT solutions and Help Desk services that enhance and protect your internal capabilities. To find out more about how we can serve your business needs, contact us today.