Is Your Business Low Hanging Fruit For Cybercrime?
Securing your office from cyberattacks is, to a large capacity, a ‘Joneses’ affair. If you aren’t keeping up with other businesses—of your size or greater—you probably are ripening into some hanging fruit ready to fall victim to some budding cybercriminal.
Even large organizations become victims to major cybercrime simply because they leave easy gateways to hackers. I want to make sure that Philadelphia businesses have better-than-average IT Security processes and policies in place so that they don’t become low hanging targets.
What happens when a business fall victim to an attack?
The consequences of cyberattacks are grave. If you’re a local business trying to attract and retain clients in and around Philadelphia, a data breach will surely damper enthusiasm, and could ultimately leave them out of business (in fact, 85% of businesses fail within 2 years of a cyberattack).
What are some security measures your business should take to avoid being a target?
Patching— As we’ve recently seen with major cyberattacks, patching does make a big difference. When cyber criminals are looking for targets, they are looking for easy entry into your business network. Unpatched machines is one very easy way for them to gain access.
The reason unpatched networks makes for easy cyberattack targets is that software companies like Microsoft, Adobe, or Apache (for example) identify the particular vulnerability in the patch. Hackers can use that information to create code to penetrate a network. They also reverse-engineer the patches to understand how they can penetrate an unpatched environment.
Make sure your IT Support is patching your network. Good IT Support teams will not only patch your network, but test patches before going live into your business environment.
[Note: Microsoft just dumped a whole lot of updates on your plate—they just released 81 vulnerabilities that cybercriminals may be exploiting if you’re not careful!]
Network Monitoring— It took Equifax months to realize that they were breached. That’s unacceptable! Your IT Support should be disciplined with a monitoring process to regularly monitor your network and be able to identify when there is suspicious activity. Suspicious activity might be accessing folders that normally are only accessed at a particular time in the month, data movement across the network, activity moving in or out of your network.
Good IT Support should be actively reviewing your business network activity to identify problems—including any data leaks—before they become serious problems.
Firewalls— firewalls have changed a lot over the past decade. If you’re using older static firewalls and think you are safe from cyberattacks, you likely won’t be that well-protected. Newer technologies that learn current threats are much better at preventing cybercriminals from easily accessing your network.
Staff Awareness— While having software and hardware protected is one critical component to keeping your network safe, more than ever your IT Support should keep your users engaged to understand that they are part of the cyber security solution.
Good IT Support should engage your users to understand current attacks and help improve their IT hygiene by helping users understand what they should be doing to keep their and your business secure and why behavior shifts are important to keeping your business safe.
Understand whether your security meets IT standards—One your biggest aides when understanding how your IT Security compare to other competitive businesses in Philadelphia and elsewhere. When your company is meeting or exceeding security standards, you likely won’t be a big target.
Your IT Support should understand gaps that exist in security across businesses and make recommendations to keep you ahead of the pack when it comes to business security practices and processes.
How can you determine what specific security measures will be needed for you to keep criminals at bay?
As I mentioned above, gap analyses are a powerful tool to help your organization understand what specific actions your IT Support needs to focus on improving to keep you secure. One of the best ways for your business to start tackling a gap analysis is by benchmarking your IT Security with other businesses.
If your business’ security benchmarks for aspects of security—patching, firewalls, maintenance and monitoring, staff engagement, for examples—are low compared to other businesses (and it doesn’t really matter how small you are!), you probably want to figure out how to fill in gaps to increase your comparative benchmark.