How To Destroy Your Business!
Joseph Imperato Sr.
We deliver True Managed IT Services by putting people first. Because, there is no time for downtime.
Introduction
Hackers view Small-to-Medium-Size Businesses (SMBs) as low-hanging fruit, and they are being spammed and hacked at an alarming rate.
Over the years, we’ve spoken to numerous businesses. Many rely on break-fix vendors and have modest cyber defenses at best. When victimized, they cannot quickly recover because they are unprepared.
Why does this problem persist even though stories about hacks and ransomware are shown on every news outlet? Let’s look at five of the most persistent and costly beliefs that many business owners have that put their companies at risk every day:
#1 - I’m Too Small and Have Nothing A Hacker Would Want
This is the “security through obscurity” belief. SMBs have a lot of data that will fetch good money on the dark web. Most have at least a few of the following:
According to Privacy Affairs, sales prices on the dark web range from a measly $10.00 to a whopping $6,500.00, depending on the data type sold. And, in case you missed it—the price is per record!
Even an incompetent thief can make thousands by stealing a few email addresses. Not bad for a few minutes of work. The more data they steal, the bigger their payday.
#2 – There’s No Way To Prevent Malware, So Why Bother
SPAM is the primary mechanism that hackers use to deliver malware. Over 50% of all emails are SPAM. That is why advanced anti-SPAM technology plus employee training are essential.
Unfortunately, it is not possible to stop all Spam. Employee Awareness Training is so necessary, even for small companies. Employees are the weakest link in security. Training them to recognize SPAM emails is essential.
#3 – I Back Up My Data, So I’m OK
Many SMBs have cloud-based, data-only backup systems in place. If attacked by ransomware, they will likely be down for days, maybe weeks.
With data-only backup, if your server is compromised, to recover:
This process could take much longer if you download data from the cloud. If the download process is interrupted, you’re back to square one. With data-only Backup, don’t expect to be in full operation soon.
Important: Recovering your data is not the endgame. You need your systems restored to use your data.
A Business Continuity Solution is the ultimate protection against downtime. Unlike data-only backup, Business Continuity solutions provide the following:
Daily backup verification, ensuring that your backups are always viable and available.
#4 – I’ll Buy A Better Anti-virus program then I’ll be fully protected
No one solution can guarantee 100% protection. A Defense-in-depth strategy is the best way to mitigate cyber threats. This means putting several security mechanisms, processes, procedures, and training in place. Each mechanism represents another barrier for malware or hackers to penetrate.
Anti-virus (AV) is one of the lowest levels of defense and must be augmented with additional measures. The problem with AV is that it will always be behind the hackers. Therefore, for AV to be effective, the vendor must first see new viral infections to identify them and then issue updates to their clients.
Did you know over 325,000 NEW pieces of malware are being created daily?
At a minimum, companies should implement an Endpoint Detection and Remediation (EDR) solution in addition to AV. EDR can detect malicious activity or unusual behavior, then take automated action to contain the threat. But not all EDR solutions are created equal. So, do your research. For instance, ?SOPHOS Intercept X uses ?Artificial Intelligence (AI), called Deep Learning, to detect malware, even if it has not been seen before.
EDR is not perfect, nor is it 100% effective. However, to combat the new malware strains popping up daily, companies should employ EDR at a minimum. Add a Security Operations Center (SOC) and Security Information and Event Management (SIEM) for a more robust overall security solution.
#5 – Even If I Get Breached, It’s No Big Deal
WRONG! The General Data Protection Regulation was enacted in Europe in 2018. Its reach is Global and carries severe penalties. Many countries and numerous U.S. states have followed suit, passing their own privacy laws. As a result, businesses can face severe penalties if data is leaked, lost, or stolen.
Fines and penalties can be hefty.
What Can An SMB Do?
As mentioned previously, a defense-in-depth strategy is best and may include the following:
The Biggest Mistakes Business Owners Make
They think they can “go it alone.” Unfortunately, they can’t― because implementing some or all of the above takes coordination and expert knowledge.
In today’s digital environment, the part-time, break-fix IT guy doesn’t cut it. Instead, your computer network should be monitored, managed, and maintained. Only a Managed Services Provider (MSP) will do that.
What To Do Next
Those businesses that do not have computer expertise onsite need to get a Managed Services Provider (MSP) on board. A good MSP will quickly assess the state of your network, propose solutions, and give you EXACT PRICING in writing.
Act before one or more of the above beliefs become your reality and living nightmare!
Joseph Imperato Sr. is a founding partner with XSolutions Consulting Services. XSolutions is a full-service Managed IT Services Provider (MSP) specializing in Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection | Security Awareness Training. Proudly serving the New York Tristate area (NY/NJ/CT) since 1999.
Call (845) 362-9675 or email us at [email protected]?for a free consultation.