It should be no surprise that large companies spend enormous amounts to protect themselves from cyber-attacks.
The main reasons are to protect their IP (Intellectual Property), to keep their company and networks from becoming compromised, and to protect the interest of their employees, customers, and shareholders.
Too often, folks in the SMB segment are most fearful of the cost to recover their data should systems be compromised, like a ransomware attack, for example.
In many cases, however, it’s not the goal of a hacker to just encrypt systems hoping for a reward.
Most times the critical data is backed up and can be recovered.
But, if the IP of a company is lost, then there is long-term risk to survival. In many cases, foreign countries sponsor cyber terrorism to gain the intellectual property of a company.
Likewise, stealing personal information opens the door to credit and identity theft.
This type of cyber-attack could be in the form of hijacking critical personal data like Social Security Info and other data to be used against individuals.
Smaller businesses are not able to afford the same type of security measures that large companies employ, so in many cases, getting information from SMB companies may be substantially easier – even if the payoff is not as much.
Keep in mind that the nation-states and foreign actors have a lot of time, and a lot of patience.
Infiltrating several small businesses could easily be more profitable than hacking one larger company.
So, it’s not a good idea for a smaller company to just “hope for the best”.
Your Antivirus Product is not sufficient to stop a cyber-attack.
The “Bad Guys” are not really interested in simply encrypting your computer.
That’s usually a way to extort extra money from you after they have harvested your company’s (and personal) data – which is the real goal.
If I can collect enough information about you, and your company’s IP, then they can certainly use that information in future efforts to harm you.
There are many ways for a hacker to get your information.
Here are some questions to ask yourself:
- Do you use your work email account to access personal information like banking or credit card websites? What about Social media sites?
- Does your mobile phone have a pass code or facial recognition and is it enabled?
- Do you have multi-factor authentication on email, credit card, bank, and social media accounts?
- Does your mobile phone account (Verizon, AT&T, etc) have a PIN Number so that no one have your phone number transferred?
- Is your email filtered, and is your email account backed up?
- Are links in your email filtered through a system that checks for malicious content?
- Is your email monitored so that someone is notified if a forwarding rule is created?
- What if someone from a foreign country log onto your email?
- Do you store sensitive information in your email?
You see, all of these are what we call “threat vectors” and your antivirus program simply has no way to protect you from any event resulting from threats that simply don’t run on your computer!
In fact, access to your computer may not even be necessary.
So, what is a small company to do?
There are several prudent steps that even a small company can take to strengthen their security posture.
Many business insurance companies are including cyber insurance in their policies, but to qualify for this insurance, they are requiring certain protocols be in place.
- Enable Multi-Factor Authentication on your Microsoft (or Google) accounts so logging into your account becomes much more difficult for an intruder.
- Monitor the network traffic in your company by a Security Operations Center (SOC). Data like this is usually sent in “log files” to a system called a “SEIM” (Security Information and Event Management) which is a system used by security analysts so that unusual behavior is detected, and someone is alerted if action is needed. Analysts match “normal” versus “unusual” behavior and can flag unusual behavior.
- Have the logs from your company’s firewall monitored by a SIEM / SOC so that if security events occur then action is taken. Potentially lock your firewall down so that no traffic from foreign countries can even get through. (This is not foolproof, but it is a great deterrent)
- Make your Office 365 tenant monitored to make sure your account is not being accessed from offshore, and that email forwarding rules are not created. (This is a typical attack – to set up forwarding rules in your email so that sensitive email is sent to a hacker, rather than going to your “inbox”)
- Your Antivirus program should likewise be monitored by a SIEM / SOC.
The reality is that most of the activity that we want to stop happens when we are not at work. That’s why having your systems monitored 24×7 is critical. If a cyber-attack occurs on a weekend, they bad guys would have many uninterrupted hours to do damage.
If you’re concerned about cyber security, want a cyber-security audit, or if your business insurance carrier is requiring these protections to write your policy – please feel free to contact us.
We would be happy to help!