HeliumBar

View Original

SMB Pandemic Cyber Security and Business Continuity

We’ve had a recent rash of SMB (small-medium business) clients reaching out to us with various security issues. It’s not serendipity this coincides with the pandemic we are all going through and the migration of employees working from home.

“Due to the sudden, and necessary, global shift to teleworking, organizations have had to rapidly deploy remote systems, networks and applications. As a result, criminals are taking advantage of the increased security vulnerabilities arising from remote working to steal data, generate profits and cause disruption.”

—INTERPOL 08/2020

The COVID-19 global pandemic has forced the hand of businesses worldwide to allow their employees to work from home at extraordinary rates. But what does this mean for small business cyber security readiness?

Computers once behind carefully curated firewall rules are now being operated from networks where children, teenagers, non-technical users all are clicking away at whatever is of interest. Which just so happens to be the primary way attackers trap their targets.

We now have a situation where, ready or not, the majority of workers that were still able to conduct business, are now taking those company assets and working from their home networks. Networks secured by consumer grade firewall/routers with out-of-the-box default settings.

Side note: these firewall/routers can be effective, however these products are being sold to non-technical buyers. A fact the manufacturer needs to take into consideration. If the product they’re selling is too restrictive, it’s going to result in customer complaints/returns, so they need to come up with homogenous settings that will work for most. Unfortunately, as any security professional will tell you, convenience and security are diametric opposites. You see the dilemma?

Some companies were ready for this, some not. Those that have embraced software as a service platforms, SSO (single sign-on), etc. had already grappled with how to secure, update and maintain computers outside of their controlled networks.

These are usually larger companies able to afford to hire the security professionals to properly understand the business’ needs and design effective mitigation of risks.

What does this mean for SMB cyber security readiness? A recent survey from the SBA (US Small Business Administration) showed 88% of small business owners felt their business was vulnerable to a cyber attack. Those same SMBs ran full-stride into remote working without having a clear cyber security prevention policy or security risk mitigation in place.

Now, consider the majority of these SMBs indicated they didn’t regularly allow their employees to work remotely prior to the pandemic. It’s easy to comprehend the Pandora’s box this opens up relative to cyber security vulnerabilities and risks.

Research from the Keeper Security/Ponemon Institute shows 39% of their SMBs surveyed report their companies lack any incident response plans. In my experience this number sounds under reported, but even if this number is accurate, when they experience a cyber security incident (yes, I intended to use “when”, not “if”) they will not have a WTSHTF plan to help them respond to a cyber security related event.

How you can protect your Small Business from Cyber Security Threats

  • Properly configure and maintain Firewalls

  • Properly maintain antivirus and endpoint security solutions

  • Properly maintain computers and POS machines (i.e., up to date patching of OS and software)

  • Current data backups (ensuring they are not susceptible to ransomware attacks)

  • Computer acceptable use, device and password policies

  • Access management and control policies and procedures

  • Email security solutions (i.e., anti-phishing solutions, spam filters, properly configured email servers, etc.)

  • Network penetration testing

  • Cyber security audits

  • Employee cyber security awareness training and phishing simulations

  • Incident response and disaster recovery plans

I realize some of these sound daunting. Some will take a bit of planning, but I guarantee it will be a drop in the bucket of time, money and energy compared to a security breach.

If you’d like a sounding board for how you can put a plan in place, please feel free to reach out [877-3GC-GROUP].