How businesses can prepare for a cyberattack

Many businesses faced significant security challenges in 2018, and as the year wraps up, experts predict that threats will continue to develop and grow. According to a report by Ponemon Institute, data breaches have resulted in some worrying figures in terms of financial impact on the corporate world. This represents a 6.4 percent increase from last year’s $3.62 million, which means the cost of a single data breach could be disastrous even as technology continues to offer businesses better, more advanced ways to protect their crown jewels.

So what does 2019 have in store in terms of new cybersecurity risks? And is your business ready to defend against new threats and more sophisticated techniques?

Cybersecurity preparedness is one of the major obstacles facing small- and medium-sized businesses (SMBs) today. Despite the increased focus in making companies safe, the lack of resources and the mistake of believing that a firewall and an antivirus are enough become major stumbling blocks. In reality, while they have a smaller attack surface, SMBs are no less vulnerable than a major enterprise. In the long run, this false sense of cybersecurity confidence could bring your company to ruin.

Before that happens, let’s take a look at some cybersecurity threats that will continue to target SMBs in the coming year:

• Ransomware – While ransomware has tapered off in 2018, experts predict that it will continue to wreak havoc. As attacks had grown threefold in the last two years, healthcare industries were affected the most, with the most successful attacks attributed to phishing and drive-by downloads. Ransomware could remain the most significant threat to SMBs based on a Global State of the Channel Ransomware Report.
  Cryptojacking, the unauthorized use of someone else’s computer to mine cryptocurrency, is also expected to rapidly increase in 2019. With cheap cryptojacking toolkits becoming more accessible on the dark web, profits can be immense.
• Data breaches – While the exposure of data within SMB databases might not be as extensive or damaging as a data breach that hits larger organizations, cybercriminals will continue to set their sights on SMBs, as their limited ability to address a data breach makes them easier targets.
• Compliance and regulations – If you think your business is spared from the pains of compliance just because you’ve recently complied, think again. The GDPR deadline has come and gone, with many businesses breathing a sigh of relief, but amendments to that law plus upcoming regulations from all over the world will make conformance challenging to say the least.
• The cloud – Cloud insecurity can still put your head on the block. As a matter of fact, because more data is being deployed from disparate parts of organizations, more and more data end up unsecured. Poor housekeeping can continue to put your business at risk in the coming year.
• Weak passwords – Time and again, single-factor passwords have been the simplest possible entry point to any business. From novice hackers to nation-state players, it’s never too trivial to use brute force attacks to gain access to a network. In 2019, password theft and password-based breaches will persist.
• The emerging Internet of things (IoT) challenge – While you might think that SMBs cannot be affected by IoT threats, experts expect an upward trend in security challenges raised by IoT. Because IoT deployments are away from main network areas, they slip under the radar, creating unsecure areas that were previously secure.
• Distributed denial of service (DDoS) – Unfortunately, DDoS attacks will continue to grow in 2019, including the cost of defending your network against them. Because of its low-effort, quick rewards nature, the cost of launching an attack is shockingly low.

Given these predictions, maintaining a strong cybersecurity program is more crucial than ever. Have a contingency plan as part of your business preparedness:

Employee education and training

Human error may be inevitable, but preventing it could spell the difference between disaster and safety. Educate your employees and be sure they understand how to maintain security and protect company information.

Train your employees to be accountable for implementing security procedures and policies. Teach them to be vigilant against phishing emails, business email compromise (BEC) scams, and other social engineering schemes, and make sure they are up-to-date with developing potential threats.

Secure passwords

Strong passwords or passphrases could prevent a world of security chaos. Consider using a system that requires multifactor authentication. Make sure they use different passwords across various devices and have your employees change passwords regularly.

Secure your network

It’s as simple as not using Wi-Fi that broadcasts its name. Always secure router access with a complex password. If your business offers WiFi for your clients or customers, make sure it isn’t on the same network as your company computers.

Disaster recovery plans

To ensure that your company can continue to function without disruption even after a disaster, make sure you have a recovery plan that includes comprehensive steps for recovering information, performing daily business operations, and implementing new controls in the wake of an incident. Additionally, know regulatory compliance requirements for security breaches

Consider outsourcing IT and cybersecurity needs

One thing that does work to an SMB’s benefit is that their smaller size allows them to be flexible enough to make necessary changes without having to go through complex processes. Consider hiring a managed services provider to handle your IT and security needs.

Charles IT offers Managed Security solutions like firewalls, intrusion prevention systems (IPS), and virtual private networks (VPNs), among other things. Contact us today to get your first assessment.