December 9, 2022

Four Ways to Improve Cybersecurity and Ensure Business Continuity

By David Discenza

Four Ways to Improve Cybersecurity (Updated: December 9th, 2022 ) Cyber-attacks on businesses have become common place. In fact, it’s estimated that a cyber-attack occurs every 39 seconds. Who are the targets of these attacks? You might think that it’s large corporations and, in a way, you’d be correct. Cybercriminals are smart, though, and know […]

Four Ways to Improve Cybersecurity

(Updated: December 9th, 2022 )

Cyber-attacks on businesses have become common place. In fact, it’s estimated that a cyber-attack occurs every 39 seconds. Who are the targets of these attacks? You might think that it’s large corporations and, in a way, you’d be correct. Cybercriminals are smart, though, and know that large corporations invest millions of dollars in cybersecurity for their information technology systems. A “frontal assault” isn’t likely to work but gaining access through a “back door” provided by a vendor or supplier will.

security wordpress 101

Polling from Insureon and Manta finds that only 16 percent of small business owners think they are susceptible to a cyberattack regardless if they are working with a managed service provider or not. Yet, 61 percent of attacks occur at smaller businesses. So what can small to mid-sized businesses do to improve their cybersecurity?

Four steps immediately come to mind:

  1. Acknowledge that your company is a target for cyberattacks

Here are some best practices to consider. The first step in solving a problem is to first admit there is one. As stated above, most small to mid-sized businesses do not believe they are a target for cyberthieves. Consider the following well-known case study.

In late 2013, the Target corporation reported the credit card information of 40 million customers had been stolen by hackers. Cyberthieves had gotten access to Point Of Service (POS) credit card readers in their stores. So, when a customer swiped their cards on a purchase, the hackers stole the information. Target only learned about the breach when they were contacted by the US Department of Justice. The company had missed their own internal warning of the breach. In January 2019, Target upped the number of compromised cards to 70 million, creating a huge public relations nightmare for themselves.

How could this happen? The hackers did their homework. 

  1. Scoured Google to find the names of all the vendors with whom Target does business.
  2. Found information online of the structure of Target’s computer network infrastructure
  3. Discovered detailed information about the POS system used by Target in a case study found on Microsoft’s website.
  4. Likely sent an email using false credentials containing Malware to all of Target’s vendors.

The malware was designed to steal passwords. That email was opened by a Target vendor and the malware was released into their computer system. The vendor did have anti-virus/anti-malware software in place; however, it was the free version which only ran when someone thought to scan the network and it wasn’t licensed for corporate use. The hackers got the passwords necessary to access Target’s network through a vendor portal. Armed with the knowledge gleaned from their search, they were able to attack Target’s POS system and steal the credit card information of 70,000 customers.

If your company is a vendor or supplier to a larger firm, then you’re a target. That takes us to the second step in this process.

  1. Understand that your employees are your weakest link

The most common form of cyberattacks is the “phishing” email which employs elements of social engineering. Social engineering is the use of deception that counts on the trust of the person being attacked in order to succeed. Let’s say you receive an email from your boss with an attachment that instructs you to open the attachment. You do as you’re instructed because the email is from your boss. When you click on the attachment, nothing happens. So, you click on it again with the same result. While it may seem to you that nothing has happened, in fact you’ve introduced a virus into the computer network. Yes, it’s that simple.

Here’s something else to consider. 60% of cyber-attacks that occurred in 2016 came from within companies. Of those 60% of attacks, three-quarters were intentional. This means that unhappy employees are striking back at their employers through the computer network. There are steps you can take to reduce this threat:

  • Require the use of “strong” passwords that contain numbers, capital and lowercase letters, special characters like @,!,$,(, ) , and are at least eight characters in length
  • Require the changing of passwords several times a year
  • Physically secure laptops by using a docking port that’s secured to a desk
  • Institute and enforce a policy of screen locking computers when a person is away from their desk
  • Do not allow sensitive information to be stored on laptops or phones; use a “cloud” service instead
  1. Your employees are your front line of defence

Employees can be your front-line of defence in the war against cyber thieves. This is not a problem for your IT staff alone. Everyone in your company has to take responsibility for cybersecurity because everyone with an email address is a target.

Here are some best-practices your company can follow:

    • Invest in a cyber-awareness training program and make it mandatory for everyone from the C-Suite to the custodial staff
    • Recognize employees who find and eliminate cyber threats
    • Provide remedial training for any employee who inadvertently falls for a cyber attack
  • Make cybersecurity activities a part of your employee annual review
  • Immediately terminate network access for everyone who leaves the company regardless of the reason

Bring your Human Resources policies in line to recognize and deal with this threat. Termination should be considered for those employees who repeatedly ignore your cybersecurity policies.

  1. Include cyberattacks in your business continuity planning

Business continuity planning is about making certain your business can survive and recover quickly from a disruptive event. Recent experiences in Atlanta and Baltimore where municipal Government was shut down because of ransomware should be on every business person’s mind. As of early July 2019, Baltimore still has yet to fully recover from the attack.

A cyberattack against your business isn’t just against your business. By extension, it’s also an attack against your customers, your vendors, and your suppliers. You probably can’t run your business without your IT systems, so how will you fill, place, and ship orders, run payroll, and do all the things that rely on your computer network if you’re the target of a cyberattack?

Here are questions you need to ask:

  • Are all your critical business processes documented?
  • Do you have manual workarounds documented for those processes that rely on your computer network?
  • Have you practiced using those manual workarounds, so you know they actually work?
  • How will you communicate with your customers, vendors, suppliers, and any other stakeholders to assure them that you have the situation in hand?

It’s imperative that you invest in business continuity planning. Cyber-attacks will increase as a threat, and you must be prepared to face this threat head on. Taking these steps will allow you to do so, address your employees and vendors’ cyber Vulnerabilities, and protect your organization and its customers.

By David Discenza

David Discenza

A.I. is Not All It’s Cracked Up to Be…At Least Not Yet!

Exploring AI’s Potential: The Gap Between Aspiration and Reality Recently Samsung releases its new Galaxy [...]
Read more
Steve Prentice

Get Smarter – The Era of Microlearning 

The Era of Microlearning Becoming employable and then staying employable requires ongoing, up to date [...]
Read more
Jeff DeVerter

Charting the Course: An Interview with Rackspace’s Jeff DeVerter on AI and Cloud Innovation

Rackspace’s Jeff DeVerter on AI & Cloud Innovation In an insightful conversation with CloudTweaks, Jeff [...]
Read more

Lambda Cold Starts: What They Are and How to Fix Them

What Are Lambda Cold Starts? Lambda cold starts occur when AWS Lambda has to initialize [...]
Read more

5 Azure Cost Management Strategies

What Is Azure Cost Management? Azure cost management refers to the practices and processes that [...]
Read more
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more

SPONSORS

Interviews and Thought Leadership

Jeff DeVerter

Charting the Course: An Interview with Rackspace’s Jeff DeVerter on AI and Cloud Innovation

Rackspace’s Jeff DeVerter on AI & Cloud Innovation In an insightful conversation with CloudTweaks, Jeff DeVerter, a seasoned IT and technology veteran with over 25 years of experience, sheds light [...]
Read more
Dolores

Q&A: Airport Security Trends with Dolores Alemán, Frost & Sullivan Analyst

Airport Security Trends In this CloudTweaks interview, we delve into the evolving landscape of airport security with Dolores Alemán, a seasoned Research Analyst at Frost & Sullivan. Dolores brings a [...]
Read more

How AI Machine Learning Is Enhancing Customer Experience Across Industries

Elevating Customer Satisfaction: AI’s Impact in Every Sector Recent years have witnessed an incredible transformational leap with regard to Artificial [...]
Read more

CrowdStrike and Dell unleash an AI-powered, unified security vision

Dell and CrowdStrike are joining forces today to help businesses battle against cyberattacks using AI to protect against generative AI, stealth social engineering and [...]
Read more

5 Azure Cost Management Strategies

What Is Azure Cost Management? Azure cost management refers to the practices and processes that organizations implement to monitor, manage, [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.