When you hear of ransomware or some other cybercrime, your mind might automatically jump to a sensational story you read about in the news or a high-energy heist movie you watched on Netflix? That’s understandable. However, it can obscure reality. Cybercrime that’s happening today is much more “pedestrian,” or at least less likely to be turned into a movie you’d watch. The important questions are can it happen to you? What kind of businesses need cybersecurity? Who are cybersecurity targets?’
It might be just as easy to ask, what are the biggest industries? Banking/Financial, Health/Medical, Pharmaceutical/Cosmetic, Auto/Manufacturing and Education. Of course, these have all been well-publicized targets. What kind of businesses need cybersecurity? The answer is every kind. Today’s cybercrime is just as likely to be a scattershot “smash and grab” attack on everyday users as it is to be the targeted profiling of the Fortune 500 company. Yes, there are sophisticated attackers with highly targeted and highly planned, sometimes political in nature, attacks on our infrastructure and institutions. But often, it is individual actors attacking individual actors, and the fallout affects small and medium-sized businesses alike.
Top Five Targeted Industries for Cybersecurity crimes* in 2020 (Statista)
It’s sometimes difficult to separate what is “big news” and what is an actionable, practical call-to-action for the small to medium-sized business. There is definitely some overlap, and it’s helpful to use your particular situation as the ultimate context when evaluating your cybersecurity risk. So many small and medium-sized businesses have been affected by cybercrime in the last year that we can use experience as a guide. First find out “what are the four top threats for small businesses?” and then evaluate your risk.
What are the Cybersecurity Threats?
The Four Top Cybersecurity Threats for Small Businesses
- Social Engineering. Dirty tricks, in particular “phishing” scams, are getting more sophisticated right at the time we may be more vulnerable due to information overload and heightened interest in current news, such as COVID-related items. An email that appears to be from the boss can easily fool someone into opening malicious files or malware.
- Our Untethered Work. We’ve untethered from our local networks. Many of our digital transactions that used to take place on a local network are now occurring in the cloud, and hackers have found a way to break in and compromise or “cloudjack” these networks. Many employees are using their own devices (mobile phone, tablets, etc.) for work, which opens pathways to security breaches.
- Complacency. It would be easy to categorize cybersecurity as a technical problem or something someone else deals with. Leadership cannot take a back seat approach. Cybersecurity is a business risk. Mismanaged or lax security can negatively affect your reputation. Conversely, solid cybersecurity can enhance and add perceived value. Fill the gaps. Be proactive.
- Internal Attacks. As the pandemic sent workers home, it also muddied the waters on who has access to what information and where. Data governance is an issue as the remote work trend creates an environment where normal checks and balances are (or appear) loosened, making it more tempting for an employee to engage in fraud.
Are any of these threats possible, or even likely for to happen at your organization? Yes, of course. It’s one of the things that keeps cybersecurity firms on their toes—the fact that anyone can be a victim to these attacks. It’s crucial to place a line of defense where the gaps exist.
Small Business Checklist for Cybersecurity
You cannot be expected to know all there is to know on cybersecurity. It is rapidly evolving, and there is always someone looking to get one step ahead of the best security practices. There are publicly available resources and private expertise in the form of consultants. It’s the nature of business that your internal resources are going to be stretched thin when the stakes are high, and cybersecurity is something that requires a proactive approach. Here is a short checklist for cybersecurity.
- Perform a Risk Assessment. What digital security do you have in place? Does it account for your work-from-home contingent and your key vendors and contractors? What do you not have in place? Are mobile devices secure? How is access to documents, applications or corporate networks granted?
- Educate and Inform Your Team. Cybersecurity is a team sport. You will need to impress upon your team its importance and the essential quality of their participation. There are a few ways to implement:
- Run drills. What if a disaster strikes? Why not try table exercises or simulations that mimic a cybersecurity attack and illustrate just how disruptive and costly they could be?
- Include cybersecurity education in your onboarding and continuing education protocols. Everyone should understand what social engineering and its variants look like, how to report suspected attacks, and how to maintain their home networks with an enhanced level of security.
- Fill the gaps. What software or hardware is missing? Do you need to limit access to networks? Do you need a mobile device protocol? Budget may prevent you from being fully locked down, but with a proper assessment, you can provide weight to your risks and act accordingly.
Whether you need a risk assessment, training for your employees or any number of cybersecurity services, contact eMPiGO to see how we can help.