[BreachExchange] A Short Guide to Cyber Security for Small Businesses

Audrey McNeil audrey at riskbasedsecurity.com
Thu Jul 19 19:01:06 EDT 2018


http://www.itsecurityguru.org/2018/07/19/short-guide-cyber-
security-small-businesses/


Cyber security is an increasingly important topic for any small business to
tackle, yet it remains a mystery to many. Unpicking the complexity of this
issue might seem daunting, but this brief guide will lay the groundwork.
For a fuller picture, check out this article from Fidus Information
Security.  ultimate cyber security guide for business.

Main Security Threats to Consider

There are lots of ever-evolving threats posed by cybercriminals to small
businesses, but the main ones include phishing, identity theft, DDoS
(distributed denial of service) attacks and malware infections.

Phishing comes in several forms, including fake sites designed to trick
visitors into entering sensitive data or downloading dangerous code. It can
also factor in phoney emails and other fraudulent communications with
similar aims in mind.

ID theft will allow crooks to create accounts, set up credit cards and make
purchases using the identity of the victimised individual or organisation.

DDoS involves assaulting a business’ website with traffic from a network of
compromised devices, taking it offline and keeping genuine users out of the
picture.

Malware and viruses can have a range of implications and uses, from holding
a business to ransom by locking down its mission-critical data to stealing
information and passing it on to malicious third parties.

There are plenty of other cyber security obstacles to overcome, but getting
to grips with these basic concepts is sensible for small business owners.

Why Am I A Target?

Aside from the small handful of cybercriminals who simply want to cause
indiscriminate havoc with their actions, most are motivated by money. And
the best way to earn a living if you have underhanded computer skills is to
steal and manipulate data in the hope of being able to sell it or profit
from its subversion.

Data is the currency of the digital world and stolen information can be
sold in large volumes to the highest bidder on the black market. Businesses
are typically responsible for significant stores of sensitive information,
so they are seen as the perfect target by hackers.

What Are The Consequences of Ignoring Cyber Threats?

With a triumvirate of troubling outcomes from being hit by a cyberattack,
small businesses cannot afford to ignore the need to implement a suitable
security policy.

Firstly your reputation will suffer a blow if you become one of the 40 per
cent of British businesses hit by an attack each year.

Secondly, the loss of custom that comes in the wake of a breach will bring
many fledgeling firms to their knees, with financial woes knocking out
almost two-thirds of small businessesthat have been successfully attacked.

Thirdly the legal and regulatory ramifications can be significant,
especially in the wake of the GDPR and the steeper fines that firms face if
they mishandle customer data. Being sued by individuals and other
organisations is also a likelihood, which puts yet more pressure on
impacted businesses.

How to Bolster Cyber Security Measures

The first thing to realise about cyber threats is that they can only be
faced if everyone involved in a small business, from the latest hires to
the members of the board, is aware of these risks and committed to
combating them.

Next, you will need to lay down a suitable plan to protect your internal
network, simplify it where possible and ensure that it is as robust and
resilient in the face of the main cyber threats as possible.

You should also get a handle on the kind of data you are holding, whether
it complies with GDPR and whether it is properly secured with encryption.
Storing information in a cloud-powered platform can be convenient if you
want to avoid the expense of opting for an on-site solution.

Keeping tabs on network traffic, training staff and monitoring internal
threats posed by disgruntled employees will all be necessary if you want to
have complete peace of mind about the state of your cybersecurity.

Ultimately it is crucial to never become complacent, even if you have put
plenty of security measures in place. Cyber threats are always changing and
you need to be ready to respond to them, whether you run a small business
or a multinational corporation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180719/b5de209f/attachment.html>


More information about the BreachExchange mailing list