You need your tools and your data to be accessible to everyone in your organization. But the more accessible they are for your employees, the more accessible they can be for cyber criminals. Cybersecurity threats have been increasing exponentially in recent years, and not just for large businesses. Small to mid-sized businesses are catching more attention from cyber criminals precisely because most lack the staff and tools to mount a reasonable defense. And of those small businesses that have fallen prey, 60% fold within six months. Even nonprofits aren't immune. In fact, a number of them have recently been the victims of ransomware attacks.
As cyber criminals grow bolder, and their attacks become more and more common, it's tempting for many business owners to simply throw up their hands in defeat. But cybersecurity is a little bit like security in every other aspect of life: a little bit of awareness and common sense can go a long way. And cyber criminals, just like other criminals, typically don't seek out a victim with any other intention but an easy profit.
If you are the victim of a cybercrime, it feels deeply personal; to the cyber criminal, it isn't. And if you take a few basic steps to make it harder for them to attack you, they'll typically move on to easier pickings. However, a significant number of businesses haven't improved their cybersecurity infrastructure where it really counts. According to the Economic Value of Prevention in the Cybersecurity Lifestyle report, only 24% of IT cybersecurity professionals surveyed said their organization optimized prevention.
It's frustrating to all of us who adore technology that some people would choose to use it to cause others harm. And that's exactly why keeping clients safe will always be a point of pride for top cybersecurity companies, Marco included.
What Does Cybersecurity Involve?
There are a few misconceptions many business owners have about cybersecurity. One of the biggest is that cybersecurity is only a set of software and monitoring tools. While these tools are necessary to protect a businesses' communications, network and connected devices, they are only a portion of what a good defense requires.
Again, just like any other crime, one key vulnerability will always be human error. You could buy the best home security system in the world. But if you keep forgetting to arm it when you leave the house, it's of little use.
In fact, the majority of major security breaches are due to a careless employee, who inadvertently allows hackers to access the system. For that reason, it's best if a good prevention effort includes employee training and regular reminders.
Help Is Always Available
Fortunately, no business has to figure this out alone. And even if you don't have the resources to work with a managed IT services provider, there are a few organizations that work hard to keep businesses safe. The National Institute of Standards and Technology (NIST) is part of the U.S. Department of Commerce, and one of its areas of focus is regularly monitoring threats to cybersecurity, and making recommendations for best practices. Additionally, the Center for Internet Security (CIS) is a nonprofit organization that was founded to safeguard both public and private organizations. It also provides benchmarks and tools to help reduce vulnerabilities and prevent attacks.
Marco is equipped to help clients maintain compliance with the recommendations provided in the NIST Cybersecurity Framework (NIST CSF). These recommendations, when properly followed, ensure that security practices are sufficient and up-to-date, and provide continued risk awareness.
Generally speaking, a comprehensive cybersecurity solution for your business would include an internal privacy policy to protect customer and employee data and other company information. It should also include a security program containing multi-factor authentication to access online tools, phishing and other security awareness training, plus a set of protocols to be followed each and every time your business receives on-site visitors.
Additionally, your organization should have a full suite of tools to secure your networks and email gateway, backup your data and more. Your organization should also regularly participate in system hardening, continually assess and monitor vulnerabilities and risk, and have an incident response policy to reduce interruptions and minimize damage if an attack occurs.
A full checklist of SMB Security Essentials can be found here. It's a long list. But if you're able to check off each item with confidence, then you can sleep easier at night, knowing that your business is far less likely to be the victim of cybercrime. And should you identify an area of weakness, then at least you know where to focus your efforts moving forward.
Cybersecurity can be an intimidating topic, but one that shouldn't be ignored. And there's good news for a business looking to better safeguard its employee and customer data and keep its valuable assets out of the hands of would-be thieves. The vast majority of attacks (probably around 80% according to experts) are completely preventable with the addition of some fairly basic security measures.
It's hard to quantify things that don't happen. Cybercrime is largely invisible, and so are most efforts to prevent it. But if you take steps to help your business avoid a ransomware or malware attack, do not doubt for a second that you're saving your business significant time and money, and doing important work to preserve customer trust.