In a world that is rapidly transitioning through phases of the digital age, scamming, data breaching, phishing, and various other forms of criminal activity have become both increasingly and indiscriminately common for businesses regardless of industry or size. John Sancenito from INA (Information Network Associates Inc.) tells us that there are two main cybersecurity issues to be of concern for business owners currently. He describes the first concern being data breaches, and the second is ransomware. He quotes that 1 in 5 small businesses experience a cyberattack in some sort during their tenure, 60% of those experiences result in going out of business within just 6 months of said cyberattack. John points out that while cyberattacks are of concern for all businesses, smaller ones need to be especially careful due to the lack of resources required to rebound from the expenses required to sort out these kinds of issues (litigation, attorney fees, compliance expenses, etc.). To help combat these issues, it is important to keep in mind these 5 tips for maintaining your business’ cybersecurity.
Educate Your Employees
The majority of cybersecurity issues stem from human error – that is to say, downloading malware, clicking phishing links, plugging in contaminated USB drives, etc. It is not only important, but it is essential for your employees to be informed of the risk that outsiders pose to the integrity of your business and the access to its data. “Unfortunately, the bad guys are incredibly sophisticated”, John remarks. Criminals use phishing in a variety of different ways, not just through email links. He recommends asking your IT department if you are unsure about a suspicious email or website.
Continuously Improve Security
Security is layers upon layers – it is not a one-and-done task to be completed. There is no checklist to follow, no boxes to tick. Brian Stone of Appalachia Tech reminds us that while having documented your business continuity, as well as a plan in place for an attack is a good start. “It’s a start, but you need to get better at security… there is no 100%, the bad guys don’t sleep”. Brain believes that if you don’t invest in protection, you will be compromised.
Test Your Cybersecurity
There are plenty of organizations out there that will voluntarily “hack” your company. This can look like a lot of different ways through various “white hat” hacking techniques. The importance of this is evident: you are testing the strength of your security rather than the bad guys doing it for you. This can look like a mass email program where a fake phishing attempt is sent out to all your emails within the business’ domain. Once sensitive information is acquired or a security breach occurs, the employee is then notified of this program, and directed to remedial training to prevent an actual attack. Once the trial is up, some programs will even generate scores for you to assess your performance as an organization. Setting up a trial like this can be crucial to preventing a cybersecurity attack.
Increasing On-site Security
While it may be fair to assume that the majority of attacks nowadays happen through the network, that is not to say that there is little concern for physical security measures and how they can protect both tangible and non-tangible assets. “You can have the best cybersecurity measures in place, but all is for naught if someone comes in, kicks down your door and steals your server”, John chuckles. He quotes an additional statistic: 1 in 10 of all laptops are stolen. He recommends that you encrypt the data on locally stored, physical assets like laptops and hard drives. This can be of heightened importance in today’s environment where many remote workers are using laptops that aren’t locked up in an office.
Regular Password Changes
The final and perhaps least complicated step you can take to improve your business’ cybersecurity is to have simple security solutions common but not required amongst most businesses nowadays, such as two-factor authentication and password updates. Brian Stone reminds us that while these measures can be annoying at times, in reality the amount of value added far surpasses the relatively minor inconvenience that is experienced by having to maintain these practices. “There are a bunch of little things like this that can increase your odds”, Brian tells us.
If you have recently expressed concern about cybersecurity within your business, or perhaps experienced being the victim of an attack, you can reach out to INA for their investigative services at their website: www.ina-inc.com through email or phone. If you are looking for cybersecurity consulting and general solutions, you can reach out to Appalachia Technologies at www.appalachiatech.com and contact them for an appointment or schedule a phone call.
Nathan Imboden / Questmont
John Sancenito / President of INA
Brian Stone / Principal Partner of Appalachia Technologies
Jason McNew / Senior Engineer of Appalachia Technologies