No one is immune to cyberattacks, and no single government agency, company, organization, or individual can solve our growing cybersecurity challenges. We have to work together to secure ourselves in cyberspace. 1
So what’s a small enterprise to do?
“The biggest risk facing an SMB manager is inaction. Ignoring cybercrime does not make it go away and places the business in jeopardy. Protective actions against cybercrime are now more important than the locks on a store’s front door.” 2
“Failure to put an electronic protection plan in place appropriate to the SMB’s size and business model is equivalent to leaving the front door wide open with a pile of cash in plain sight. Don’t let that cash get away: put it under lock and key.” 2
Do Your Part!
Small Enterprises can secure employee and customer/patron loyalty by promoting security best-practices. 1
The losses resulting from cybercrime can severely damage any enterprise. These damages can far outweigh the costs associated with implementing a diligent security program. 1
By implementing a prudent security program that involves both technical controls and cultural adjustments, small enterprises can protect themselves and their customers/patrons from cybercrime. 1
Implementing a cost-effective cybersecurity program can also go a long way in demonstrating legal “due diligence” in case of litigation in the aftermath of a cyberattack.1
Get Expert Advice!
Identify Vulnerabilities & Assess Risks – Understand your enterprise, your users, your endpoints, your data, and how these are protected. Scan your enterprise on a periodic basis and categorize vulnerabilities. 3
Keep an accurate hardware inventory. 3
Keep an accurate software inventory. 3
Establish Security Policies – Establish security policies and practices to protect your organization’s sensitive data as well as your employees, customers, and other stakeholders. Remember legal “due diligence.” Harden all systems. De-install any software confirmed as unneeded. 3
Control administrative access. 3
Develop and manage secure configurations for all devices. 3
Automate & Remediate – Automate cyber defenses to the extent cost-effective, especially endpoints, network access points, and websites. Automatically update all necessary software on all computers. 3
Automate endpoint defenses. 3
Remediate vulnerabilities quickly. 3
Back Up Critical Data – Establish a schedule to perform backups to ensure that critical data is not lost in the event of a cyberattack or natural disaster. Store backups in secure, remote locations away from the office, and encrypt sensitive data. Invest in data protection as needed and use two-factor authentication where possible. 1
Develop a Plan – No matter how obscure you think your enterprise, you should expect to be attacked. Continuity/Recovery planning mitigates risks from disaster, and not just cyber-related, but also natural, man-made, and technological. Plan and prepare to continue critical business functions. 1
Educate & Train Employees – Make sure that employees are routinely educated about cyber threats and are well-versed in the policies and procedures that protect your enterprise. Hold all employees accountable for enterprise security policies and procedures. 1
Cybercriminals too often prefer to target smaller businesses because it has been proven that automation makes it both easy and lucrative to find and exploit the vulnerabilities most commonly found within smaller enterprises. The root causes most often cited include:
Under Resourced – Lack of Time & Other Resources Dedicated Towards Cybersecurity
No Verification – Overreliance on IT Support Services and Failure to Employ Independent Cybersecurity Expertise
No Training – Lack of Cybersecurity Risk Awareness & Other Employee Training
Outdated Technologies – Failure to Maintain Current Cybersecurity Defenses
Unsecured Endpoints – Failure to Harden Endpoints Using Proven Configurations 1
Cybercriminals also view smaller businesses as attractive targets because they can often be used as pivot points into larger enterprise networks. As business-to-business interactions become ever more intertwined, more and more small enterprises find themselves with privileged access via partnerships within the supply chains of larger enterprises. 1
Unfortunately cybercrime is growing. The criminals are making money and this in turn continues to further accelerate the expansion of their sinister capabilities. The Dark Internet Market is booming. Malware and even ransomware as a service are now commonplace. Data and identity thefts continue to make headlines. Adding to this cybercrime wave, our world is growing ever more interconnected. The age of the Internet of Things (IoT) is upon us. 2
Ameri-X-Guard Inc. is a proud member of the Fredericksburg Regional Chamber of Commerce. Together, let’s secure our future!
The mission of the Fredericksburg Regional Chamber of Commerce is to build relationships and create competitive advantages for a healthy business environment.
STOP. THINK. CONNECT.™ is the global online safety awareness campaign to help all digital citizens stay safer and more secure online
Cyberbility is a development agency that brings together strategy, design and technology to help businesses thrive in a rapidly evolving digital environment.
The Media Partners is a creative communication and marketing firm. With over 25 years of working in media, marketing, business management, and sales, The Media Partners excel at understanding all aspects of your business.