Cyber Security for SMBs

By | 2017/04/24
No Internet Today


Cyber Security: Top Concern for Small Businesses?

Do you have a plan for how to continue when the Internet is down? What happens when your network is held hostage by ransomware, or a virus causes your systems to stop working?

Cyber security attacks against small businesses are increasing.

According to Symantec, 43% of cyber attacks specifically target small businesses. And 83% of small businesses have  no cyber security plan. How bad is it?

Cyber Security Stats

Here are a few statistics from the 2016 Symantec Internet Security Threat Report:

  • Spear-Phishing Campaigns Targeting Employees increased 55% in 2015. Imagine every employee in your company receiving a legitimate-looking email from Amazon or FedEx with a link to info specific to  your company. How confident are you that NONE of your employees will click the link?
  • More than 75% of all legitimate websites have unpatched vulnerabilities.
  • Over Half a Billion Personal Records were stolen or lost in 2015.
  • Crypto-style ransomware increased 35 Percent in 2015. These attacks encrypt your data (may also include network data) until you pay a ransom.
  • Mobile vulnerabilities are up 214% from 2014-2015.
  • One in every 220 emails contains malware. What’s the chance one of these will slip past your defenses and be opened by an employee?

Cyber Security Help

The National Cyber Security Alliance has good suggestions for helping small businesses succeed on the cyber security front:

  1. Identify your most important assets. What data/systems could take your company down if compromised?
  2. Enforce a strong password policy. I suggest 12 character passphrases that include uppercase, lowercase, numbers and special characters.
  3. Make sure you have a good backup plan and test it frequently. Backups are one of those things you don’t think much about until you have to — and then you are Very Grateful that you did.
  4. Use good security tools. The SANS Institute has a great poster that categorizes several security tools against the Center for Internet Security top 20 controls. 
  5. Keep systems up-to-date. Most attacks still take advantage of known vulnerabilities. Keep your computers and security software on the latest releases.
  6. Keep your employees informed. Social engineering attacks are one of the most-used methods. Even the FBI fell victim to this, so it can easily happen to you!
    1. SANS has an RSS feed for their Security Tip of the Day – add it to your employee intranet for free/easy tips.
  7. See the full list of tips on the National Cyber Security Alliance website.

If you’d like to create a cyber security plan, check out the FTC Cyberplanner here as a starting point. Better yet, work with a trained cyber security professional to perform an assessment and map out a strategy for improvement.

Assessments are a great way to kick start your cyber security initiative. But be sure to work with someone who will transition the ongoing work of security to your in-house team. Security requires continued diligence. It’s best if you can embed it into your employee culture.





Leave a Reply

Your email address will not be published. Required fields are marked *