You cannot win if you don't get the basics right!

Time and time again I meet with people who do not have the basics right for cyber security.

How can you win if you are not set up for success?

Landscape

The race between the good guys and the bad has never been such an unfair battle in my view.

As cyber criminals continue to monetize cyber crime small businesses focus on the nickels and dimes of IT expenditure vs treating cyber security as an investment, one that protects its revenue, employees and clients. Indeed the business livelihood itself.

Cybercriminals have created highly profitable services such as Ransomware As A Service, and additional services such as Phishing As A Service together with selling access to compromised networks.

What are small businesses doing to protect themselves? Often shopping for lower-priced IT companies whose only avenue is to provide cheap services without critical security protections.

What Are Small Businesses Missing?

Frankly the most basic of basics! Here in my experience is a brief non-exhaustive list.

• 2FA on ALL company email accounts.
• Backing up critical Microsoft 365 infrastructure such as email accounts, Sharepoint Teams etc.
• Enhanced security protections such as third-party managed SOC to enhance protection.
• Zero trust at the endpoint and network layers.
• Last but not least and should be first- testing backups!

Not doing the above leaves your business incredibly vulnerable to the most basic of attacks. Essentially losing the race.

How To Fix It

Firstly INVEST. Criminals have done an amazing job of re-deploying their ill-gotten gains. You should seek to increase the investment your organization makes in protecting its assets.

Work towards understanding where the business has gaps and address them. Because if you do not then sadly the gap between the good guys and bad will only continue to get wider.

If you get those things right you might just beat the criminals to the finish line.

Securely yours,

Scott