The Definitive Guide to Cyber Security Protection for SMBs
Updated: Aug 17, 2021
Since you’ve begun reading this guide there has already been 1 hacker attack. In just a few short minutes there will be 5 more.
Don’t believe it?
A Clark School study at the University of Maryland is one of the few that can measure and quantify the rate of attacks and the results are shocking—a hacker attack occurs every 39 seconds which affects 1 in 3 Americans every year.
So, what do you do about getting your business and employees protected? How can you avoid a ransomware attack from a cybercriminal?
Cyber Security Facts
First, let’s take a look at Cyber Security Facts so that you can understand the sheer magnitude and impact these might have on us and our businesses.
The FBI has reported a 300% increase in cybercrimes since the beginning of COVID.
With employees shifting to working from home cyber criminals attacked vulnerable networks.
95% of cybersecurity breaches are due to human error. A chain is only as strong as it's weakest link.
More than 75% of businesses do not have a Response Plan in place even though an estimated 54% of organizations say they have experienced at least 1 cyber attack in the past year.
Most organizations (large organizations included) do not detect a data breach within the first 6 months.
In 2019 88% of businesses experienced spear phishing attempts.
Statistically speaking, only 5% of data folders are properly protected within your business.
A Ransomware attack costs businesses $133,000 on average, which is over 30% more than in 2019.
Organizations with 1-250 employees have the highest targeted malicious email rate at 1 in 323.
In 2019, attacks on supply chains increased by 78%.
The cost of lost business due to cyber attacks averaged $1.52 million.
Cyber Security Terms
Second, let us introduce you to the most common terminology associated with cybercrime. Each employee should have some understanding of what these terms are.
Bot/Botnet
A collection of computers that have been infected by malware that allows hackers to control them.
Breach
The moment a hacker gains access to a devices files and network.
BYOD (Bring Your Own Device)
A security policy put in place by businesses to disallow or allow for employees' personal devices to used for business over the corporate network.
Clickjacking
The ability for a hacker to trick their victims into clicking on a compromised link or button.
Cloud
A collection of servers and computers that allow users to access data and services anywhere in the world through an internet connection.
DDoS
DDoS stands for Distributed Denial of Service. This type of cyber attack targets your website by flooding it with malicious data or traffic which makes it unusable.
Deepfake
Audio or video clips that have been edited in a realistic way to make them seem believable.
Encryption
Encoded data that prevents cyber criminals from stealing it without a key.
Firewall
Hardware or software based security device that monitors and filters network traffic.
Malware
An umbrella term for software that has intentionally been designed to wreak havoc on computer, server, or network.
Phishing or Spear Phishing
The fraudulent technique used by hackers to obtain information through messages. An example of this is an email that looks as if it was from a reputable company that is used to gather such personal information as passwords, credit card numbers, or banking information.
Ransomware
A form of malware that holds your information hostage and prevents you from accessing it. Typically this is done through encrypting the files and requiring payment for the key to access these files.
Rootkit
Malicious software that gains access and control of your computer system without being detected.
Spyware
Malware that is used to spy on user activity. Examples of this include collecting keystrokes, logins, account information, and much more.
Trojan
Malicious software disguised as legitimate software used to gain access to computer systems.
Virtual Private Network (VPN)
A secure connection to another network over the internet.
Virus
Malware that is designed and used to corrupt a computer and spread to others.
Whitelist / blacklist email
The process of either adding an email to an approved senders list to receive their emails or blocking an email address to not receive their emails.
Worm
Malware that has the ability to replicate itself to spread to other computers.
Preventative Measures
Lastly, here are the preventative measures that we believe are an absolute necessity for every SMB to prevent a cybercrime attack on their business or employees.
Firewall / VPN Remote Access
Create that barrier between your corporate network and the internet through a firewall to assist in recognizing and filtering malicious attacks before they trickle down to your employees. The faster you stop an attempted cyber attack the better off your organization will be.
Establishing a secure connection through a VPN is allowing you to access your information through an encrypted virtual tunnel that hides your IP address. The more encrypted information you have the harder it is for cyber criminals to access this information.
Multi-Factor Authentication
Unfortunately, this preventative measure can be a little frustrating sometimes as you have to use 2 or more factors to authenticate that it is you trying to login to a particular software. However, it's very good at preventing cyber criminals from accessing your information.
For example, the first authenticator step could be that you enter your password and select login on a particular software and the second authenticator step might be that you have to authenticate through the Microsoft Authenticator app on your phone. A cyber thief may have your password but if they don't have your phone they cannot access your data.
Cloud Backups
The saving grace. If you were to be attacked having proper backups that can be restored saves your business from having downtime or making the touch decision to pay the ransom if your data is being held hostage.
User Education Program
Have a plan in place that educates employees. Teach employees what to look out for in malicious emails or software and what to do if their computer has become compromised.
How to get started?
It's no longer an option to not implement the four preventative measure we talked about earlier. It's an absolute necessity. Reach out to us and we'll work with you to create a plan that suits your needs and budget.
Additional Resources
SMB Cybersecurity Must Haves [Document]
Interview with IT Specialist Keith Stefanski: