Size matters: Small businesses need persistent cyber hygiene
Organizations must be unwavering on performing daily duties that address security
By Byron Acohido, ThirdCertainty
Cyber attacks don’t discriminate between small and large businesses. Despite small business owners believing they are too small to be at risk, 43 percent of cyber attacks target small businesses. Yet, only one in four small businesses are prepared for such an attack, according to a recent report by Symantec.
Related article: How ‘privileged access’ accounts can pose a major risk
Practicing effective cyber hygiene is one way organizations can make themselves less of a target, and also be in a position to minimize damage when network breaches do happen. I recently had the chance to sit down with Paul Farrell, chief executive officer at Nehemiah Security. We discussed the need to protect company networks. A few takeaways:
A daily routine. Cyber hygiene is doing all the right things daily. It’s doing things like chasing down open directories and making sure that your systems and processes have been updated. Essentially it is about recognizing your points of attack and fixing them now, ahead of time, rather than waiting for an attack. As soon as you know about a vulnerability, you should have a process in place to fix it immediately. This should be a daily function within your office.
Addressing vulnerabilities. Business owners are so caught up in running their businesses every day that they don’t pay as much attention to cyber hygiene as they should. This isn’t an opinion, either. Just look at how the WannaCry virus was. It hit so many organizations because they weren’t paying attention to the exploits that they were vulnerable to and weren’t getting them fixed over time. It’s a hard quandary in some organizations because they might have old applications that can’t be upgraded and it takes more of a forklift upgrade than an easy upgrade. But these are things that we need to work on, on a daily basis.
Starting line. The first step in approaching better cyber hygiene is a total network scan. This is where a business identifies every Internet Protocol (IP) address in the network, identifies all the software on the network and the inventory of the items. This will give businesses the first idea of breadth and depth of what you are dealing with. This provides a basis to assess other levels.
Triaging risks. Before you can carry out good cyber hygiene, you have to know what you are facing and know where you are vulnerable. This is what our siege product does. Next you need to manage that risk. For that we have an attack surface manager. This is a hygiene product that helps you keep things off your desktop. By shrinking down the attack surface, fewer people can get in. Only once you have completed these two steps can you start properly protecting your company.
More stories related to cyber risks for small businesses:
Cyber attacks becoming big threat for small businesses
Congressional acts aim to help small businesses improve cybersecurity
SMBs must understand and counter new digital risks