
It’s the same for massive multinational corporations as it is for Small and Mid-size Businesses (SMBs). Security is the #1 most important factor affecting network operations today. After hundreds of thousands of employees across most professions worldwide moved to a ‘Work from Home’ (WFH) status following COVID, cyber-attacks, and specifically Ransomware, have snowballed in epic proportions.
The IT Support and Services models used by SMBs varies greatly among the IT services community serving the Charlotte area Angeles, which encompasses the gamut of IT consulting services which serve the smallest to the largest of businesses. A small office with two or three employees will probably not use a Managed Services Provider (MSP), but rather a ‘Break & Fix’ (B&F) occasional IT services ‘guy’.
If your small business uses a ‘B&F guy’, your network security needs are most likely served only at a minimal level. Your ‘B&F’ guy works by the hour and simply fixes whatever breaks. They might make sure that your firewall, Antivirus (AV) and the security patches and updates for your Operating System (OS) are kept up to date – although it’s a huge mistake to take that for granted. In speaking with the owners and administrators of small businesses across the Carolinas and beyond, we hear this question far too often:
Do small businesses need Cybersecurity?
The answer is obvious: Yes (DUH!) Over 80% of all cyber-attacks and data breaches per year are aimed directly at SMBs. Another thing we at ITFirm.com hear all too often is: “I’m too small for cyber crooks to bother with.” NO… YOU ARE NOT. Think of Goldilocks and the Three Bears: If Goldilocks was a cybercriminal, she would find some crimes too small (like smart phone hacking), some too big (like governments and massive corporations), but she would find the crimes that are ‘just right’ – and those are the crimes she would commit against SMBs. For the cyber criminals launching over 80% of attacks, SMBs are ‘just right.’
Realistically, the vast ‘middle class’ of cyber crooks are looking for you, and sooner or later they will find you and hit you for an amount of cash (in Cryptocurrency) that is more damaging to your business than the 5 million dollars that were extorted from the Colonial Pipeline. Colonial will survive, whereas your business may not.
How can small business improve cybersecurity?
If you do not have a Managed IT Services firm looking after your network, you should start talking to them – interview a few and go with the best. In the meantime, there are a few common-sense steps that can be taken that won’t break your bank. The FCC goes into detail about these steps HERE, but in a nutshell, follow this outline:
1) Update! Keep all Firewalls, AV, and security patches up to date. Microsoft regularly sends these updates. Make sure your network is configured to have these updates performed automatically. Ask your IT support provider to do this or show you that it is being done. These updates MUST include your Operating System. For example, if you are still using Windows 7, your network is just waiting to be invaded since Microsoft stopped security updates for this platform long ago.
2) Backups! Even with preventive measures, if Ransomware locks up and encrypts your data, your backups are your ‘Get Out of Jail Free’ card. You should NEVER pay a ransom. Just shut infected devices down, wipe them clean and reinstall the data from your backups. Done!
3) Encryption! Encrypt your data. This is easy to set up to happen automatically. A data breach will be unsuccessful if the hacker is unable to read your data.
4) Strong passwords! Honestly, nobody really likes having to remember passwords, so many people either use one that’s child’s play to crack – such as ‘1234’ or use the same password for everything – once the hacker cracks one, they have the keys to every door in your kingdom. Read our sister company’s (IT Support LA) page on ‘Creating Strong Passwords’. Also, use a Password Manager – you only remember the password for the Manager, and it contains your passwords for everything else.
5) MFA! No, that’s not some kind of swear word from The Urban Dictionary. Use Multi-Factor Authentication (MFA) after the password is entered. Beyond questions like ‘What’s your mother’s maiden name’ or the like, other steps like sending a verification code to another device, thumbprint or even retinal scans add extra layers of protection.
6) Mobile security! Protect the weakest links in your device chain - mobile devices like smart phones, laptops, and notebooks. Extend all security measures to all mobile or remote devices, whether company-owned or ‘Bring Your Own Device’ BYOD. Remote connections are the first that cyber crooks examine for signs of weakness. Good IT support should prevent any vulnerabilities.
7) Physical security! What good are the best firewall and AV if the office door is open and there’s nobody at the reception desk? Network protection is one thing, but make sure your workplace is secure. No stranger should be able to walk in the front door unsupervised. Important information should not be left out in the lobby. Install security cameras. Shred all business documents before taking them to the trash.
8) Secure Wi-Fi! This is another weak link - both in the office and for field workers. With WiFi, your data is traveling through the air, where it’s easier for a crook to grab. Do NOT let your employees in the field use ‘free’ or public Wi-Fi___33, like at Starbucks.
9) Selective access! Delegate and limit employee access to data. All data should be on a ‘Need to Know’ basis. Everybody does not need to be able to see everything.
10) Security Awareness Training! This is THE most important step. All of your firewalls, AVs, and passwords are useless if an untrained end-user falls for an email ‘phishing’ scam and either clicks a bad link or opens a malicious attachment. This bypasses all of your defenses and opens the door for malware to enter your system. Once is not enough – ongoing training every three to four months is recommended.
Frequently Asked Questions
Q: What exactly is phishing?
A: Phishing is an email scam where the criminal pretends to be a trusted contact to entice you to click on a link or open an attachment which then releases malware into your computer and network.
Q: What are the top 4 cybersecurity threats facing small businesses?
A:
1: The #12 threat is YOU if you do not take the threat seriously or are otherwise unprepared for it.
2: Ransomware – The most prevalent and fastest going threat in the world. Once in your system, the crooks encrypt your data – denying you access to it and demanding a ransom for a decryption key.
3: Phishing – the main reason why Security Awareness Training is vital.
4: Malware. Ransomware is just one type, but there are many types of malware, and they primarily depend on Phishing attacks to gain entry to your network – for a variety of reasons (none of which are good).
Q: Is security awareness training effective?
A: Generally it is as effective as the seriousness you give it. A ten-minute quiz once a year doesn’t cut it. According to Proofpoint, even the most minimal investment in security awareness training has a 72% chance of reducing the impact of a cyber-attack on a business.
Q: What are the different types of data backup locations?
A: Local Backup – NOT connected to the main network – the fastest way to restore data.
Cloud Backup – off premises. This is slower, but your data should be made safe in the cloud.
Cloud to Cloud Backup – an extra measure of protection.
How secure is your network?
As a longstanding, reputable member of the Charlotte business community, ITFirm.com offers a FREE, no-risk network and security assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to hire us.
The two best defenses are next-generation defenses to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT Services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
For more information, or to receive your FREE no-risk network and security assessment, just fill out the form on this page or call us at:
704-565-9705

