Cybersecurity for Businesses – How Big Is the Problem and What You Can Do About It

Cybersecurity for Businesses – How Big Is the Problem and What You Can Do About It
How to Scale a Tech Company – Stories about Scaling Startups [lwptoc] In research conducted by Small Biz Trends, Alarmingly, 43% of cyber-attacks target small businesses. Acumen Insurance estimates that cybercrime costs the Australian economy $4.5 billion annually. Malwarebytes performed a study across North America, France, U.K., Germany, Australia, and Singapore that found in 2017; ransomware attacks caused 22 per cent of infected small and medium-sized organizations to cease business operations immediately. Cyberattacks and cybercrime are becoming more pervasive and severe. Some commentators said it is not a matter of ‘if you will be affected by cybercrime’ but when you will be affected. I agree with that proposition.

Remember the Internet of Things (IoT)

If you don’t recognise the term IoT, then it is likely that you haven’t seen it as a security risk for your business. Let me assure you that it most certainly is. Many consider the IoT more to do with home appliances, than business. However, I predict the IoT is the next significant security risk for businesses worldwide. IoT includes your surveillance equipment, smart locks, sensors, printers and other items that can be found in your office. IoT provides a less-secure backdoor to your company’s network, which can spell disaster. You must recognise the IoT as a security threat to your business and treat that risk with diligence and if you have cyber insurance, review the policy to make sure that this risk is covered.

Personal devices at work

Staff commonly bring gadgets to work, such as mobiles laptops or even their own IoT devices. These devices can present a significant threat if they are not adequately regulated. According to the latest Crowd Research Partners report, most security professionals are concerned about personnel data management because of data leakage as well as the possibility of accessing unsafe data from the offices’ network – whether apps or content, and its most-likely consequences: exposure to malware or ransomware. Hackers have been known to strategically ‘drop’ USB storage devices containing trojans or viruses where employees go for breaks or to where they park their cars. The employee then curiously takes the USB they just found to work and loads it on their computer to see what’s on the mysterious storage device. The USB may have one photo file that they open, which loads the trojan. The hacker now has gained access to the company’s network. The security risk of using personal devices is high. So high in fact that many organisations have banned staff from bringing any storage devices into the workplace. If you haven’t got such a procedure in place, then it is worth considering as part of your risk management plan. Such workplace policies may then form part of your company’s employment agreement.

Attack types

Ransomware viruses have always been a significant threat, but they are becoming more prevalent. These are bugs that infiltrate your computer, take it over and lock you out, leaving you without access to your files. Ransomware freezes you out of your computer until you pay the ‘bounty’ to the hacker to ‘unlock’ your computer. Ransomware costs victims $1 billion each year. There is a new type of trojan that you need to be aware of that allows hackers to mine cryptocurrency using your network’s resources. This trojan can drain your team’s productivity and your company’s processing and internet resources. Keyloggers are horrible software programs that hackers install on your computer, that record everything that you type on your keyboard, including banking and other account login details. Worms have a different objective – they usually corrupt your software and continually duplicate it. Distributed Denial of Service (Ddos) attacks create an overload of traffic to flood your website, causing it to shut down. It pays to get the right web hosting provider with great systems to protect against DDoS attacks.

Strengthen your online security

The first thing you need to do is identify your company risks. For example, take stock of the IoT devices and multi-function printers in your office. You will then need to include them in a comprehensive strategy that involves encrypting and protecting with firewalls all the components of your network. It will be worth hiring a professional cybersecurity company that can do perform penetration testing on your systems. That way, you can locate your most critical security flaws. Install a reliable anti-malware and anti-virus software in each one of the laptops, desktops, tablets and mobile phones belonging to the company. You must ensure that such software is updated regularly. You must also have a system to make regular back-ups of the data that you store on computers and phones. By ensuring that you update computers’ operating systems and software systems regularly will also reduce the risk of intruders gaining access to your systems. You should also hire experts to harden any DNS servers and cloud infrastructure. Implement a policy whereby all team members change their passwords every month and use strong passwords that contain at least 8 digits, upper and lower case, at least two numbers and at least one special character. Companies must also ensure they restrict access to files those who don’t need access to them. You can have your tech guys set various access levels, relative to the team members’ authority.

Foster a security culture

It is essential to know how to react when your attacks happen. Establish a disaster plan that your team must follow to minimise the risk of trojans, viruses, worms malware and DDoS attacks. It will be worth your while to train staff on security measures. If you educate staff on security measures, it will significantly minimise the risk of cyber threats. You can also stay up to date with security news and communicate recent threats. Having the ability to warn your team about suspect email attachments, phishing scams and the other dangers of emails should be a priority for all company owners. Education and regualt training is something that should be taken regularly, as the scams, methods and sources regularly change. Create policies and procedures and assign responsibility of maintaining the standards to keep your startup free of cyber threats.
Ben Waldeck

Ben Waldeck is a Tech Lawyer and Author of the book Start-Up and Scale.

FREE Roadmap - How to Attract:
High-Value Clients Like Clockwork
Image link

Enter your name and email below:

We will never share your information with anyone. Ever.