When the headlines focus on breaches by large companies like Optus, it’s easy for smaller companies to think they’re not a target for hackers. Surely, they are not worth the time or effort.
Unfortunately, when it comes to cybersecurity, size doesn’t matter.
The assumption that you are not a target leads to lax security practices in many SMBs that lack the knowledge or experience to implement simple security steps. Few small businesses prioritize cybersecurity, and hackers know it. According to Verizon, the number of small businesses affected has steadily increased in recent years: 46% of cyber breaches in 2021 affected businesses with fewer than 1,000 employees.
Cybersecurity doesn’t have to be difficult
Protecting any business does not have to be complex or entail a high price. Here are seven simple tips to help smaller businesses protect their systems, people, and data.
1 — Install antivirus software everywhere
All organizations have antivirus on their systems and devices, right? Unfortunately, business systems like web servers are all too often overlooked. It is important for SMBs to consider all entry points to their network and have antivirus deployed on every server, as well as on employees’ personal devices.
Hackers will find weak entry points to install malware, and antivirus software can serve as a good last resort, but it’s not a panacea. Through continuous monitoring and penetration testing, you can identify weaknesses and vulnerabilities before hackers do, because it’s easier to stop a burglar at your front door than once they’re in your home.
2 — Continuously monitor your perimeter
Your perimeter is exposed to remote attacks because it is available 24/7. Hackers are constantly scanning the internet for weaknesses, so you should also scan your own perimeter. The longer a vulnerability goes unfixed, the more likely an attack is to occur. With tools like Autosploit and Shodan readily available, it’s easier than ever for attackers to discover weaknesses in the Internet and exploit them.
Even organizations that can’t afford a full-time in-house security specialist can use online services like Intruder to run vulnerability scans to discover weaknesses.
Intruder is a powerful vulnerability scanner that provides a continuous review of the security of your systems. With over 11,000 security controls, Intruder makes enterprise-grade scanning easy and affordable for SMBs.
Intruder will quickly identify high-impact flaws, attack surface changes, and quickly scan your infrastructure for emerging threats.
3 — Minimize your attack surface
Its attack surface is made up of all systems and services exposed to the Internet. The larger the attack surface, the greater the risk. This means that exposed services like Microsoft Exchange for email or content management systems like WordPress can be vulnerable to brute force or credential stuffing, and new vulnerabilities in such software systems are discovered almost daily. By removing public access to sensitive systems and interfaces that don’t need to be publicly accessible, and ensuring 2FA is enabled where it is, you can limit your exposure and greatly reduce risk.
A simple first step to reducing your attack surface is to use a secure virtual private network (VPN). By using a VPN, you can avoid exposing sensitive systems directly to the Internet while keeping them available to employees working remotely. When it comes to risk, it’s better to be safe than sorry – don’t expose anything to the internet unless you absolutely have to!
4 — Keep your software up to date
New vulnerabilities are discovered daily in all kinds of software, from web browsers to business applications. Just one unpatched weakness could lead to a complete compromise of a system and a breach of customer data; as TalkTalk discovered when 150,000 of its private data records were stolen.
According to a Cyber Security Breach Survey, companies that have their customers’ electronic personal data are more likely than average to have suffered breaches. Patch management is an essential component of good cyber hygiene, and there are tools and services to help you check your software for missing security patches.
5 — Back up your data
Ransomware is on the rise. In 2021, 37% of businesses and organizations were affected by ransomware according to Sophos research. The ransomware encrypts all data it can access, rendering it unusable and cannot be reversed without a key to decrypt the data.
Data loss is a key risk for any business, whether due to malicious intent or a technical mishap such as a hard drive failure, so backing up your data is always recommended. By backing up your data, you can counter attackers by recovering your data without paying the ransom, since ransomware-affected systems can be wiped and restored from an unaffected backup without the attacker’s key.
6 — Keep your staff aware of security
Cyber attackers often rely on human error, so it is vital that staff are trained in cyber hygiene so they recognize risks and respond appropriately. The 2022 Cyber Security Breach Survey found that the most common types of breaches were staff receiving fraudulent emails or phishing attacks (73%), followed by people impersonating the organization in emails or online ( 27%), viruses, spyware and malware (12%). ), and ransomware (4%).
Raising awareness of the benefits of using complex passwords and training staff to spot common attacks like phishing emails and malicious links will ensure your people are a strength rather than a vulnerability.
7 — Protect yourself relative to your risk
Cybersecurity measures should always be appropriate for the organization. For example, a small business that handles banking transactions or has access to sensitive information, such as health care data, must employ much stricter security processes and practices than a pet store.
That’s not to say a pet store doesn’t have a duty to protect customer data, but it’s less likely to be a target. Hackers are motivated by money, so the higher the prize, the more time and effort will be invested in achieving their profits. By identifying your threats and vulnerabilities with a tool like Intruder, you can take the appropriate steps to mitigate and prioritize which risks need to be addressed and in what order.
It’s time to up your cyber security game
Attacks on big business dominate the news, fueling the perception that SMEs are safe, when the opposite is true. Attacks are increasingly automated, so SMEs are just as vulnerable targets as large companies, even more so if they do not have adequate security processes. And hackers will always follow the path of least resistance. Fortunately, that’s the part Intruder made easy…
About the intruder
Intruder is a cyber security company that helps organizations reduce their attack surface by providing continuous vulnerability scanning and penetration testing services. Intruder’s powerful scanner is designed to quickly identify high-impact flaws, attack surface changes, and rapidly scan infrastructure for emerging threats. By running thousands of checks, including identifying misconfigurations, missing patches, and web layer issues, Intruder makes enterprise-grade vulnerability scanning easy and accessible to everyone. Intruder’s high-quality reports are perfect for passing on to potential customers or complying with security standards such as ISO 27001 and SOC 2.
Intruder offers a 14-day free trial of its vulnerability assessment platform. Visit their website today to try it out!
Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we publish.
Source: news.google.com