There are dozens of surveys and reports produced each year that evaluate digital threats and cybercrime. Not every publication applies to every business - but many of them do have some important take aways about the best practices of handling IT. Here’s few highlights from the 2017 Cyberthreat Defense Report that offer important insight for SMBs and their use of technology.
Challenge - Ransomware and Responses: Approximately 61% of global businesses were impacted by ransomware in 2016 - and of those businesses who had their data held for ransom - 32.7% paid it! The majority of them found out the hard way that cyber criminals aren’t always honest about their intentions...
Solution - Preventative and Patches: Ransomware, as with most malware, generally exploits a known weakness. WannaCry, a ransomware that crippled businesses throughout the world in July of 2017, exploited a weakness that had a security patch available to repair it since March of 2017. The businesses who fell victim were those who had the solution - but didn’t deploy it in time. In an ideal world, your company would have had active measures in place that prevented the ransomware attack. Proactive maintenance and security patching of your network and devices will stop the majority of cyber attacks.
Challenge - Human Error from Ignorance/Training Issue: Everyone makes mistakes, including you and your employees. Even companies with top-notch internal security measures will find themselves facing malware that was accidently exposed by an employee clicking an infected email attachment. The only thing that you can do to protect your business from accidents is to take measures to prevent them.
Solution - Set Policy for IT Use: Education and training is probably the most important thing a company can do to protect themselves from the digital threatscape. First, defining IT use policies will let your team know what is required from them as they’re using technology provided or maintained by your organization. ALL employees and vendors who use technology on your network should attend IT security best practice training at least annually. Posters and reminders should be used to remind everyone of the role they play in security. Of course, training and awareness will not eliminate accidents altogether - but they certainly can reduce them.
Challenge - Threat from Within: As much as a business may want to believe that no one on their staff would ever do something to intentionally damage their organization, it happens often enough to be considered a serious threat. While malicious insiders make up only 11% of total attacks, they are by far the most costly and generally take the longest to resolve.
Solution - Access Control: Having control over who is able to access what parts of your network won’t eliminate an internal threat, but it will significantly reduce the chances of a malicious insider attack. Access control applications afford businesses the opportunity to give specific permissions to each user. The average SMB would be surprised to learn how much more secure their network would be if employees only had access to the portions of data required for their job duties. To further protect your network, access control allows for easy onboard/offboarding to prevent ex-employees from accessing your network.
Challenge - 9 out 10 Companies Can’t Find IT Security Personnel: Even businesses with an established IT department face a major struggle when it comes to finding an experienced tech to fill an IT security vacancy. Not only are there more jobs than people qualified to perform them - but the more experience an employee has (or builds under your watch), the more desirable they are to companies that offer more benefits or better salary. There’s nothing like grooming and training an asset, only to have them depart for greener pastures as soon as they’re where you need them to be.
Solutions - Outsourcing Security: By outsourcing your organization's security, you’re removing the in-house responsibility of recruiting, onboarding, training and continually educating a security tech. There are IT companies, like EpiOn IT, that already have an experienced team that will assume the responsibility of your business's daily IT security operations. Rather than counting on a single individual to keep your business on top of security risks and issues, you’ll have an entire team guarding your network and data.
As a business owner or decision maker, you probably just don’t have the time to read through technology reports and publications to scan for information that is relevant to your business. That’s why we do it for you! Check our blog regularly for information on all things SMB IT.