Does your business have a cybersecurity plan in place?
From running brick-and-mortar stores to managing payroll and shipping products, small to medium businesses (SMBs) have plenty on their plate. All too often, cybersecurity can fall to the sidelines. According to a 2022 study,1 only 50% of SMBs have a cybersecurity plan in place. As SMBs manage large volumes of valuable data including intellectual property, financial records and client information, these businesses can find themselves as victims of cyberattacks.
In honor of Cybersecurity Awareness Month, we sat down with Emilija Jasnic, the Security Operations Manager for Cogeco Connexion. Emilija discusses how SMBs can enhance their cybersecurity skills and safeguard their companies from cyberattacks.
What are the biggest cybersecurity threats for SMBs?
Studies show that 43% of cyberattacks target SMBs.2 The most common cybersecurity threats they face include ransomware, malware, unpatched systems, unsecure configurations and lack of security awareness.
In fact, according to security expert Emilija Jasnic, “ransomware has become increasingly common and is a serious threat to the security of your information systems and data. Ransomware is a type of software, created with malicious intent (malware), that encrypts files on computers and personal devices. It usually spreads across the network to servers and storage environments, paralyzing your operations, while demanding a payment in exchange for a key to decrypt the files.”
“Not all malware is ransomware — there are other types such as viruses, worms, spyware and rootkits that may require user installation. They are usually spread by clicking on links from malicious websites, social media posts, downloading infected files via email attachments or websites and visiting compromised websites. They can also spread by connecting compromised USB drives or other forms of external storage,” Emilija explains.
With vulnerabilities constantly being discovered, Emilija warns that unpatched systems can lead to security attacks. To project yourselves, she recommends installing the latest patches and upgrading operating systems on time.
What does effective SMB cybersecurity look like to you?
Effective cybersecurity is multipronged. Emilija defines it as consisting of the right mix of people, technology and processes.
Starting with the people, “you need a team that is curious enough to learn about the constantly changing security landscape and understand what is expected of them in case of a security incident,” Emilija explains. “Your team also needs to be dedicated enough to respond to attacks after business hours because issues can happen at any time.”
Next is the technology perspective which Emilija says requires, “the right set of tools to be able to detect, respond and recover from security incidents.” SMBs can start with simple tools such as antivirus and firewalls. The tools you use largely depend on what you’re trying to protect, how sensitive your data is and the scale of your operations.
Lastly is the process perspective. Larger businesses, in particular, need “properly designed IT operations which are adequately staffed and able to proactively maintain all security domains, asset management, configuration, backups, patching, access control, business continuity planning, network and data protection.”
While all of these protective measures can be difficult for smaller businesses to attain, Emilija has tips for securing networks that all SMBs can follow.
What are common cyberattacks SMBs should be on the lookout for? How can you spot them and what should you do when you find them?
As half of all small businesses don’t have a plan in place for reacting to cyber attacks, it’s essential for SMBs to be able to spot common cyber attacks and know how to respond to them.
Emilija explains that phishing attacks are one of the most common threats. Phishing attacks are when people are tricked into clicking on a malicious link or sharing sensitive information.
“The content of these emails usually includes a sense of urgency to pressure the reader into action. There are sometimes spelling errors or contain something completely irrelevant to the user. These emails might be asking for personal information or login credentials.”
To tell legitimate emails apart from malicious ones, Emilija recommends asking yourself if you recognize the sender’s email. Also, always examine the links by hovering over them before clicking and see if they look legimite. Suspicious emails should always be reported to your IT department, IT consultant or manager and email attachments should never be opened.
What are common cybersecurity mistakes you see from SMBs?
The most common cybersecurity mistake Emilija sees from SMBs is them not understanding what assets they have and what threats they are facing. In fact, 54% of small businesses think they’re too small for a cyber attack.2
Emilija explains, “strong security is always custom fit and should be designed based on what you are trying to protect and from what. Security is a process, not a product. It evolves over time and needs to be incorporated in the business from the start.”
How do Cloud-hosted systems impact cyber security?
With more SMBs leveraging the Cloud, Emilija says that Cloud environments have drastically changed the landscape of cybersecurity. Now, there are new threat vectors and increasing the business reliance on Cloud-based vendors.
To stay protected, Emilija recommends that “agreements and contracts with those vendors should include security related clauses to define responsibilities and set expectations.”
How can SMBs secure their Wi-Fi network?
SMBs of all sizes can secure their networks by following a few simple steps. Emilija recommends changing the default network name, using a strong password, limiting the coverage of your Wi-Fi network, using a good firewall and regularly updating your routers as well as all other network devices.
What steps can SMBs take today to enhance their security?
To reduce unnecessary security vulnerabilities Emilija encourages secure configuration, which should be implemented from the start on every device. She explains that hackers often look for holes in configuration and try to exploit those. “In the age of the Cloud, multi-factor authentication should be a standard.”
Secondly, Emilija recommends implementing security awareness across your business. “Set security expectations and train your employees. Ensure employees understand the best practices when it comes to security, such as using strong passwords, not sharing their login credentials and training them on how to recognize and handle phishing attacks.”
As cybercrimes can cost SMBs up to $2.2 million a year, creating a plan to protect your business is essential.2 From training staff on best practices to safeguarding your Wi-Fi and knowing how to react to threats, you can protect your business from cyberattacks and keep operations running smoothly.
Want to know more about how to protect your small business from cyberattacks? Take a look at our Think Cybersecurity infographic.