Another high-profile cyberattack made the news recently, this time against MedStar Health. In this ransomware attack, the hackers demanded the equivalent of $18,000 in Bitcoins in exchange for the restoration of their systems.
As a result, records systems were offline for thousands of patients and doctors, patients were unable to book appointments, and staff were locked out of their email accounts or even required to completely turn off their computers and use paper transactions as a backup where necessary.
Regardless of whether or not this was a ransomware attack – one in which the hackers demand money in exchange for restoring the systems – similar to the one launched against Hollywood Presbyterian on Feb. 5, it underscores the need for ALL businesses to take their cybersecurity solutions seriously.
No Business is Too Small to Need Cybersecurity Solutions
For every attack against a major company that makes headline news, there are countless more against small and medium-sized businesses that get attacked and don't make the news.
Small businesses make excellent targets for cybercriminals. Due in part to a lack of resources and/or information, SMB’s are more likely to have unprotected websites, accounts and network systems that make cyberattacks relatively easy. And cybercriminals know this...actually, they bank on it.
Therefore, any business with an online presence – whether that’s a website, online accounts, or any type of Web or Cloud-based infrastructure or applications – is at risk for a cyberattack. And so it follows that any business with an online presence needs to understand that implementing cybersecurity solutions is critical. And smart businesses are proactively managing cyber risks by planning for a “when” scenario instead of debating the “if” possibility.
In case you just don’t quite believe that you personally need to worry about this because your business is “too small” or just not on anyone’s radar screen then consider these alarming statistics cited in a presentation by Tim Francis, enterprise leader for cyber insurance for Travelers:
- 1 in 2 companies report being the target of a cyber attack
- 60% of attacks last year struck small to medium-sized businesses
- There are 34,529 known computer incidents EACH DAY
And according to the National Small Business Association’s 2013 Small Business Technology Survey, the average cost per cyberattack is $9,000.
5 Cybersecurity Solutions that Every Business Must Have in Place
Here are 5 cybersecurity solutions that all businesses should have in place:
#1 - Firewall
A firewall is part of a computer system or network designed to block unauthorized access, while still allowing for outward communication. It acts as a barrier between a trusted network and other untrusted networks, like the Internet. It will help to protect your network from sites that are known to be infected or malicious.
#2 - Anti-Virus Software
Anti-virus software is not new and most businesses are probably at least aware of the need for anti-virus software that is designed to detect and destroy computer viruses. But it’s worth a reminder that an estimated 60,000 new pieces of malware get created each day, and that without anti-virus software that is installed and up-to-date, experts warn that a computer will be infected within minutes of connecting to the Internet. So as you check off your cybersecurity solutions, make sure that your anti-virus software is installed (and receives patching for updates) to help with the detection and removal of malware like worms, Trojan horses, adware, spyware and more.
#3 - Patch Management
It is critical that patches in all programs and software get applied in order to lock up the vulnerabilities that the vendors have identified. Ignoring them is like forgetting to lock your front door – criminals can just walk right in – especially considering that oftentimes the software vendors only locate the vulnerabilities AFTER they find out that they have been hacked. This includes applying updates to your website and any plug-ins that are in use on the site. (To learn more about patch management, check out this recent blog post that further explains it.)
#4 - Data Backups
Remember how smart businesses are planning for when they get attacked and not if? Having modern, reliable data backups is the best guarantee that any business has to protect against data loss. And with ransomware attacks on the rise, it also safeguards your business against the need to pay hackers should they encrypt or lock you out of your data. The key with data backups is to ensure that they are actually working, which means someone needs to monitor and test the backups on a regular basis. It’s also smart to think about the next step beyond data backups (safe storage of your data) to having a plan to actually access that data when you need it (disaster recovery).
#5 - End-User Education
This one may surprise you because not only is end-user education not a software or a system, but it is also your BEST defense against a cyberattack. And that’s because many, many breaches stem from simple human error. Which makes sense when you consider the increased intensity and sophistication of the attacks being levied against businesses. Many of them are being directly targeted towards individual end-users, simply because it’s easier to persuade 1 person to click on a link and open the proverbial front door to your system than it is to try to break in through the side window.
One bad click or link really is all it takes to allow hackers access to your entire network, as we have detailed in this recent blog post. Other types of phishing scams use sophisticated spoofed emails to convince employees to transfer money from one account to another, resulting in the loss of funds that can never be recovered. Social engineering tactics are also widely used and unfortunately, have a high rate of success.
Most likely, employees who cause or allow breaches aren’t acting maliciously. But that doesn’t mean that it won’t cost your business when mistakes are made. Staying vigilant and regarding all unknown or unsolicited links or attachments with a healthy amount of skepticism are a critical component when it comes to cybersecurity solutions for any business. But in order for your employees to know what to look for and what to avoid, they have to be educated.
To help you, we’ve put together a list of Cybersecurity Tips for End-Users – an educational resource in PDF form that you can download and distribute to all of your staff - just click here to get it.
Cybersecurity Resources for Small Business
Cybersecurity is super important; but it can also be difficult to manage on top of working to manage and grow your business. The good news is that there are resources available to help you assess your risks, manage threats and create and implement cybersecurity solutions that will protect your business.
One great resource for information is StaySafeOnline.org, an organization that is powered by the National Cyber Security Alliance. They offer tons of great tools and resources to businesses for free.
Another one is the FCC Small Biz Cyber Planner - a tool developed for small business owners that will generate a custom cyber security plan with expert advice just for you. The results are generated based on input you provide about your business and any areas of concern.
Another option is to turn to an IT services company for help. As a managed IT services provider, this is what we do for our customers, so that they can focus on what they do best and not worry about it. Our IT service plans include Firewalls, Anti-Virus Software, Patch Management and Data Backups Management for your business, all for a fixed monthly fee.
One thing that is important to point out with all of these cybersecurity solutions is that they need to be constantly managed and monitored in order to provide true protection against cyber threats. These aren't "set it and forget it" solutions. So if you are managing them internally be sure that patches and updates are part of the regular maintenance, as well as educating any new end-users and even reminding current staff of the importance of being mindful and passing on alerts when new viruses or scams are circulating.
No matter what option you choose, we strong encourage you NOT to choose the option of doing nothing and assuming that your business is safe from cyberattacks because you aren't large enough or a nationally recognized brand.
Finally, if you want to start by evaluating your own Cyber Security IQ, Microsoft put together a quiz that will allow you to test your knowledge and get the facts about Cybersecurity. Take it here!