security

Five Cybersecurity Tips For Small- And Medium-Sized Enterprises – Forbes


Dan Branco is CTO at GSI Solutions. Specializing in helping SMEs optimize their IT.

Researchers are reporting a shocking 600% increase in cybercrime since the beginning of the Covid-19 pandemic. In another report published by Check Point Research (CPR), the average weekly number of attacks per organization worldwide has now reached over 1,130. Advances in technologies such as artificial intelligence (AI) and machine learning (ML) have enabled malicious actors to become more sophisticated in their techniques, allowing them to carry out attacks on a much wider scale than ever before. Unfortunately, small- and medium-sized enterprises (SMEs) are now becoming their target of choice.

Traditionally, SMEs have under-invested in cybersecurity, making them a highly vulnerable group (SMEs are considered small with 5 to 99 employees and medium-sized with 100 to 499 employees). Leaders are often caught off guard by cybersecurity issues, having assumed that their typically small tech teams have any issues under control. Moreover, the cutting-edge technologies and expertise used to protect large enterprises have historically been economically unfeasible for SME’s leaving them to fend for themselves.

This article will outline a high-level approach to cybersecurity I employ with SME clients as a CTO for hire. This is a dynamic and complex problem space fraught with risks. There is no one-size-fits-all solution that’s guaranteed to work. What is presented here should be considered a starting point for understanding common risks along with some high-level remediation strategies.

Let’s start by reviewing what’s at stake.

There are four major types of outcomes we are trying to avoid.

1. Theft of data: This includes payment card data, personally identifiable information and any other kind of data you would not want bad actors or the public to have.

2. Theft of intellectual property: This includes source code, digital assets or anything that is of value to your business.

3. Theft of resources: This refers to the unauthorized use of computing resources. The hijacking of computing power to run crypto miners has recently been a particularly prevalent issue. This kind of theft can be very expensive and leave you vulnerable to other attacks.

4. Loss of access: This refers to ransomware attacks. In this scenario, criminals lock you out of your computers until a ransom is paid. Unfortunately, you are subject to all other outcomes above with no guarantees of recovery, even if you pay the ransom.

The stakes are high, especially for those who are unprepared. Luckily, SMEs have an advantage over their larger counterparts as they can more easily shrink their attack surface through the smart use of third-party services. By reducing the number of systems SMEs manage directly, they can rely on the focused cybersecurity expertise of their vendors and reduce the easily exploited complexity in their own systems. A good analogy would be storing your family jewels in a bank safety deposit box instead of trying to hide them somewhere in your home. This approach can often produce some easy wins.

Some of the most common ways to shrink your attack surface:

• Stop maintaining your own infrastructure: Unless you have a real business case for housing and maintaining your own servers, hand it off to the experts. The public cloud offers a cost-effective solution for almost anything an SME might need. You will also have access to enterprise-grade security tools and appliances for less than the cost of owning your own. Keep in mind that cloud hosting does not guarantee a secure environment out of the box. Get expert help to set it up properly.

• Don’t handle sensitive data that you don’t need: For example, if you’re processing credit cards online, don’t handle or store the data yourself. Most payment card processors provide a hosted solution that handles the entire transaction on their platform instead of yours. You can store less sensitive transaction details on your end, never having handled the sensitive data.

• Hire an expert to audit your environment on a regular basis: Don’t trust that your in-house developer, system administrator or DevOps engineer can handle it themselves. The threat landscape is developing too fast for anyone to keep up with on a part-time basis. You especially need someone who can evaluate your security from an external perspective and work with your team to fix the problems.

• Have a multi-layer backup strategy that includes recovery: Sophisticated attacks will often include infecting your backup system, so consider having multiple independent backups from a variety of locations. Be sure to maintain offline backups of your source code. Bolster this with a tested plan to reconstitute your environment from scratch in case of a ransomware attack or other catastrophe.

• Get your people some training: A one-hour training session on how to identify a phishing email or text may save your company someday. As sophisticated as today’s hackers are, many attacks still rely on cons that are as old as time to get in the door. If someone opens the door for an intruder, it doesn’t matter how good your security is.

The data trend indicates that cybercrime will continue to grow for the foreseeable future. The latest automation tools that power our modern technology platforms have also enabled unsophisticated criminals to carry out sophisticated attacks on vast numbers of vulnerable targets. Companies that may not have been a target in the past may now find themselves on the front lines. The upside of the situation is that there are now a much larger number of cybersecurity experts and products available to SMEs than ever before. The new reality is that cybersecurity must now be part of any SME’s business plan. A single attack could mean the end for any small- or medium-sized business. It would be wise to start preparing now.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?


Follow me on LinkedInCheck out my website



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.