Cyber Security for Small Business

  8/7/17    Posted in Business Consulting IT Consulting Microsoft Partner Network Security
VALiNTRY Security Consulting Services

Protecting your Small Business from Cyber Attacks

What would happen if a hacker launched a cyber attack against your business? The answer is all dependent upon your security. Taking the necessary precautions to protect your business is crucial and the VALiNTRY team is here to help.

Over 40% of cyber attacks target small businesses. Hackers don’t always like to go after the big fish in these situations. Most larger organizations understand the importance of investing in cyber security, so their wall of protection is more advanced and acts as a deterrent. Small businesses are actually drawing additional attention from cyber criminals because many times they don’t have the same level of security that a larger firm can afford. Cyber security is a practice that requires consistency, which can be difficult when human interaction is involved.

Your business has exactly what hackers want, employee and customer payment information. If your system isn’t secure, cyber criminals can easily gain access to everything from credit card information to social security numbers. Every business is at risk, but smaller organizations are usually the most vulnerable.

The top 7 security threats to small businesses

Microsoft Security Response Center conducted research on recent cyber attacks which concluded that the average time for infection or exploitation of an unpatched node on a compromised network is as little as 90 seconds.

Although it may be easier for larger organizations to bounce back from data breaches, small to midsize businesses don’t always have the same resources. This means that it is important to protect your organization, employees and your business with the proper IT security.

Some of the top threats include:

  • Growth of mobile malware: It is now easier for criminals to develop and deploy malware onto mobile devices. Businesses routinely use mobile devices, which makes them an easy target for hackers.
  • Data theft from Internet of Things (IoT) devices: Apps connected to the internet with no security makes this specific type of cybercrime easy. Negligence over security measures increases the chance of lawsuits against manufacturers.
  • Extortion attacks from stolen data: Recent successes from extortion efforts has increased the likelihood of additional threats of data details being publicized.
  • Ransomware on the internet: Poorly secured IoT devices are often targeted by hackers who place ransomware on them. These attacks are becoming more advanced, many times completely locking out users.
  • Hacker mercenaries: The dark market attracts many people including mercenaries that understand they can sell access to hacked systems to multiple parties. Often times they resell information stolen by others and post it on sites, this data can be sold and resold.
  • Stolen data aggregation: Many times, hackers will aggregate data from smaller businesses to increase its value. Since these companies are easily targeted, they continue to be hit.
  • Your employees: From making poor password choices to bringing their own devices to work, your employees could be inadvertently exposing you to an increased risk.

Unaware employees, increased security risks for small businesses

Many times, employees don’t understand the security risk that they pose to the organization. At a recent Microsoft Partner Conference, Brad Smith, Chief Legal Officer, said that there is always one employee that is going to click. Despite how careful and diligent your employees may be, this statement is very true. Some employee threat risks that are becoming increasingly concerning include:

  • Passwords: Taking the easy route with passwords increases the risk of a security breach
  • Phishing scams: By unknowingly clicking on a link, opening a document or downloading a file, malware could be introduced to your system.
  • Mobile Devices: Having no security plan or MDM policy in place within your organization means that many times employees will bring their own devices to work which can increase the risk of a breach.
  • Physical Threats: Leaving devices unattended and accessible or writing down passwords can increase the risk of a breach.

When it comes to security, employee education is key and it all begins with Penetration Testing. Penetration testing, also known as a Pen Test, helps to identify vulnerabilities and evaluate the security of an organizations IT infrastructure. From operating systems and services to application flaws and improver configurations, this test helps to exploit risky end user behavior.

Pen test are usually executed by using automated or manual technologies to intentionally compromise an organizations servers, network devices, end points, applications and wireless networks. These technologies successfully exploit risk areas and testers attempt to use the compromised system to launch subsequent exploits. This entails trying to gain access to higher levels of security clearance and other information from privilege escalation.

Once this data has been collected, IT and network system managers help evaluate the information and help train the businesses employees or how to reduce vulnerability risks.

Pen Testing allows an organization to:

  • Manage vulnerabilities
  • Avoid network downtime
  • Meet regular requirements
  • Avoid fines
  • Preserve image
  • Retain customer loyalty

Your business has the option of hiring a pen tester to test your network or purchase penetration software. These analysis’ should be conducted consistently and whenever:

  • New applications or network infrastructure is added
  • Upgrades or modifications are applied
  • New office locations are created
  • Security patches are applied
  • End user policies are modified

There are three types of tests that can be conducted, comprehensive, application and wireless.

  1. Comprehensive penetration tests simulate a situation where an attacker is trying to gain access to assets by exploiting security weaknesses that exist across multiple systems.
  2. Application penetration test, evaluates an organizations custom web applications including antivirus, embedded applications and games.
  3. Wireless penetration tests involve security evaluations of standard corporate WiFi networks to assess the need of specific wireless solutions.

 

Do you need VALiNTRY’s Security Experts to Help your Small Business? Contact us today to learn more.