A recent study by the University of Maryland shed light on a disturbing reality: Hackers attack your computer an average of once every 39 seconds. In other words, by the time you finish reading this, hackers may have tried to breach your computer or device dozens of times.
Small businesses are among the primary targets, with cybercriminals increasing their assaults on smaller organizations. But by taking proactive steps, you can significantly reduce your risk and protect your business.
Here are seven steps you can take to protect your small to midsize organization from cyber attacks.
1. Assess Your Risk: Know Your Vulnerabilities
By conducting a cybersecurity risk assessment, you establish a baseline of systems and digital assets you have to protect. Granted, every organization’s systems and vulnerabilities are unique. However, here are some of the most common targets cybercriminals set their sights on:
- Outdated software. Outdated software is one of the most convenient attack vectors for hackers because, in many cases, other attackers have already found ways of exploiting their vulnerabilities. So, instead of an attacker having to come up with their own innovative hack, they can simply piggyback off someone else technique.
- Weak passwords. Easy-to-guess passwords, such as “admin,” “password,” “root,” or “12345,” make your system a very slow-moving target for hackers. Those who use brute force attacks have a long list of easy passwords, and they just continue trying them until one works.
- Lack of employee training. Many employees are so preoccupied with doing their jobs that they’re not on the alert for cyber attacks. As a result, they end up falling for a variety of phishing scams or accidentally leaving their login credentials unprotected.
2. Secure Your Network: Build a Strong Defense
One of the main reasons why the many cyber attacks launched at your devices every day aren’t successful is your network security system.
Firewalls
Many organizations use firewalls and check the contents of data packets as they attempt to enter your network. If the firewall detects a known threat, it discards that data packet, preventing it from penetrating your network.
However, It’s important to keep in mind that even if you already have a firewall, you have to make sure it can detect a wide range of attacks. For instance, a next-generation firewall does not have to rely on threat signatures to protect your network. It can also recognize suspicious behavior. For example, suppose an employee always logs in between 9:00 a.m. and 5:00 p.m. from within your office’s network. But one day, someone uses that person’s username and password from a remote IP address at 3:00 a.m. Your firewall can automatically detect this abnormal behavior and prevent the connection.
Another thing to keep in mind is that, like many devices, a firewall is only as good as its configuration. For instance, you can configure your firewall so it only allows a certain amount of data to exit your network at one time. This would prevent many data exfiltration attacks that target large files or volumes of information.
Intrusion Detection Systems
An intrusion detection system (IDS) monitors your network, looking for suspicious activity. Once your IDS detects malicious or suspicious behavior on your network, it automatically generates an alert that your incident response team can use to investigate or prevent the attack.
To illustrate, suppose an attacker is using a brute force attack to try to login to an application running on your network. With a brute force attack, an attacker tries many different combinations of usernames and passwords, hoping one of them is successful. Some hackers also have automated tools that can run brute force attacks for them. But if you configure your IDS to flag many attempts to log in over a certain period of time, it can automatically build a report about the assault. For example, some IDSs give you crucial details such as the IP address of the attacker, the system they were targeting, how many attempts they used, and the attack timeframe.
3. Protect Your Data: Encryption and Backups
Imagine you have two phones and are constantly backing up your primary phone to the cloud. If someone were to steal one of your phones, yes, you’d be upset. But the disruption to your life would be minimal. In a matter of minutes, you could switch from one phone to the next and go on about your day.
By having a backup system, you enable the same kind of resilience for your digital assets. For example, you can back up all of the data used by a core business app — once in the cloud and once in an on-premises server. If a ransomware attacker were to lock you out of that application, you could download new instances and restore all the data you need in a few minutes.
Encryption can also render many attack vectors useless by making information unreadable by hackers. Most people benefit from encryption almost every day. For instance, messages you send on WhatsApp are encrypted as they travel from your device to someone else’s. If hackers intercept the data package carrying your messages, they wouldn’t be able to read them because they get encrypted into a jumbled arrangement of characters.
Similarly, you can encrypt the data in a cloud-based customer relationship management (CRM) solution, enterprise resource planning (ERP) software, financial software, and more. In this way, even if a hacker were to gain access to internet transmissions, they wouldn’t be able to read the data as it goes from your device to the cloud.
4. Educate Your Employees: The First Line of Defense
Your employees can stop many attacks that automated solutions may have a hard time detecting. By arming them with education, they become key foot soldiers and intelligence operatives in your cyber defense system. For example, you can educate your employees regarding:
- What phishing attacks look like
- The kind of data attackers like to steal and how they use it
- What to do when they suspect a phishing attack
- How malware makes an otherwise healthy system behave
- The kinds of endpoints hackers like to target
- How to set strong passwords and prevent them from getting stolen
It’s also best to be specific when it comes to the kinds of attacks you teach employees to avoid. For instance, while phishing encompasses a wide range of attempts to steal data, spear phishing involves a more targeted attack on a specific individual or group. This may make a spearfishing attack look different than a typical phishing assault. A hacker may send several personalized emails to a single employee in an attempt to build trust before asking for sensitive data.
5. Have a Plan: Incident Response and Disaster Recovery
When you have an incident response, disaster recovery, and business continuity plan in place, it takes far less time to recover from an attack. You also streamline the process of mitigating hacks, which can reduce or eliminate their damage.
Here are some steps you can take in the event of a cyber attack:
- Contain the breach by shutting down any affected areas of your network and closing off all access to the internet right away. You may also have to close down all remote access, including access via VPN.
- Figure out what happened by establishing when the attack occurred, where it came from, and how the attackers gained access to your network. Depending on your defense system, this may involve checking the settings on your intrusion detection system and firewalls.
- Understand how the breach impacted your digital assets, operations, and especially sensitive information, including customer data.
- Once you have contained and stopped the breach, determine which systems it’s safe to turn back on or reconnect to the internet.
- Restore any backed-up data and reinstall any applications, if necessary.
- Communicate details about the incident to the necessary authorities. For instance, you should reach out to the Internet Crime Complaint Center (IC3), as well as your nearest FBI office and the FBI’s website.
It’s also important to test your plan and update it according to test results, network changes, and new attack vectors.
6. Embrace the Cloud: Enhance Security and Scalability
Cloud solutions enhance your security because they give you built-in protections, automatic updates, and redundant data systems. Your cloud provider has the latest cybersecurity technology and can automatically update all of the apps you use in the cloud. Many cloud providers also give you redundant backup systems that protect your cloud and on-premises assets.
When it comes time to add users, applications, or services, a cloud-based service makes this relatively easy. You simply tell your cloud provider what you need and they can make sure you have the necessary resources available.
Using a cloud infrastructure can also save you significant money, especially when it comes to purchasing and maintaining equipment. For instance, when you use the cloud, there’s no need to buy an expensive server or constantly update whenever new versions become available.
7. Partner with Experts: Get Professional Cybersecurity Help
When you partner with a cybersecurity provider, you get seasoned veterans who understand how to protect your assets. The right cybersecurity solution will also be familiar with the kind of security infrastructures that work best for businesses in your industry. With this knowledge, they can predict the types of issues you may experience and design effective ways of mitigating them.
If you use managed security services, your cybersecurity provider handles some or all of your network protection. They monitor your system for threats and address them for you. If there’s an attack, your managed security team can identify what caused it and get you back up and running safely.
Penetration testing is another valuable service because you can use it to discover and deal with vulnerabilities that might otherwise go unnoticed. A penetration tester, or ethical hacker, not only tries to subvert your system, but they also give you a comprehensive report outlining the vulnerabilities they discovered and recommending how to fix them.
To choose the right cybersecurity partner, you should focus on one who has experience either in your sector or with companies your size. Once you’ve identified a few options, you should take the time to interview each one, asking how they would secure your network, how they handle challenges, and what’s included in their service level agreement (SLA).
