"Medium-sized businesses aren’t equipped in “any shape or form” to deal with their increasing cyber vulnerability."

That is an alarming headline from this news article, highlighting that cyber criminals target small & medium businesses because they are easy targets - they typically lack cyber security measures and skills. This makes it easy to steal their data and demand a ransom. Everybody is a target - but the real target is your data.

Making matters worse, IT providers may have great system administration skills, but that is not the same as cyber security expertise: most IT providers do not have trained and experienced cybersecurity specialists.

Most small business owners make the dangerous mistake of assuming their IT provider has them covered.

Compounding the problem, there is a cyber security skills shortage. The "top end of town" pays top dollar and gets most of the skilled cyber workers. Enterprises have on average>50 cyber security tools to protect their data, customers and staff. That requires an army of skills to operate the tools, making it harder for cyber criminals to compromise (presenting its own challenges).

Small & medium businesses cannot afford that complexity and cost in tools and staff. The IT providers helping medium business have the same problem: they cannot find the cyber security skills.

Cyber security firms focus mostly on enterprise – that’s where the big $$ are for them.

So hackers focus on medium businesses - they are easy and soft targets, inadequately resourced and lack the skills.

What can medium-sized business owners do to protect their assets, business, customers and staff?

Stop assuming - get assessed.

Get the facts from an independent cyber security advisor focused on small businesses. Like a 3rd party financial auditor, a 3rd party cyber risk assessment will examine the cyber controls your IT provider has implemented for you. This is a crucially important first step: the assessment does not audit your systems, does not require access to your network. It's a set of questions tailored to small business.

The resulting report provides a data-backed risk score, with a prioritised action list to fix your critical gaps. It helps you and your IT provider protect your business in this climate of attacks. Everybody has gaps, knowing which are more important than others is critical.

At Cyber Shield Advisors, you win from over 30 years of experience in the IT industry, across all 8 cyber security domains, leveraging experience gained from the enterprise sector.

Improve your basic cyber hygiene with these 8 tips.

1. Identity Protection:

• Use complex, expiring passwords: Regularly change passwords to limit exposure.
• Use Multi-Factor Authentication (MFA): Use physical tokens or apps to add a layer of security. Note: these are still easily hacked, but raise the bar for criminals.
• Restrict access: Limit what employees can access to minimize damage if an account is compromised.
• Audit admin accounts: Regularly review and restrict admin access to cloud accounts and operating systems.
• Disable and monitor old accounts: Ensure former employee accounts are deactivated and monitored for unauthorized access.
• Monitor failed login attempts: Force password resets after suspicious activity.

2. Cloud and Operating System Security:

• Timely patching: Apply updates as soon as they are released to protect against "zero-day" vulnerabilities.
• Follow hardening guidelines: Disable unused features to reduce attack surfaces.

3. Application Security:

• Stay updated: Ensure all software is patched promptly, not just Microsoft applications.
• Regular vulnerability scans: Use automated tools to identify and fix vulnerabilities quickly.
• Lock them down: disable Office macros and restrict what applications users can install on their workstations.

4. Next-Gen Antivirus:

• Deploy advanced antivirus solutions: Use modern tools like Crowdstrike, SentinelOne, or TrendMicro etc, to detect sophisticated threats that traditional antivirus programs might miss. Microsoft Defender lacks many of these capabilities.

5. Educate Staff - Training and Awareness:

• Regular phishing tests and training: Educate employees on recognizing phishing attempts and cyber threats.
• Monitor social media footprints: Cybercriminals often gather information from social media to craft targeted attacks.
• Encourage vigilance: Train staff to verify email origins and question suspicious requests.

6. Protect your email with Anti-Phishing Measures:

• Deploy email protection tools: Use anti-phishing technologies to filter out malicious emails.

7. Backup Your Data and Backup your Backups:

• Frequent backups: Perform weekly full backups and daily incremental backups to minimize data loss.
• Off-site storage: Keep backup copies off-site to protect against local incidents.
• Encrypt backups: Ensure backups are encrypted to prevent unauthorized access.
• Scan backups for malware: Regularly check backup repositories for any hidden malware.

8. Talk to a specialist IT security risk assessor:

• Expertise: Cyber security is not the same as system administration. An assessor will use a globally recognised cyber security framework to assess your cyber processes and safeguards, how well they have been implemented. These frameworks are trusted - so don't settle for proprietary questions.
• Data backed scores and prioritisation: Some vulnerabilities are used more often than others to steal your data - using community driven databases of incidents helps you priorities the right ones, with data backed formulae and experience, not just gut feel.
• Duty of Care: By engaging a skilled cyber risk assessor, you show your clients, staff, insurers, authorities that you are taking the right steps to protect their data, and your business. T as they believe the telco did not take appropriate measures to protect customer data - don't let that be you.

60% of small and medium businesses liquidate within 6 months of a breach. Don't risk it - get an expert to help.

By taking these proactive steps, medium-sized businesses can significantly improve their cybersecurity shields, protecting their valuable data and maintaining business continuity in the face of evolving cyber threats.

At CONCEPTNXT we can help you boost your cyber shields, starting with assessing your “current state.” Reach out for a complimentary, obligation-free conversation –in-person over a coffee, via phone call or Teams/Zoom.

Contact us today or call +91-7829798098