Today, cybercrime is more than a potential threat facing your business. It’s an unavoidable force of nature.
“It’s just like preparing for hurricanes, earthquakes or any type of natural or man-made disaster that could create business continuity issues,” says Theresa Payton, the Fortalice Solutions CEO, and former White House CIO, in an interview with Cybercrime Magazine. “[It’s the] same thing with a digital cyber-event.” For many of us, it’s easy to imagine these kinds of things happening to “the other guy” and not us. The problem is that cybercriminals go after everyone. They cast a wide net because that gets results.
In fact, according to Roger A. Grimes, 11-year principal security architect for Microsoft and cybersecurity columnist and speaker, “Eventually every company is hacked.” After decades consulting for many businesses, he’s come to the conclusion that “every company is completely and utterly owned by a nefarious hacker or easily could be.”
Eventually, every company can be hacked. Every company is completely and utterly owned by a nefarious hacker or easily could be.”
– Roger A Grimes – Microsoft Security
Owners of small and midsize businesses might imagine that – lucky us! – we don’t have enough cash to justify some faceless hacker’s effort. We’d be wrong. The reality is around half of cyber-attacks go after small businesses. These don’t really get reported by the media. They’re not as flashy as a cyber-attack against a big bank or retailer. But it’s the attacks against small businesses that do the most damage. One 2016 study found that 60% of small businesses hit with a cyber-attack closed within six months.
Thankfully, it’s not all bad news. While some business owners have no clue what cyber security they have in place, others are looking for ways to shore up their businesses. There are steps you can take to keep the bad guys out.
Two of the best ways to do that are to simply keep all your software up-to-date and keep your team educated about the threats. As Grimes puts it, “The two most likely reasons you will get exploited are due to unpatched software or a social engineering event where someone is tricked into installing something they shouldn’t … It would be a stretch to claim every other exploit type in the world, added together, would account for 1% of the risk.”
How can you keep your software up-to-date? You can actually automate a lot of it. There are several easy-to-use tools built just for this. Many of them also let you manage your software across your entire network from one set location. Say goodbye to jumping around and coordinating updates. Even better, there are many platforms capable of updating themselves. You just want to keep a close eye on them.
More than that, it’s always a good idea to put strong company policies in place. You want to be clear about your security and help inform employees about the dangers posed by malicious files and e-mails, among other things. Take time to educate them on the threats that are out there. And keep the education ongoing, because the threats are ongoing. The bad guys are always looking for new ways to break in.
And don’t forget about accountability. Keep the conversation going and talk to your employees about what they know about cyber security. Some businesses go so far as including cyber security training in their onboarding. Education is everything.
Finally, you MUST partner with a highly trained, security-focused managed service provider or other IT organization dedicated to keeping you protected from these constant threats. Some businesses try to do it on their own only to realize they don’t have the resources. Others think they need an entire in-house IT team to handle all of these threats.