Size matters: Small businesses need persistent cyber hygiene

Organizations must be unwavering on performing daily duties that address security

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Cyber attacks don’t dis­crim­i­nate between small and large busi­ness­es. Despite small busi­ness own­ers believ­ing they are too small to be at risk, 43 per­cent of cyber attacks tar­get small busi­ness­es. Yet, only one in four small busi­ness­es are pre­pared for such an attack, accord­ing to a recent report by Symantec.

Relat­ed arti­cle: How ‘priv­i­leged access’ accounts can pose a major risk

Prac­tic­ing effec­tive cyber hygiene is one way orga­ni­za­tions can make them­selves less of a tar­get, and also be in a posi­tion to min­i­mize dam­age when net­work breach­es do hap­pen. I recent­ly had the chance to sit down with Paul Far­rell, chief exec­u­tive offi­cer at Nehemi­ah Secu­rity. We dis­cussed the need to pro­tect com­pa­ny net­works. A few takeaways:

A dai­ly rou­tine. Cyber hygiene is doing all the right things dai­ly. It’s doing things like chas­ing down open direc­to­ries and mak­ing sure that your sys­tems and process­es have been updat­ed. Essen­tial­ly it is about rec­og­niz­ing your points of attack and fix­ing them now, ahead of time, rather than wait­ing for an attack. As soon as you know about a vul­ner­a­bil­i­ty, you should have a process in place to fix it imme­di­ate­ly. This should be a dai­ly func­tion with­in your office.

Address­ing vul­ner­a­bil­i­ties. Busi­ness own­ers are so caught up in run­ning their busi­ness­es every day that they don’t pay as much atten­tion to cyber hygiene as they should. This isn’t an opin­ion, either. Just look at how the Wan­naCry virus was. It hit so many orga­ni­za­tions because they weren’t pay­ing atten­tion to the exploits that they were vul­ner­a­ble to and weren’t get­ting them fixed over time. It’s a hard quandary in some orga­ni­za­tions because they might have old appli­ca­tions that can’t be upgrad­ed and it takes more of a fork­lift upgrade than an easy upgrade. But these are things that we need to work on, on a dai­ly basis.

Paul Far­rell, Nehemi­ah Secu­ri­ty CEO

Start­ing line. The first step in approach­ing bet­ter cyber hygiene is a total net­work scan. This is where a busi­ness iden­ti­fies every Inter­net Pro­to­col (IP) address in the net­work, iden­ti­fies all the soft­ware on the net­work and the inven­to­ry of the items. This will give busi­ness­es the first idea of breadth and depth of what you are deal­ing with. This pro­vides a basis to assess oth­er levels.

Triag­ing risks. Before you can car­ry out good cyber hygiene, you have to know what you are fac­ing and know where you are vul­ner­a­ble. This is what our siege prod­uct does. Next you need to man­age that risk. For that we have an attack sur­face man­ag­er. This is a hygiene prod­uct that helps you keep things off your desk­top. By shrink­ing down the attack sur­face, few­er peo­ple can get in. Only once you have com­plet­ed these two steps can you start prop­er­ly pro­tect­ing your company.

More sto­ries relat­ed to cyber risks for small businesses:
Cyber attacks becom­ing big threat for small businesses
Con­gres­sion­al acts aim to help small busi­ness­es improve cybersecurity
SMBs must under­stand and counter new dig­i­tal risks