Here we go again. It’s October and that means it is National Cybersecurity Month.
National Cybersecurity Month educates individuals and businesses on the threats and risks of hacking, cracking, and computer-based fraud like phishing and whaling, and provides actionable steps users and businesses can take to protect themselves and their clients. For the fourth year, my company — Portfolio — is proud to be a champion in this endeavor.
The big picture
According to Cybersecurity Ventures:
- The cost of cybercrime damage is expected to hit $6 trillion globally by 2021. That’s up from $3.5 trillion in 2015. For more: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
- Ransomware, which we hardly even knew about in 2015, is projected to hit $11.5 billion in 2019. For more: https://cybersecurityventures.com/ransomware-damage-report-2017-part-2/
- In 2019, one business will be hit by ransomware every 14 seconds. For more: https://cybersecurityventures.com/ransomware-damage-report-2017-part-2/
Verizon’s annual Global Data Breach report has been produced for 11 years. The 2018 report, based on 2017 data, paints an increasingly depressing picture. Here are the report’s findings, based on a review of 53,308 incidents:
- Seventeen percent of breaches happen because of an error — unpatched systems, unprotected confidential data, misconfigured web servers.
- Four percent of all employees will click on a phishing email every time.
- Among private sectors, health care is the biggest target and growing. In public sectors, public infrastructure is the most-frequent target.
- In 2017, 60 percent of all attacks were perpetrated on small businesses. Your small business is a primary target now because you most likely have few cybersecurity protections.
Why aren’t we making headway?
I think there are three reasons.
- We put too much faith in others to protect us — security within the apps we use, safety of the services we connect to (like Facebook?).
- We feel helpless when we see huge companies like Equifax, Sony, and Facebook get
hacked. What can we do that these behemoths cannot?
- We don’t hear about this all around us. Greenville is not so special that the same metrics would not apply. I think the picture might be different if more businesses came forward and admitted they’d been hacked.
What can a small business do?
While these steps will not guarantee that you don’t get hacked, they will go a long way toward protecting you, your customers, and your company.
- Vendors. A large number of breaches happen when a vendor is hacked. The sensitive
information of 665,000 Bon Secours patients was breached in 2016 when a vendor left them exposed during a system upgrade. Make sure your vendors are protecting your information. Thorough and focused vetting of their security protocols is critical.
- Limit access. Give employees the lowest access necessary to do their jobs. Be diligent about reviewing employee and vendor access each quarter.
- Patching. How did Equifax lose 145 million Americans’ data? By not patching its
servers, even when it was warned it was a target and told there was a fix.
Patching can range from relatively simple to very complicated depending on the
technology systems in your company.
- Encrypt email and data. Use the hackers’ tools against them. Ransomware attacks often encrypt your drives and servers; you can do the same thing. Many online services offer encryption for email and data storage. To ensure it’s truly protected, make sure it is end-to-end encryption, both at rest and in transit.
- Passwords and multifactor authentication. Access security is three-pronged: something you know (your password), something you are (a biometric like a fingerprint or retinal scan), and something you have (like a phone or key fob). In your business, enforce strong password requirements. Implement two-factor authentication on any system or service that offers it.
- Employees. Hardware and software can catch a lot. If you buy top shelf and manage and
monitor it vigorously, you will likely stop 90 percent of malware, phishing, and other
attacks. The other 10 percent can be stopped only by the humanware — authenticated
employees or vendors. Training, reviewing, reporting, and developing a
business culture that talks about security and rewards employees for being the most
important line of defense is the only way you can really stop hackers in their tracks.
Visit the National Cyber Security Alliance site for more resources and tools.