Cyber criminals are becoming far more sophisticated as technology evolves and new and better tools become available. Another disturbing trend is that attacks are increasingly more targeted and aimed specifically at smaller organizations. In fact, the threat landscape changes and evolves at such an alarming rate it has become increasingly difficult for SMBs without a dedicated IT staff to stay ahead of the threat curve.
It is an unfortunate coincidence that the mindset of many such companies is helping these cyber criminals do their jobs. Some SMBs believe that they are too small for hackers or data thieves to bother with. Others play the odds, assuming that it can never happen to them. Still others are convinced that a single layer of protection--a firewall, for example--will prevent an attack.
History shows that all of these are dangerous misconceptions. Hartford Steam Boiler (HSB) found more than half of all SMBs have been hacked at some point, and nearly three-quarters weren't able to restore all the lost data. These small companies often handle large volumes of personally identifiable information that can be very valuable or destructive if it falls into the wrong hands. Therefore, it is crucial for SMBs to take a more intelligent approach to protecting and securing their infrastructure.
Below are seven essential cyber-security building blocks that SMBs should remember when constructing, managing and executing upon security strategies.
1. Be mindful of your digital footprint: In order to protect your business from today’s online threats, it is important to monitor your online actions and never become complacent in day-to-day activities.
2. Only use trusted sites: Stay away from questionable websites, and make smart choices when navigating from search engine results to Web pages. Cybercriminals know how to make their malicious sites appear near the top of your search results and use this tactic more often than you think.
3. Always use complex passwords: This goes without saying, but many people will use simple passwords that can be easily guessed by attackers. Also, do not use the same password across different systems.
4. Protect your personal information: Review financial accounts regularly for suspicious activity. Irregular account transactions are often a key indicator of a cyber-attack.
5. Delete unsolicited email: It is a good standard practice to get in a habit of doing this, especially if you are unfamiliar with the sender or the sender appears to be forged.
6. Make sure all devices are up to date with the latest patches: Make sure your computer’s software always stays up to date, and go ahead and uninstall unused software programs from your computer--all too often they become forgotten, go unpatched and create yet another target option for attackers.
7. Always run antivirus and firewalls: A multilayered approach to security is smart. Use a properly configured firewall, antivirus program, email and Web filtering products from a reputable security company. And, most of all, remain vigilant.
It is important to realize that IT security is very often a game of “cat and mouse,” whereby cybercriminals and security professionals are in constant pursuit of one another. The “cat” (or security professional) is unable to definitively claim victory over the “mouse” (cybercriminal) who, despite not being able to defeat the cat, is able to avoid capture. Also, today’s threats are not static, predictable or simple, and the models for distribution can vary from cast-net-style malware campaigns to precisely targeted advanced attacks. No industry or business is immune, and that is why all SMBs should take the time to develop a system to protect and secure their business.
Fred Touchette is manager of security research, AppRiver. Guest blogs such as this one are published monthly and are part of Talkin' Cloud's annual platinum sponsorship.