Although cyber attacks against large companies make the biggest headlines, small and medium-sized organizations are not immune to the threats. Smaller organizations are just as vulnerable as large enterprises, and in many cases, more so; because they have fewer resources to devote to cybersecurity.
According to Webroot’s 2015 SMB Threat Report, only 37% of IT decision-makers for smaller organizations believe their organizations are ready to handle security threats. Nearly half say they don’t have enough time to stay current on the latest cybersecurity threats.
The cybersecurity threat is no hoax; here are some tips to address the threats:
Ransomware attacks are on the rise. For smaller organizations, the threat is particularly worrisome. Many organizations haven’t fully invested in technologies that can help detect potential ransomware attacks and mitigate the effects of an attack. Many resort to paying the ransom. Consider investing in an advanced threat detection platform that can protect against unknown threats as well as the known. Backup data regularly so that you can easily recover essential data and negate the need to pay ransom.
Phishing is one of the trickiest, yet most common forms of cyber attack. Verizon’s 2016 Data Breach Investigations Report shows that phishing is responsible for thousands of data breaches and attempted breaches. People are most often the chink in the armor, opening 30% of phishing emails with 12% going on to click a link or open an attachment. At fault is a lack of training. Teaching employees how to spot and avoid clicking on links and attachments in unsolicited email messages is the best defense against phishing.
Bring Your Own Device (BYOD) drives cost savings and increased employee productivity for organizations. Unfortunately, many don’t manage the security of BYOD devices, leaving them vulnerable to attack. A consistent, enforceable BYOD policy is essential to organizations that want to fully realize the benefits.
Humans are the weak links in most cybersecurity defenses. Many organizations fail to recognize the threat posed by existing and former employees who abuse online privileges, either willfully or accidentally. This study from Webroots reports that only 52% of small and mid-sized organizations feel prepared to combat insider threats. To address this problem, businesses need to set up formal processes to check for security breaches when an employee leaves. Audits and fraud prevention technologies can also be useful.
5. Weak passwords
Everyone prefers simple passwords, but they’re a major risk to cybersecurity. Require employees to change passwords regularly and use passwords that are ideally at least 12 characters long, include upper and lower case letters as well as numbers and symbols. Avoid common words and consider using a password management solution.
6. Failure to patch
Patching devices in a timely fashion is critical to making sure you’re protected against the latest threats. Organizations with IT staffs stretched too thin often fail to patch devices on schedule. But a patch can mean the difference between evading a cyber attack and being totally derailed by one.
Although these steps cover the basics, cybersecurity is far from elementary for organizations that need to stay focused on their core business. That’s where partnering with a managed security services provider like Infogressive can help. Contact us to learn more.