Are you an SMB? Did you know that cyber-criminals think you’re an easy target? Here’s our top 5 IT security skills you need to make sure you’re protected in 2019.
There’s a common misunderstanding that small and medium sized businesses (SMBs) are untrained, underfunded, and unaware when it comes to cyber security. Essentially, the bigger enterprises look at you and think you’re a willing victim, regardless of your organisation’s credentials and intelligence. But here at Konica Minolta, we know that’s not true. We know that you have the capability, but sometimes it helps to have a trusted advisor tell you what to focus your precious resources on. That’s where we come in.
Think you’re the minority who’s already doing OK? Check out these stats and think again:
- In December 2018 alone, organisations faced an average of 43 ransomware attacks (153% year-on-year increase) and 465 phishing attacks (23% year-on-year increase), according to Forbes’ global customer cyber threat data [i].
- Verizon’s 2018 Data Breach Investigations Report found that 58% of all data breaches target small businesses.
- 60% of SMBs hit with a data breach close within six months[ii], according to Switchfast Technologies , even though more than half of all small business leaders don’t believe they’re targets.
So really, you’re still at risk. And it’s time to get prepared.
Read on for our list of basic best practices and security controls SMBs can implement to mitigate today’s sophisticated cyberattacks, on a realistic budget.
1. Think like a ‘black-hat’
Ever heard of the idea that if you want to make your house theft proof, you should hire the best thief in town? Well it makes sense, and you should apply the thinking to your business.
To be able to secure a system thoroughly, it’s important to think like a black hat hacker (Wondering what a black hat is? Read Norton’s handy guide here). Offensive cybersecurity is gaining more and more traction, and for good reason. It’s often more useful to anticipate an attack and prepare for the contingency, instead of doing the damage recovery afterwards.
How to get ahead of these attacks? Get up to speed with penetration testing. Kali Linux is a great platform to master for the purpose of penetration testing, or make sure your managed service provider (MSP) has got this covered for you.
2. Invest in network and infrastructure security
Is your network secure? How do you know? Basic elements like password protecting your Wi-Fi network, and regularly changing that password, will help minimise security breaches. But to really protect your business, you need to make sure you have a firewall that has got your back.
When properly deployed and configured, next-generation firewalls (NGFWs) are the true hero of network security. Top services to look out for in your firewall:
• Intrusion prevention services (IPS)
• Gateway antivirus (GAV)
• Content filtering
• Anti-spam features
• Application control
• Protection for non-standard ports
• Cloud sandboxing (an isolated environment to safely execute malicious code, see below)
3. Learn the value of real-time sandboxing
Cloud and/or network sandboxing services offer real-time inspection of suspicious files that firewalls and malware protectors aren’t quite sure about, and quarantine any potential risks. In other words, it’s advanced threat detection.
Some of your standard office applications such as Adobe Reader and Microsoft Office already have sandbox modes included, but with ‘Shadow IT’ (employees using their own solutions to send and receive data in an often untraceable manner) becoming more and more common, make sure your cyber security system has a sandbox built in at the network layer too.
4. Proactive endpoint generation
Laptops, mobile devices, and tablets are known as endpoints, and as the main point of interaction for employees, should be closely defended with next-generation antivirus solutions and/or an endpoint protection platforms (EPP). These tools help monitor and mitigate successful cyber-attacks that compromise an endpoint, meaning malware and viruses can’t spread laterally across your whole business.
And choose an endpoint security solution that offers automated roll-back controls - controls to help administrators and users return an infected machine back to a known healthy state. A tool that offers this is your guardian angel – minimising disruption to both your employees and customers for those ‘just in case’ moments.
5. Build a well-rounded arsenal of technologies
A single data breach can cause your company to lose huge amounts of precious revenue. So it’s important to ensure your managed service provider or individual security tools cover a well-rounded cyber security skill set, with skills ranging from penetration testing, IOT security, network security, identity, and access management, to other cyber-governance related soft-skills.
Feeling a bit more prepared to tackle cyber security? Download a copy of our security toolkit for SMBs to find out how else you can maximise your IT.
Or understand the importance but it still feels too daunting? Whilst there are many great individual solutions out there, for those SMBs that just want IT to work and data to be protected, an all-in-one IT infrastructure solution is your friend.
Through our partnership with Sophos, we can offer the very latest software that ensures your systems are constantly monitored, protected and managed against malicious attacks and other security threats. It means your infrastructure, employees, and data are always safe and secure, no matter where you work.
Ready to find out more about how we can help you simplify your IT today? Book your free Workplace Hub consultation today.