04 Nov SMB Data breeches are quickly becoming more commonplace
We’ve all heard the stories of those that have been the victims of a hack or data breach.
Large organisations are now frequently being breached, which often results in them paying out millions to those customers that are affected, but what about the often forgotten about small to medium sized business? The truth here is that breaches occur just as often, and the consequences can be just as severe.
It won’t affect us
We’ve become so accustomed to hearing about the super cyber-attacks and data breaches along the lines of WannaCry and Facebook that events occurring on a smaller scale always seem to be passed by.
It’s understandable that these often much smaller attacks don’t make the national press, especially when you consider the numbers involved – it’s estimated that WannaCry alone affected more than 200,000 endpoints in over 150 countries, whilst Facebook exposed over 419 million phone numbers that were linked to user accounts on a server without password protection, however in August 2019 I.T Governance reports an estimated 114 million records were breached.
Why the SMB?
Given the amount of resource the NHS and Facebook spend annually on combating the cyber threat, it’s a safe bet to assume that the average cybercriminal would find it much easier to access the network of a small to medium sized business than the larger corporations and enterprise, so it should come as no surprise that almost 40% of SMB’s pay the ransom in the depths of an attack. Depending on the amount of data that is stolen, personal information can be sold on the dark web for as little as a £1 to almost 1000 times that. Imagine for a moment how much personal data you store on your employees and customers and you can quickly quantify the benefit for any budding cybercriminal.
Whilst the smaller breaches and cyber-attacks have been largely obscured by the U.K tabloids, they are no less dangerous to U.K business.
The likelihood of being attacked today would be more due to bad luck than a concerted effort against you or your business – most of today’s cyberthreats are spread independently through trojans, malware and phishing attacks which persist throughout the network connection once infected.
A risk-based approach, on a modest budget
One of the very few advantages that your smaller SMB has over the large corporation, is that less employees equals less points of entry for a cyberthreat. The business becomes much more manageable when it concedes a smaller footprint of information assets. Taking a risk-based approach and adhering to some basic fundamentals will help you to become more Cyber Savvy.
• Backup and Disaster Recovery – Be prepared for a worst-case scenario and always backup your business-critical data so that you have a sterile batch of data which is kept segregated from your business network in the face of an attack. Double check your Microsoft O365 settings by running a backup sets report and verify that you’re making regular system backups.
• Train your team – Education and skills-based evaluations will ensure that your team are well prepared to tackle any threats when they arise.
• Comprehensive Network Management & Monitoring – This will enable your organisation to have a bird’s eye view of all of your system assets and what is happening at any given time. Implement a centralised Antivirus platform alongside antimalware, keep your firewall updated and use content filtering and an IDS (Intrusion Detector System) and spam blocker. Ensure the system remains updated by implementing patches and updates.
• Data Retention & best practice – Ensure that you’re adhering to your industry specific data retention standards and practices, and of course don’t forget GDPR!
A business of any size should use these practices as a starting point for their IT security.
If you want more help in keeping your business secure, please drop us a line at [email protected] or call us on 0208 012 8489 for a complimentary vulnerability assessment.