Attn to Small and Medium sized Business:
Cybersecurity has levelled the playing field for all businesses, large or small regardless of industry – no one is immune.
The difference between who stays protected and who doesn’t is the level of proactive preventative measures. The majority of why companies get hacked is because of a vulnerability was not patched by an update in their operating system.
Check out your cybersecurity vulnerability IQ below:
Test Your Cyber IQ
TRUE OR FALSE?
False: That’s a critical step – but it’s only a partial one. The great thing about hacking is that you can do it anytime – after everyone has gone home… sleeping. While there are monitoring platforms, the monitoring can trigger an email but how does that help you while IT is sleeping?
False: There are three reasons you may be an attractive target, regardless of your size: easy to penetrate, a challenge to penetrate without getting caught, and type of data stored.
True: Threats are growing more sophisticated daily, so monitoring and analyzing threat intelligence is critical. While not all IT experts are created equal, there are fundamental best practices that need to be deployed to ensure a secure baseline. Doing so should uncover new vulnerabilities while simple controls, such as application and operating system patches, will help keep your security strong.
False: Policies and practices are used to prevent and monitor unauthorized access and in many ways are more important than the purchase of the most expensive hardware and software. Hardware and software requirements are mid-high firewall, in and outward intrusion detection appliance, paid enterprise antivirus, strong password/passphrase in a domain environment.
True: There is a lot of information to create awareness regarding cyber-attacks and threats, yet the statistics show basically everyone is not paying attention; it has just become noise – until the servers are hacked and your computer is hijacked. Network security policies and procedures are there that needs to be followed, including changing your password every 42 days and installing Windows updates. Just do it and stay safe.
What Does Failure to Protect Look Like
How ready are Canadian organizations to prevent or respond to a sustained cyber-attack? It is a known fact that over 75% of Canadians have already experienced a cyber-attack and that number is increasing day by day.
The key barriers to cybersecurity improvement for private companies in particular likely won’t surprise. First and foremost, many businesses still underestimate the threat. In fact, hackers rely on small businesses believing they have nothing that is valuable and that an antivirus is enough.
Sure, carving the resources for security initiatives out of a tightening budget may be a challenge, but having your company’s data wiped or hijacked is even more expensive. The business owner should know the fact that the company data is valuable and there is so much more to securing it than a plug and play firewall with antivirus from Best Buy.
For organizations of all sizes, it’s critical to understand all the areas of risk to information systems, and to both prioritize those risks and implement controls to mitigate them as cost-effectively as possible.
Plan. Prevent. Protect.
Any organization, particularly a smaller private company, needs to get the most out of what they invest. The key is balancing the cost of the controls against the level of risk for your enterprise. Prioritizing these risks and focusing your budget on those with the highest likelihood and highest potential for negative impact can help you cost-effectively improve your security posture.
Take the attitude that you need to run security like a business and like health and safety rolled into one. Develop a plan for each section: network infrastructure, user compliance, business continuity, internal and external testing, and service providers. Then like a business plan, divide and conquer into time, resources and people.
Ensure that you understand key elements of a security plan – its current patching levels, where its critical data is stored and how it connects to clients.
Assess your security posture and set a schedule to re-assess at regular intervals.
Ensure all employees receive regular security-awareness training. If you haven’t already, develop and deploy a program as soon as feasible. At regular intervals, update the material to keep pace with evolving threats and (re)train staff.
While many business owners, and especially start-up entrepreneurs, continue to believe they are not the target of cyber-attacks, the reality is they are the low-hanging fruit. Size does not matter as far as cybersecurity attacks are concerned. If you’re online, you’re a target, whether you’re viewed as the top prize or merely the way to get to it.