It’s often assumed that only large businesses are a prime target for the most severe cyber-attacks due to their higher net-worth, large turnover of employees and extensive customer database but actually, small businesses suffer from nearly 10,000 cyber-attacks every day. As smaller companies generally have less dedicated IT resources, they are more likely to be unprepared or without a strong security programme, making it easier for cyber criminals to access their systems. Cyber-attacks can have a devastating impact on both large corporations and SMBs, with only 40% of small companies surviving after a hack occurs. Businesses of all sizes need to be aware of these increasing risks to keep their company safe – no organisation is immune from the threat of cyber-attack.
With almost half of UK businesses experiencing at least one cyber-attack a year, SMBs need to be more aware and implement the right tools and programmes, as well as build an understanding of how to keep their assets and information protected. So how can IT companies help? A trusted MSP/CSP relationship that can provide technical expertise and support can help MSPs to offer added value to the customer by implementing essential tools and strategies to keep their data secure. Steve Law, CTO, Giacom, outlines five vital cyber security elements that are fundamental to business continuity.
1. Training:
Users that have had minimal training or advice when it comes to security processes and culture can unintentionally be one of the biggest threats to a business, with 29% of data loss being caused through human error. Employees may accidentally click on malicious links which are sent via phishing emails or submit sensitive data to a fake website, putting the organisation at significant risk. To resolve this, it’s necessary to take the time to teach users how to spot potential attacks so that they will become more aware of what to look out for, and what behaviours to avoid. Some products come with additional ‘security training’ modules, such as Webroot Security Awareness training and Usecure, which will help to educate customers in terms of the actions they can take to keep their data safe. It is recommended that companies educate their users every quarter so that this knowledge remains up-to-date throughout the year, as engineered Business Email Compromise (BEC) attacks increase during seasonal spikes and busy periods.
2. Implement an effective security plan:
Implementing a security plan should be at the forefront of a cybersecurity strategy. As technology develops, effective security solutions use AI and machine learning algorithms to detect both known and unknown threats such as spear-phishing and zero-day malware. Using scanning technology, this type of software will prevent users from receiving or clicking on malicious content, minimising the risk of a potential hack.
MSPs can work with CSPs to identify the most effective security applications for the end user that fits with their requirements and end goals. Solutions including Bitdefender and Vade Secure for Microsoft 365 will help reduce the risk of individuals clicking on possible cyber threats by blocking them from both ends of the spectrum. Even standardising email signatures across an organisation with a solution such as Exclaimer can help reduce the probability of users falling for BEC attacks. By investing in the right solution, customer devices can also be protected against malware and viruses by blocking any incoming cyber threats. This MSP/CSP collaboration will in turn help to achieve a satisfied customer with a secure database.
3. Have an effective BCDR plan:
Data is a vital part of any business, yet it can easily be lost through a cyber-attack, failed hardware or human error. Without a backup solution in place, data could be completely destroyed and unable to be retrieved. One typical method for cyber criminals is ransomware, which is where they hold valuable data hostage in return for a large ransom fee, which could be financially devastating for an SMB. An MSP will be able to work with the CSP to determine the best solution for the business to reduce the risk of an attack, and more importantly, if it happens, to have a secure BCDR (Business, Continuity and Disaster Recovery) plan in place.
Data can be backed up on an on-premises server, where information is saved onto a physical hard drive. However, there is always the risk of damage occurring to the hard drive, which is why many opt for backing up in the cloud. There is also the option to implement data backup solutions, such as Acronis which will help protect company data by safely backing up all of an organisation’s important assets in a secure UK data centre, so it can be restored quickly and easily.
4. Avoid public hotspots:
With the rise of the modern workforce, remote working has become commonplace, which means users may frequently need to connect to public Wi-Fi spots to access company information. However, without a private connection, hackers can intercept the data that is being transferred. Even when accessing a legitimate website, if your internet connection isn’t secure, credentials can be stolen. To avoid this, when possible, users should wait until they can connect to a secure internet connection or consider using a VPN across multiple devices.
5. Enable an identity protection strategy:
Multi-Factor Authentication (MFA) is a way to authenticate users with more than one method of verification, whereby it adds a second level of encryption to prevent unauthorised users from signing in and helps to safeguard any user or corporate data. Through Azure’s Active Directory, customers can access Single Sign-On (SSO) and Multi-Factor Authentication (MFA) that allows the user access to thousands of SaaS applications by signing in once on one single user account, as their login details remain the same everywhere they go. Instead of prompting for a password, users are automatically redirected to the directory for authentication, which helps to boost productivity.
With the rate of ransomware attacks growing at more than 350% every year, now is the time for customers to have the security in place to protect data both now and in the future from more sophisticated attacks. But SMBs simply do not have the resources in people, money or time, to adequately secure the business. Working with the right CSP, MSPs can leverage technical expertise and the pooled knowledge of Microsoft’s thousands of security experts operating collaboratively, that cannot be achieved with individual on-prem deployments.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.