SMEs In Cyber Attack Crosshairs

If you’re in Business, you’re a Target. 

As a SME, you probably rarely think about the threat of a cyber-attack. Many of you probably don't even realize that you are an attractive target to hackers. However in reality, is there’s a massive – and growing – criminal market for identities, logins, passwords, bank account info, credit card data and hackers aren’t after just your data – they’re after your clients’ too. Not only are SME now firmly in the crosshairs of cyber-criminals, they are fast becoming their favorite target.

The truth is that no company ( no matter what size) is safe. Including yours. Please don’t ever say “It won’t happen to me, because when it does happen to your businesses the result can be catastrophic. 

IT security is a battlefield on which you can never rest. Even if your company may have already eliminated all of the most common IT security weaknesses by taking steps such as installing security software, educating employees about the best security practices and investing in an automatic cloud-based backup solution— Your company might not be a well protected as you think. By assuming that you are in cyber-attackers’ crosshairs, you can better prepare yourself against the inevitable attack.”

By making sure you have these basic security tips in place now, you can save yourself from a lot of preventable headaches down the line.

Remain on High Alert

The war against cyber criminals is fought each time a user decides to click an unfamiliar link or open an attachment—and just a single mistake could be the reason for massive data loss. With every new mobile device, cloud service, network, and application comes the risk that a new hole has been opened in your network, allowing attackers to slip in and walk out with everything. Staying ahead of the people who would do your company harm is a constant challenge, and you must remain on high alert.

Realize your Vulnerability

Did you know that every time you get a new employee, client or customer, you open up you expose your organization to new threats? Protecting your from these threats requires continuous monitoring solutions that can keep up with and adapt to all of these changes. Without that, attackers will always be one step ahead.

Don't Delay Software Updates

Cyber security is a continuous process. When a security update becomes available for a software package that your company uses, applying the update isn't always as simple as running a single utility. You may need to conduct extensive testing to ensure that an update to one program doesn't break another program that your company uses. Finding the time and budget to conduct software update testing can sometimes prove difficult, so your organization may tend to put off installing updates so you can consolidate your testing when several new updates are available. That's an unwise practice because a security vulnerability in one software product can provide an opening that allows a hacker to access something more critical.

Does your company lack the resources to apply software updates promptly? Consider cloud-based Software as a Service instead. Subscribing to your enterprise software ensures that you're always running the latest version and can significantly reduce your maintenance expenses.

Think Like a Hacker to Identify Security Holes

Sometimes, a company's own servers and services aren't its biggest security holes. In 2018, the United States military discovered that armed forces and intelligence personnel may have inadvertently released sensitive information by sharing the data collected by their wearable fitness trackers. The Strava Global Heatmap displays the activities of fitness tracker users who elect to share their activities online.

An Australian student studied the map and noticed unusual levels of activity in Africa and the Middle East. Studying the map, it turned out, could potentially reveal the activities of military personnel and the locations of secret military establishments. One security expert surmised that it would be possible to link map data with social network profiles to ascertain the identities of fitness tracker users.

“This is the part that is perhaps most worrisome, that an individual's identity might be pullable from the data, either by combining with other information online or by hacking Strava—which just put a major bullseye on itself,” says Peter Singer, strategist and senior fellow at New America, a think tank based in Washington, DC.

Although it's unlikely that fitness trackers pose a security risk to your company, it is crucial for you to understand the applications and gadgets that your employees use while at work. Most people wouldn't find a map of fitness tracker data very interesting. A hacker, however, might find that data very valuable. Are your employees inadvertently sharing data that could harm your company?

Whitelisting Makes a Business Nearly Bulletproof

If your company handles extremely sensitive data, you must do whatever is necessary to lock that data down -a whitelisting policy may be your best bet.

Implementing a whitelisting policy requires extensive IT resources for the initial deployment and ongoing maintenance. The goal of whitelisting is to protect computers and networks from potentially harmful applications. Adopting a whitelisting policy for applications means that the computers on your network can only run applications on pre-approved check lists. If you adopt a whitelisting policy for Internet access, employees can only visit websites that you approve.

But this must not be approached on a whim! Whitelisting can hurt productivity. If an employee suddenly can't do his job because he can't visit a website that isn't on the whitelist, his productivity grinds to a halt while he waits for a response from the IT department.

Whitelisting can also stifle innovation because it may cause employees to think more rigidly. A whitelisting policy can, for example, prevent an employee from using the Internet in a creative way to seek out new business opportunities. A whitelisting policy can also prevent an employee from using a third-party application that makes his or her job easier.

On the other hand, whitelisting makes a company almost impervious to malware and common forms of phishing. If an employee clicks a phishing link in an email, the network will block the malicious website. A virus can't execute its payload if every computer on your network refuses to run the infected file.

Smartphones Can Improve the Security of Your Login Process

Left unchecked, employees' network passwords can be a major security weakness for your company. If an employee uses a lowercase English word as a password, that password is vulnerable to a brute force attack.

Your network administrators should implement a policy forcing employees to use complex passwords and to change their passwords regularly. If your company already does that, you can harden your password security even further by implementing two-factor authentication.

The principle behind two-factor authentication is simple. With two-factor authentication, an employee can log in to your network using something only he should know -- his password -- and something only he should have, such as a smartphone.

An employee begins the login process by entering their network password. The computer then prompts the employee to enter a one-time password. The network delivers the password to the employee's smartphone via a text message or mobile app. Typing the one-time password on the computer completes the login process.

Implementing two-factor authentication means that even if a hacker stole an employee's password, he still couldn't penetrate your network with that information alone. A hacker would have to steal both an employee's password and his phone to log in as that employee. Although that's not impossible to accomplish, it is far more difficult than stealing a password alone.

Machine Learning Can Spot Suspicious Network Activity

Do you remember the antivirus software from the '90s that flagged suspicious software based on potential viral signatures in the code? Older antivirus solutions flagged so many legitimate programs that they were often more trouble than they were worth. Machine learning has come a long way since then.

Today, there are enterprise security solutions that use machine learning and artificial intelligence to watch all of the activity on your network and automatically flag unusual activity.

• Is an employee spending an abnormal amount of time in a shared folder that has nothing to do with his responsibilities?
• Is a user logged in outside his normal working hours?
• Is someone transferring a large amount of data to a remote IP address?

A security solution with machine learning features can spot the unusual activities that your IT staff might miss. 

By employing affordable small business security software, using the right approach, establishing smart security policy and being mindful of your own vulnerabilities, you will be able to greatly strengthen your cyber security posture and protect your data from both outsider and insider attacks. 

If you're ready to implement some top-tier cybersecurity from the experts, consider scheduling a free consultation with the pros at Continuous!