There are a variety of cyberattacks that can cause business disruption, but ransomware is still the most worrisome because these attacks increasingly occur at smaller business organizations.
Ransomware also is the costliest kind of cyberattack, which is another reason why cybersecurity has become a high priority, especially in small- and medium-sized businesses. Yet “SMBs” are not necessarily prioritizing cybersecurity because they don’t have the enterprise-class technology tools or the security-minded technologists necessary to keep the bad actors away, says Bill Crahen, Chief Stakeholder Architect for Envision IT. “SMBs are definitely targets,” he says. “Fortunately, cybersecurity isn’t beyond their budgets.”
Whether the threat is a simple phishing expedition or a disruptive ransomware demand, here are three steps your organization can take to keep cyberattacks at bay:
Step 1: Train, test, and retrain. The typical SMB is 350% more likely to have social engineering attack than a large organization, according to researchers at cloud security company Barracuda Networks, and effective security involves quarterly employee training and testing. Trainers teach computer users how to spot social engineering attacks, whether hackers are using fear, urgency, or empathy to advance them. Quarterly security awareness training is necessary not because users forget what they have learned, but because new threats and tactics emerge. Training should be followed by employee testing to ensure the lessons — old and new — have been learned.
Step 2: Make sure multifactor authentication is used everywhere. When it comes to cybersecurity, one of the most effective methods is user-friendly multifactor authentication. MFA is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of authentication. These extra layer(s) of defense not only increase the degree of difficulty for would-be hackers, but it’s nearly impossible to obtain affordable cyber insurance without them.
Step 3. Patch things up. Obviously, there also is a security role for technology solutions. One essential is a vigilant vulnerability program in which enterprise-wide tools are periodically patched (upgraded) by technology vendors. According to Crahen, it once was vigilant to patch every month, but now it’s down to days and in some cases hours before testing and deploying the new patch.
To sum it up, cybersecurity is about having a sound security framework — process, people, and technology — in place. “When you look at some of these compliance and security frameworks, they are very daunting on all the things you need to do, but you can take them in phases and prioritize the most important things,” Crahen notes. Then, do a risk assessment to determine the next steps, and just do that year after year to get yourself in a good place.”
As seen in InBusiness Magazine July 2022
Sign up with your e-mail address to receive news and updates.
8040 Excelsior Drive #402, Madison WI | 608.824.2060 | info@envisionitllc.com
Privacy Policy