There are 25 million small businesses in the United States, 87% of them recognize they are at risk for a cyber-attack. Yet 83% of those businesses admit they don’t have the capabilities to manage them. We all think that it can’t happen to us, but the reality is, that it most certainly will. Unfortunately, most of the small to mid-sized businesses that get attacked wont be prepared, and a lot won't be able to recover.
The fact of the matter is, we have never relied on technology to do business more than we do now, as a result we've never been more vulnerable to cyber-attacks.
So, what can you do as a SMB owner?
- Stop and Review
- CEO’s ask your team, and your partners to stop and review all the changes that you’ve made over the last few weeks.
- Run scans and assess your current network. Look for the weak spots that exist today that didn’t exist yesterday. This is especially true for those working on your home network and home computers, that now have access to your data.
- Think|Stack offers remote security checks for businesses who recently adopted remote work programs. The security check takes about 3-hours total and will check for any gaps in your security
- Monitor
- Hopefully your company is already using a SIEM or security monitoring tool.
- A SIEM is a combination of security information management (SIM) and security event management (SEM) into one security management system.
- Whatever tools you have in place, be sure that you’re monitoring them closely and adjusting rules so that you can see current threats
- If your company does not have any security monitoring or management tools in place, please make this a priority. It’s vital that you can see what attackers are doing in order to protect yourself.
- Hopefully your company is already using a SIEM or security monitoring tool.
- Backup
- Make sure you are completely backing up all your company’s critical data and services.
- Make sure your backups are being sent to another location for disaster recovery purposes.
- Make sure your backups cannot be accessed from the production network.
- Make sure you have a recovery plan in place to launch those systems should you lose access. Ransomware is exceptionally popular, and backups are your best protection.
- Patch
- Patching is critical, especially now with the MS, Chrome and Firefox vulnerabilities, you must make sure you are updating your systems to not provide easy access to hackers.
- A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it. This includes fixing security vulnerabilities and other bugs, improving the functionality, usability or performance.
- Patching is critical! This isn’t a “to-do” it needs to be a “to-done”.
- Check that every machine touching your network is secure. If you have home computers touching your network this could be a huge issue.
- This can mean that devices which have no security controls in place, such as endpoint security, encryption, patching and vulnerability scanning, are connected to your network and access any internal resources.
- Patching is critical, especially now with the MS, Chrome and Firefox vulnerabilities, you must make sure you are updating your systems to not provide easy access to hackers.
- Establish a plan of action
- Whether its Plan B or Plan C, meet with your executive team and board members and put together a plan to address the following:
- What is our plan is we lose employees?
- What is our plan if we lose all access buildings or critical data?
- What happens if there is an ISP outage or Power outage?
- What is our plan if we are hit with a cyber-attack?
- Make sure you’re meeting weekly or bi-weekly to update the plan based on our ever-changing environment.
- Whether its Plan B or Plan C, meet with your executive team and board members and put together a plan to address the following:
WE TRANSFORM & PROTECTWe Transform & Protect by putting People Before Technology. We believe that the technology your business relies on should be used to drive transformation and lead to a seamless user experience. In uncertain times it’s important to partner with people and companies you can trust. Think|Stack was built for situations like this, to help those who weren’t.If you’re unsure what to do next or if you have questions about your technology, our Think|Stack tribe is here to help, contact us anytime.
About the Author
Chris Sachse, CEO
Chris started Think|Stack in 2011 to serve organizations who serve their communities. Chris saw the important role tech and cybersecurity played in the financial services space. For over a decade Chris and his team have made it their mission to support, secure and empower credit unions to innovate through continuous technology improvement. He is an educator at heart and passionate about helping leaders and their teams understand how technology can support their goals while delivering seamless, enjoyable technology experiences to their people. As a cloud and cybersecurity leader, Chris is proud to sit on the MD Governor's Workforce Development Board as Vice Chair as well as the Cybersecurity Association of MD as Chair.