By Dale Stein
Some of the nation’s largest corporations, like McDonalds, Adobe, eBay, Equifax, LinkedIn, Marriott, Target and Yahoo, have been affected by cybersecurity breaches. While many of these breaches have been widely publicized, they only represent a small fraction of the attempted cyberattacks that the modern business owner now faces.
As a result of these breaches, we are also beginning to see cybercriminals become more emboldened, targeting more critical infrastructure in an effort to demand heftier sums. In fact, recently the Colonial Pipeline, which is responsible for supplying 45% of the fuel for the East Coast, was hit with a ransomware attack. This halted gas distribution, sent customers into “panic buying” throughout the East Coast and eventually cost $4.4 million to restore.
Meanwhile, JBS, one of the nation’s largest meat processors, responsible for 20% of the nation’s meat supply, was hit with a ransomware attack that it eventually paid $11 million to resolve.
While most small and medium-sized businesses are aware of the growing threats posed by cybercriminals, they are failing to recognize that after large corporations and major infrastructure centers fortify their cyber defenses, hackers will have no place to turn but to small business.
i-NETT, a leading managed technology services provider based in Ventura, has been doing its best to educate business owners on the challenges that a breach, virus or phishing attack could have on any organization. The danger is best summarized by this statistic from the National Cyber Security Alliance: “60% of small and mid-sized businesses that are hacked go out of business within six months.”
While daunting, all this statistic actually reveals is that any preventative actions taken now could have dramatic impacts in helping a business avoid these kinds of disruptions.
While anti-virus software and a firewall may have been an effective security measure in the early 1990s, technology has evolved dramatically since then. There are many other technology systems available that can fortify any small business’s defenses so that it is fully prepared and protected.
Here are 6 steps that any small or medium-sized business can take to protect its staff, customers and future from cybersecurity disturbances:
1. Use “Layers of Security” — Taking a layered approach to security enables damage to be quarantined, while simultaneously reducing the severity of any attack. This can easily be set up as long as the network administrator has taken good care to keep the infrastructure well-organized and properly maintained.
2. Activate Multi-Factor or “2-Step” Authentication — Most companies now require multi-factor authentication upon logging into key systems, requiring the user to confirm their identity before proceeding further, via text message or phone call. While this is likely to become ubiquitous across all platforms, especially cloud apps, other internal technology systems need to be configured to provide this basic, yet extremely effective, layer of security.
3. Have a Data Backup or Data Recovery Plan — In the event of a breach or an outage, it’s extremely useful to have all key data duplicated and stored securely in a remote location. Not only does this thwart less sophisticated cybercriminals who are counting on their target to be underprepared, but it eliminates the downtime that any breach or outage could cause, while employees “get things back up to speed.”
4. Use an SOC (Security Operations Center) — In the same way that residential homes are supported by a remote security center, with 24/7 monitoring, notification and authority alerting capabilities, your team’s devices should be similarly supported. A good SOC will monitor network traffic, endpoints, logs, security events, etc., so that analysts can use this information to identify vulnerabilities and prevent breaches. When suspicious activity is detected, your platform should create an alert, indicating further investigation is required.
5. Mandatory Cybersecurity Training for Employees — Unfortunately, “human error” is one of the main causes of most security breaches. If a company has not mandated cybersecurity training for employees, then undereducated employees can accidentally serve as a hacker’s greatest ally. These employee trainings do not take very much time to complete and they can be configured to track and confirm employee progress.
6. Remove All IT Tasks from the CEO’s List of Responsibilities — Not only is the CEO typically one of the people with the least amount of technical know-how in the company, but the time required to build an adequate cyber defense strategy is sizable. While CEOs typically feel an obligation to keep their team protected, they should spend the majority of their time thinking strategically and focusing on how to create more opportunities for revenue growth, not tinkering with IT tools that they don’t have full mastery over. At this stage, consider consulting with or hiring an expert IT advisor to guide you through the nitty-gritty of installations, monitoring and ongoing management of critical security systems.
While hackers continue to search for targets, the steps outlined above are immediately actionable and will serve as a solid foundation for the majority of businesses that wish to prepare themselves for the coming trend.
• Dale Stein is the co-founder of i-NETT, a data and voice company with its corporate offices in Ventura.