The first step in protecting your business from a cyber-attack is acknowledging the fact that you are at risk. Large corporations, medium-sized enterprises, and small businesses all have fallen victim to cyber criminals. Many small businesses do not even know that they have been targeted until the damage is so devastating it requires them to shut down.
The problem is that many small businesses think that they do not have any information that cyber criminals would want. What they don't realize is how much damage cyber criminals can do with just a small amount of information.
Ever since the pandemic’s outbreak the amount of cyberattacks is growing rapidly and is expected to triple during 2021. Many countries reported significant losses from all types of cyberattacks. In Canada, like in many other countries, COVID-19 related phishing scams are something cybersecurity experts are warning people about all the time.
With most of the workforce working remotely, many organizations needed to rethink their cybersecurity strategies. The problem is not all small businesses took that part seriously. Canadian Centre for Cyber Security created some valuable collection of advice for all cybersecurity related topics to help both organizations and individuals protect themselves from the ever growing number of cyberattacks.
Gary Stevens, a Linux sysadmin on HostingCanada.org’s Web Services Team warns:
“If a small business does not have strong cybersecurity policies in place, and their web hosting solution isn’t from a web Canadian hosting company that prioritizes security, their data will become easy pickings”. The situation with small businesses in Canada is just a great example of what’s happening to most small businesses around the world.
Cyber criminals want access to a company's customer credit card information, their pricing structure, their client list, their expansion plans, or their manufacturing processes. Hackers are not just looking to make a one time score. If they can access a small business or large enterprise, they want to use that network as a stepping stone into networks that belong to their customers and companies that are part of the same supply chain.
Data breaches are devastating. They can cost money and can damage a business’s reputation. The following are four cybersecurity protocols companies must adopt to keep their data safe.
The tendency could be for remote employees to want to work from coffee shops and other places that have unsecured Wi-Fi networks. In doing this, they are sacrificing security for convenience. This is unacceptable.
Businesses should have strong protocols in place that require employees to only connect through secure networks. Using a VPN when connected to the Internet for company business, using company devices, or using a personal device that has business information stored on it must be required. The goal is to tighten security gaps and minimize vulnerability surfaces.
Now, employees are connecting to the business network using personal devices and their home Wi-Fi network. If employees are not properly trained, they will become a liability. Conversely, cybersecurity aware employees can become the first line of defense against cybercrime and data breach.
The education employees receive about cybersecurity needs to be comprehensive enough so they understand all the potential threats and remedies while not being so techy that the information goes over their heads and they zone out. Cybersecurity training must become part of the culture of every organization. This means showing employees how to identify risk, helping them change their behaviors, and providing them with quantifiable metrics to show the benefits of their cybersecurity awareness.
To mitigate the danger caused, it is imperative that new hires and third-party organizations know and follow clear policies. Cybersecurity requirements should be clearly laid out in employee contracts and in SPOs and SLAs.
Social engineering is mitigated by updating software and systems. Your company’s network should always be protected. Software updates and maintenance should be scheduled regularly and done automatically if possible.
Regardless of the level of cybersecurity your organization has in place, it should always comply with PCI, HIPAA, and other regulatory compliance required for your industry. Preparation is prevention.
While technology is a primary tool, well-trained users are the first line of defense. User activity should be regularly monitored with the goal of identifying unauthorized behavior. This makes it possible for your organization to guarantee that the actions of your users do not violate your company’s policies. The right people should be alerted immediately when activities that violate security policies take place.
The goal is to prevent data breaches. However, there is no such thing as a 100 percent hacker proof system. Therefore, you should frequently back up your organization’s data. This should be a mandatory practice. Ransomware and other forms of attack bring business operations to a halt until a ransom is paid. If you do not have your organization’s information securely backed up, you will be at the mercy of the individuals who kidnap your data. However, if you have a backup, you can quickly restore business activity.
Your HR department plays a vital role in protecting data loss. This is especially true during the off boarding process. There should be a systematic process in place for removing access from employees once they have left the organization or when they are on the verge of leaving.
Those charged with cybersecurity responsibilities should have visibility to identify insider threats, be them accidental or malicious. This means that the software chosen to help secure your organization should offer unfettered visibility.
The problem is that many small businesses think that they do not have any information that cyber criminals would want. What they don't realize is how much damage cyber criminals can do with just a small amount of information.
Illustration: FreePik
Ever since the pandemic’s outbreak the amount of cyberattacks is growing rapidly and is expected to triple during 2021. Many countries reported significant losses from all types of cyberattacks. In Canada, like in many other countries, COVID-19 related phishing scams are something cybersecurity experts are warning people about all the time.
With most of the workforce working remotely, many organizations needed to rethink their cybersecurity strategies. The problem is not all small businesses took that part seriously. Canadian Centre for Cyber Security created some valuable collection of advice for all cybersecurity related topics to help both organizations and individuals protect themselves from the ever growing number of cyberattacks.
Gary Stevens, a Linux sysadmin on HostingCanada.org’s Web Services Team warns:
“If a small business does not have strong cybersecurity policies in place, and their web hosting solution isn’t from a web Canadian hosting company that prioritizes security, their data will become easy pickings”. The situation with small businesses in Canada is just a great example of what’s happening to most small businesses around the world.
Cyber criminals want access to a company's customer credit card information, their pricing structure, their client list, their expansion plans, or their manufacturing processes. Hackers are not just looking to make a one time score. If they can access a small business or large enterprise, they want to use that network as a stepping stone into networks that belong to their customers and companies that are part of the same supply chain.
Data breaches are devastating. They can cost money and can damage a business’s reputation. The following are four cybersecurity protocols companies must adopt to keep their data safe.
1. Secure Remote Working Employees
At the start of 2020, remote employees were few. Now, most companies have the bulk of their employees working from home. This has created a potential cybersecurity nightmare. It is imperative that businesses train their remote employees and require them to work securely.
The tendency could be for remote employees to want to work from coffee shops and other places that have unsecured Wi-Fi networks. In doing this, they are sacrificing security for convenience. This is unacceptable.
Businesses should have strong protocols in place that require employees to only connect through secure networks. Using a VPN when connected to the Internet for company business, using company devices, or using a personal device that has business information stored on it must be required. The goal is to tighten security gaps and minimize vulnerability surfaces.
2. Train Employees to Be Cybersecurity Aware
The value of employee training cannot be overstated. This is especially true now that a bulk of the workforce is working from home. When employees work inside of a secured office, employers have more control and can implement cybersecurity protocols without the employee thinking about it.Now, employees are connecting to the business network using personal devices and their home Wi-Fi network. If employees are not properly trained, they will become a liability. Conversely, cybersecurity aware employees can become the first line of defense against cybercrime and data breach.
The education employees receive about cybersecurity needs to be comprehensive enough so they understand all the potential threats and remedies while not being so techy that the information goes over their heads and they zone out. Cybersecurity training must become part of the culture of every organization. This means showing employees how to identify risk, helping them change their behaviors, and providing them with quantifiable metrics to show the benefits of their cybersecurity awareness.
3. Create Awareness of Social Engineering
While this might seem as if it falls under training employees to be cyber security aware, social engineering requires protocols of its own. This is because social engineering is designed to get access to credentials and files, some of which are encrypted. The attempts can come from phone calls, emails, social media, and other sources.To mitigate the danger caused, it is imperative that new hires and third-party organizations know and follow clear policies. Cybersecurity requirements should be clearly laid out in employee contracts and in SPOs and SLAs.
Social engineering is mitigated by updating software and systems. Your company’s network should always be protected. Software updates and maintenance should be scheduled regularly and done automatically if possible.
Regardless of the level of cybersecurity your organization has in place, it should always comply with PCI, HIPAA, and other regulatory compliance required for your industry. Preparation is prevention.
4. Strong Network Security Practices
Your organization should have a systematic approach with dealing with and organizing security measures. The first goal should be to stop data loss. This means mitigating data exfiltration from an endpoint. Your organization is responsible for monitoring contractors and vendors. They should monitor employees, especially when an employee leaves the business or is fired.While technology is a primary tool, well-trained users are the first line of defense. User activity should be regularly monitored with the goal of identifying unauthorized behavior. This makes it possible for your organization to guarantee that the actions of your users do not violate your company’s policies. The right people should be alerted immediately when activities that violate security policies take place.
The goal is to prevent data breaches. However, there is no such thing as a 100 percent hacker proof system. Therefore, you should frequently back up your organization’s data. This should be a mandatory practice. Ransomware and other forms of attack bring business operations to a halt until a ransom is paid. If you do not have your organization’s information securely backed up, you will be at the mercy of the individuals who kidnap your data. However, if you have a backup, you can quickly restore business activity.
Conclusion
There is a lot of technology out there that can help your organization stay safe. However, process always comes before technology. This means that your organization needs to implement formal security policies based on thought-out strategies that apply for your industry before spending money on software, equipment, or tools.Your HR department plays a vital role in protecting data loss. This is especially true during the off boarding process. There should be a systematic process in place for removing access from employees once they have left the organization or when they are on the verge of leaving.
Those charged with cybersecurity responsibilities should have visibility to identify insider threats, be them accidental or malicious. This means that the software chosen to help secure your organization should offer unfettered visibility.
