It’s easy to assume that as a small to medium-sized business, cybercriminals will simply look straight past your organization.
Unfortunately, this simply isn’t true. The “not-much-to-steal” mindset that’s common among small businesses is not only completely incorrect in today’s digital ecosystem, it’s also dangerous.
That’s why, to help you protect your small or medium-sized business from cyber threats, we have created this complete guide to cybersecurity. Keep reading to find out:
“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.”
- Tim Cook, Chief Executive Office of Apple Inc.
Cybersecurity is the practices of protecting computers, servers, mobile services, electronic systems, networks and company data from malicious attacks. It has become particularly important in recent years, since all businesses now collect, process and store an unprecedented amount of data.
Protected data typically includes personal information, contact details, passwords, credit card numbers, bank account information, medical records, identification documents and other non-public information that’s important for both your business and your customers.
To protect sensitive data, successful cybersecurity relies on three factors:
According to Cisco, cybersecurity is: “The practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.”
Cybersecurity is a scary topic, especially for small and medium-sized enterprises (SMEs) that widely feel that their organizations do not have the appropriate funds to invest in cybersecurity methods. Fortunately, however, cybersecurity is surprisingly cost-effective when the right practices and technologies are used.
Most importantly, though, is that cybersecurity is now a necessity - no matter how small or large your business is.
Estimated global losses from cybercrime are projected to hit just under a record $1 trillion for 2020 as reported in this Washington Post article. That’s almost double the monetary loss from cybercrime in 2018, when there was a reported $500 billion lost.
According to research from Accenture, security breaches have increased by 11 percent since 2018, and 67 percent since 2014. To make matters even worse, as of 2020, the average cost of a data breach on a company was a staggering $3.86 million dollars according to IBM.
Don’t fall into the trap of thinking your business is too small to fall prey to cybercrime either.
Here in Canada, there were 1.2 million employer businesses in Canada, as of December 2018, with 1.18 million (97.9 percent) of those being small businesses. more than half of Canada’s small employer businesses are located right here in Ontario, with over 429,852 small businesses operating out of the province.
Small and medium-sized businesses now store and manage a huge amount of sensitive data but they also typically have less security than larger enterprise corporations, and that makes them a target for cybercriminals.
In fact, as reported in the 2019 Verizon Data Breach Investigations Report, small businesses are target number one for cyber criminals and represent 43 percent of all data breaches - often because their false sense of security leads them to not put proper defenses in place.
OT Group is here to help change that for your organization! This page will dive into some common cybersecurity threats, and how you can protect your sensitive data from them - through the combination of best practices and cybersecurity technology.
There is an increasingly growing number of cybersecurity threats that small and medium-sized businesses should be aware of.
Vulnerabilities in your company’s IT infrastructure or cybersecurity best practices can compromise your data, so before developing a cybersecurity strategy it’s important that you're aware of the most common ways a cyber criminal may target your organization.
Here are a few of the most common cybersecurity threats:
Malware: Malware is an umbrella term used to describe a range of malicious software, including spyware, ransomware and computer viruses. This type of cyberthreat typically breaches a network through vulnerability, primarily by encouraging users to click a link that then automatically downloads software onto the computer. Malware can block users out from accessing sensitive data, obtain data by stealing it from the computer or render a system inoperable.
Phishing: Phishing is a process in which cybercriminals attempt to steal sensitive information through fraudulent emails or communication that appear to come from a reputable source. Phishing is perhaps the most common cybersecurity threat, and aims to steal sensitive data such as login information or credit card details. This FBI report found that, between June 2016 and July 2019, there were over 166,000 phishing incidents. The victims lost $26 billion worldwide.
Social engineering: This is a cyber threat, not to be confused with social engineering in the definition of social services, which attempts to trick people into revealing sensitive information. It is a form of psychological manipulation which aims to manipulate people into performing specific actions or divulging confidential information.
Brute force attacks: This is a form of hacking that uses trial-and-error to guess login information, encryption keys or find a hidden web page. Hackers slowly work through all combinations hoping to guess their way into your network. This type of cybercrime is particularly prominent right now.
Denial-of-service attack: Denial-of-service (DoS) attacks aim to flood systems, servers or network with traffic to exhaust their bandwidth. When this happens, users are unable to complete legitimate requests. If done by multiple devices it is referred to as a distributed denial of-service (DDoS) attack.
Once you have an understanding of the different methods in which cybercrime can impact your business, it’s now time to start creating some internal policies for your employees to follow.
Encouraging your employees to follow some simple cybersecurity best practices will go a long way in plugging any vulnerabilities that cybercriminals might target. With that in mind, here are a few cybersecurity best practices that will secure your company’s, and your customer’s data:
Train your employees
Almost 90 percent of cyber attacks are caused by human error or behaviour. That’s why it’s crucial you educate your employees on cybersecurity threats, why security matters and how they can avoid making costly errors. Training should focus on:
Handle password securely
Gaining login information or hacking insecure passwords is a common way for cybercriminals to gain access to sensitive business information. Good password hygiene can include anything from building strong passwords, frequently changing passwords every 60 to 90 days, using a mixture of symbols within the password and using password management software to protect passwords.
Use technology to protect your company
To enhance your company’s cybersecurity policies, it’s crucial that you use technologies and tools that are specifically designed at protecting your small business from cyber attacks. In the next section, below, we have listed some of the top technologies your business should look at implementing.
Build a cybersecurity manual for your organization
These are just a few of the most effective best practices you should implement as part of your cybersecurity policy. Once you've done some further research to find out what procedures you can realistically implement, it’s time to build your organization’s cybersecurity manual. This will act as a framework for all the best practices and processes that you expect your employees to implement in their day-to-day roles.
Technology is an essential component of any cybersecurity strategy. It gives organization and individual users the tools they need to protect their data, hardware and systems from cyber attacks.
An increasing number of companies are now realizing that they simply must invest in new technologies to protect their business from external threats. Due to 78 percent of people lacking confidence in their company’s cybersecurity posture, 91 percent of organizations are set to increase their cybersecurity budgets in 2021.
Here are a few of the most common, and effective, security tools that will protect your business from cyber threats:
Backup your data
Ransomware is a cybersecurity threat in which a criminal will encrypt and lock your organization out of important data, and then demand a ransom to restore access. By creating a backup of your data in a separate location, cybercriminals will not be able to manipulate you to pay a ransom for the sensitive data they steal.
Use multi-factor authentication
Multi-factor authentication (MFA) helps protect sensitive data by adding an extra layer of security. A hacker may gain access to a business account through a password, but with MFA they would still need a second or even third factor of authentication to get into the account. This could be anything from a mobile phone, email address, fingerprint or voice. This provides particularly strong protection against brute force attacks.
Provide employees with a virtual private network (VPN)
Do you have employees that occasionally work from outside the office? Ensure they are using a secure WiFi network by providing them with a virtual private network (VPN). A VPN will secure your employee’s internet, no matter where they are working from, by encrypting their information and securing their online activity.
Monitor third-party activity
Monitor third-party activity, vulnerabilities and activity across your organization’s network with end-to-end cybersecurity software. To help your business do just that, OT Group has partnered with cybersecurity software developer Field Effect to offer their innovative Covalence for Business solution. Covalence monitors your company’s network, offering simple and actionable reporting and the best recommendations on how to prevent cyber threats to your business.
Manage user accounts
As your business grows, user accounts on your network can quickly become out of control. To prevent any vulnerabilities within your network, it’s important that your company is able to manage all old, or stale, user accounts, as well as any accounts for employees that are no longer at your organization. These accounts could act as an entryway for hackers if left unprotected.
Want to learn more about cybersecurity and how to protect your organization from potential cyber threats?
Contact OT Group today to find out how we can create a technology plan that protects your business.
Alternatively, visit these websites for more information on what cybercrime actually is, how you can protect your SME from cyberthreats, as well as a huge amount of other beneficial information on cybercrimal activity.
Candian Centre for Cyber Security
The Canadian Centre for Cyber Security is a unit under the Communications Security establishment agency of Canada, that is responsible for monitoring threats and coordinating the national response to any cyber security incident.
They have a learning hub, full of information.
The Center for Internet Security (CIS)
The Center for Internet Security is a 501 nonprofit organization, formed in October, 2000. Its mission is to "identify, develop, validate, promote, and sustain best practice solutions for cyber defence and build and lead communities to enable an environment of trust in cyberspace."