Best Practices in Cybersecurity Defensive Strategies for Small and Big Businesses
Best Practices in Cybersecurity Defensive Strategies for Small and Big Businesses
04 January 2021
Cybercriminals love small businesses, with reports showing a 27.4% rise in the average annual number of security breaches in developed countries. Studies also show that stolen IT assets and the expenses related to cybercrimes have a huge impact on brands—$1.6 million worth in damages on average to be exact.
It has got even worse now that we’re experiencing a pandemic, as businesses big and small are seeing an uptick in cyber crime. Destructive attacks were up by 102%, the spread of ransomware was up by 90%, while large-scale data breaches were up by a sobering 273% in the first quarter of the year. When you consider the fact that most businesses need up to 50 days on average to resolve malicious attacks, it’s all the more important to prioritize cybersecurity.
As both small and large businesses adapt to the rising threats that come with cyber crime, there are practices that can be put in place to improve defensive strategies.
Practice handling online attacks
Fitness company Beachbody knows the importance of investing time, effort, and money to improve a company’s cybersecurity defenses. The California-based company sells its products online, and protects its data and intellectual property through several security tools including two-factor authentication while monitor its network traffic. But one of their best tools against cyber attacks is how they practice security breach drills. Beachbody’s chief legal officer and senior vice president of business development Jonathan Gelfand said no company is immune to cyber attacks. “Like us, any company that interacts with consumers processes credit cards or has sensitive data, which is most companies these days, will be a target.” The drills allow the company to prepare for different types of attacks and ensure they are ready to respond.
Getting to know existing threats is an important part of preparing for an attack. Online threats like distributed denial of service (DDoS) attacks, phishing scams over email, and malware that targets mobile devices are only some of the fastest evolving online threats that every business needs to know about.
Provide your employees with regular training
Threats constantly evolve, so your employees’ knowledge needs to evolve, too. (ISC)2 COO Wesley Simpson notes how companies used to train employees in cybersecurity only once a year. “Most organizations roll out an annual training and think it’s one and done. That’s not enough,” said Simpson. Organizations need to do what Simpson calls “people patching”. “Similar to updating hardware or operating systems, you need to consistently update employees with the latest security vulnerabilities and train them on how to recognize and avoid them,” he said. No matter the size of the company, the employees are assets as much as they can be a cybersecurity liability. It is worth training them and equipping them with the latest knowledge about online threats so they can help keep your business safe.
There are a variety of training options to choose from depending on your goals. You can either reach out to cybersecurity experts, or you can have your team engage in online learning. Dr. Mark Lombardi, the president of Maryville University, discussed their programs like their online cybersecurity degree and shared how these can help students learn to handle different types of threats such as people hacking into Zoom meetings, which is a prevalent issue at the moment. In a feature on Tech Learning University, he said that through the programs included in the curriculum, “we’ve reached an even greater educational awareness about the new environment we’re operating in that relies on everything from Zoom meetings to transferring information electronically.” Even though the training is done online, your team will still be able to develop crucial skills in computer forensics, ethical hacking, and information security, and even get hands-on experience while at it.
Update your systems and tools
A small or large business should always have the latest tools, systems, and services at their disposal. Firewalls, which are your first line of defense, need to be constantly updated to make sure that they can effectively monitor network traffic and connection attempts. Although they also have their limitations, they’re still one of your best defences against hackers. You also need good antivirus software for your network, so you can prevent viruses and malware infections. Antivirus software can also scan emails for malicious attachments and web links.
When it comes to the data you have stored in the cloud, you need to make sure the encryption of the data in transition is end to end. Conducting rigorous and constant vulnerability testing is important, too, especially as being connected to the internet is one of the key reasons for losing data. Some businesses use USB and flash drives that can separate data from the internet in order to provide better protection. Rather than storing sensitive data in the cloud, you can keep all your important information on hardware-encrypted flash drives, hard drives, and solid-state drives. This also doesn’t require the user to install any software as the encryption is built into the device, providing a further layer of protection.
Determine a formal, adequate, and well-defined cybersecurity budget
Data published on Insurance Journal reveals that businesses only spend 8% of their overall IT budget on cybersecurity. For global cyber experts, the budget should be around 14.7% no matter the size of the company. Allocating a significant budget for preventive measures will actually save you more money than if you have to recover from a cyber attack. Relying on products and services that stop attacks when they happen is not enough. You also need to invest in your own team of experts to actively search for threats. Large companies can allocate a whole department to this, while smaller businesses will need to focus on finding good cybersecurity experts to join the team.
As we mentioned in the intro this is getting harder as cybersecurity experts are high in demand due to the rising number of cyber attacks. Your team can look for weak spots, conduct research, and beef up your security measures, a move that is much cheaper in the long run than trying to manage damage control.