Two of our more integral partners, ESET (Anti-Virus and Security) and Datto (Backup and Business Continuity), recently released a couple of reports that are quite interesting. I figured I'd save you some time by reading them first and highlighting some of the more important points. So, here's FPA's version of the Cliff Notes of both reports.
What are some of the important takeaways...
- 71% of security breaches target small/medium businesses
- 23% of phishing emails to employees were opened and 11% of recipients opened an attachment
- 91% of IT Service Providers report ransomware attacks on small businesses
- 93% report ransomware gets past the anti-virus or anti-malware software layer
What's at risk...
- Personal information that can be used to commit identity theft
- Account information including credit card data, bank account numbers, online banking passwords, email accounts, and user accounts for services such as eBay, PayPal, TurboTax.
- significant loss of productivity and/or $'s
What it means...
- your business may be held responsible for the consequences of data theft
- even though you may think your business is too small, you must take a systematic approach to securing your data
- lack of risk awareness
- lack of employee training
- failure to secure endpoints
What you should do...
- start by documenting your approach (one of the best ways for this is through FPA's Technology Security Assessment)
- define and implement the appropriate security policies
- ensure all endpoints are secure
- control what programs are allowed to run on company computers
- implement a solid backup and disaster recovery solution
Controlling what programs are able to run is something we work with our clients on all the time. Things like removing Administrator rights from employee accounts as well as implementing our CryptoLocker Group Policy. Both of these things prevent malicious applications from running in the first place.
Unfortunately, ensuring all endpoints are secure isn't one simple thing. It's not just a checkbox. It takes multiple methods to mitigate different failure points. This is why we've come up with our "FPA Stack" making up what's needed to provide a sound and secure network foundation.
The latest tool we've added to our arsenal to prevent ransomware, malware, and phishing attempts is a product from Cisco called Umbrella. Umbrella provides an added layer of protection known as Internet Threat Protection. It prevents callbacks to malicious sites when users click on a link. This is HUGE when it comes to preventing ransomware. It's actually a great tool that our clients are having a lot of success with these days.
Stepping back a little, all of this almost sounds like a broken record to me (am I dating myself here with this phrase?). We discuss all of these things with our clients all the time. That said, the biggest push back we all too often get around security is "we're too small", or "we don't have anything anyone would want", or "it's too expensive". The reality is - none of these things are true.
It really is a matter of tightening things up (technically), implementing the correct policies, training your staff, and then just documenting things. Simple enough.
Seriously though, my word of advice is just to start. Start with understanding this is the new normal. And security has to play a key part in how you run your small business.
What do you think? Am I preaching to the choir? Do you already get it? Let us know in the Comment box below or shoot me an email if you’d like to chat about this.