Stay Secure My Friend… More Hackers Targeting SMBs
Many SMBs don’t realize it, but the path to some grand cybercrime score of a lifetime may go right through their backdoor. SMBs are commonly vendors, suppliers, or service providers who work with much larger enterprises. Unfortunately, they may be unaware that this makes them a prime target for hackers. Worse yet, this may be costing them new business.
Larger companies likely have their security game in check, making it difficult for hackers to crack their data. They have both the financial resources and staffing power to stay on top of security practices. But smaller firms continue to lag when it comes to security. In many cases, the gateway to accessing a large company’s info and data is through the smaller company working with them. Exposed vulnerabilities in security can lead cybercriminals right to the larger corporation they’ve been after.
Cybercriminals Target Companies with 250 or Fewer Employees
Research is continuing to show that cybercriminals are increasingly targeting smaller businesses with 250 or fewer employees. Attacks aimed at this demographic practically doubled from the previous year. This news has made larger enterprises particularly careful about whom they do business with. This means that any SMB targeting high-end B2B clientele, or those seeking partnerships with large public or government entities, must be prepared to accurately answer questions pertaining to security. This requires an honest assessment of the processes taken to limit security risks.
View Security Measures as Investments
CEOs must start viewing any extra investment to enhance security as a competitive differentiator in attracting new business. Adopting the kind of security measures that large enterprises seek from third-party partners they agree to work with will inevitably pay off. The payoff will come by way of new revenue-generating business contracts that will likely surpass whatever was spent to improve security.
Would-be business partners have likely already asked for specifics about protecting the integrity of their data. Some larger entities require that SMBs complete a questionnaire addressing their security concerns. This kind of documentation can be legally binding so it’s important that answers aren’t fudged just to land new business. If you can’t answer “yes” to any question about security, find out what it takes to address that particular security concern.
Where a Managed Service Provider Comes In
Anyone who isn’t yet working with a Managed Service Provider (MSP) should consider it. First, a manual network and security assessment offers a third-party perspective that will uncover any potential business-killing security risks. A good MSP will produce a branded risk report to help you gain the confidence of prospects to win new business.
A MSP can properly manage key elements of a small company’s security plan. This includes administrative controls like documentation, security awareness training, and audits as well as technical controls like antivirus software, firewalls, patches, and intrusion prevention. Good management alone can eliminate most security vulnerabilities and improve security.
According to Symantec SMB, 50% of SMBs admit to having no backup and disaster recovery plan in place. 41% of those surveyed confessed that they had never even given much thought to implementing a disaster recovery or business continuity plan. If you are one of them, then you really need to think about whether you can afford the status quo. Answering these questions will help you decide.
1. How often is employee productivity and customer accessibility or service stalled each day from a downed network or system?
2. How much downtime can your business truly afford and what kind of backup or recovery solutions are in effect when systems are unavailable?
3. What level of IT support can be accessed? Can it be accessed quickly enough to minimize damage? Are you confident that your business can either be back online or be able to access lost data with minimal disruption, no matter what?
4. Is your most critical data frequently backed up? Is the data on the personal laptops, iPads or Blackberrys of employees backed up? Are all backups stored in a location off-site and quickly accessible in the event of theft, fire or flooding? Are you using any custom installed software and is the supplier still in business should this software need to be re-installed or updated? Are account details, licensing agreements, and security settings somewhere on record, and is it duplicated off-site?
5. Are your systems truly protected from theft, hackers, and viruses? Are passwords to sensitive data changed whenever employees leave the company or business unit?
6. When was the last time you tested backup processes to ensure they are working properly? How quick were your back ups?
Answering these questions will help you understand if you are needlessly bleeding money every day by subjecting your business to the high hourly rates, service charges, trip fees and wait times of on-call IT support. If you are an SMB, you don’t have to fear technology failure. A trusted MSP can help you resolve these challenges in a more effective and efficient manner.
Small-to-medium-sized businesses (SMBs) tend to have a more difficult time managing IT than larger enterprises. Despite being as technology dependent as larger enterprises, SMBs have tighter budgets and fewer resources to devote to IT management. This leads to a more reactive “break-fix” approach to their technology that never does any smaller company or organization any good.
Here’s what break fix most often leads to. If the burden rests on the shoulders of hourly or salaried in-house IT support, and they’re too busy putting out fires all day, then their skills and talents are essentially wasted.
If there is no in-house tech support, and many smaller companies and organizations don’t have even one onsite “IT guy”, SMBs are commonly taken for a ride by some of the more unscrupulous on-call IT consultants.
Although “If it ain’t broke, don’t fix it” is a popular saying, it should never be applied to the management of business technology. The cost of downtime can crush any barely surviving small business. The combined impact of lost revenue, lost productivity, and lost brand reputation is a severe hit that many SMBs aren’t built to withstand.
It pays to be proactive, not a reactive about technology. This requires a cultural shift from how IT has commonly been handled in the past. Say goodbye to manual, yet necessary, processes and hello to a better way for businesses to meet their technology needs – a smarter and more cost-efficient way.
Three Steps To Better Manage Your Business Technology
Be Proactive – More often than not, it’s the things that aren’t caught early on that turn into costly business disruptions. For instance, many of the hardware, software, and application failures that cause downtime occurrences are preventable; they’re just not detected and addressed early enough.
SMBs today have the advantage of using a Remote Monitoring and Management (RMM) tool to help their existing in-house support staff get a grip on their workload.
A RMM tool, combined with an outsourced 24/7 Network Operations Center (NOC), monitors your technology all day and all through the night via one comprehensive interface that is even accessible with a mobile device. This kind of around the clock monitoring transforms technology management. Problems can be nipped in the bud with an alert and prompt ticket resolution before they turn into major issues that disrupt day-to-day operations.
Automate/Schedule Mundane Tasks – Free the in-house support staff from everyday manual maintenance and monitoring by automating a broad range of IT security and monitoring tasks.
Get More From Your In-House Team – If you have any in-house IT support, you’ve likely hired some incredibly skilled and talented people who would be more worthy contributors to your company or organization if they weren’t always so tied up fixing things and performing monotonous tasks. With RMM and NOC solutions, SMBs can put these individuals to work on projects that matter. They are freed-up to work on concepts, strategies, and application development that better serve your customers, employees, and suppliers, truly giving business a competitive advantage.
Small and medium sized businesses today are relying more than ever on IT systems to efficiently run their business, support customers and optimize productivity. These systems house sensitive digital data ranging from employee and customer information, to internal emails, documents and financial records, sales orders and transaction histories. This is in addition to applications and programs critical to daily business functions and customer service.
While corporate-level data losses and insider theft are well publicized, many smaller businesses have also become casualties of data loss and theft. Following a significant data loss, it is estimated that a small-to-medium sized business can lose up to 25% in daily revenue by the end of the first week. Projected lost daily revenue increases to 40% one month into a major data loss.
According to The National Archives & Records Administration in Washington, 93% of companies that have experienced data loss, coupled with prolonged downtime for ten or more days, have filed for bankruptcy within twelve months of the incident while 50% wasted no time and filed for bankruptcy immediately. Finally, 43% of companies with no data recovery and business continuity plan actually go out of business following a major data loss.
Still, a survey conducted by Symantec SMB revealed that fewer than half of SMBs surveyed backup their data each week. Only 23% of those surveyed said they backup data every day and have a business continuity plan in place.
Businesses play on a much bigger playing field than they did two decades ago. Any disruptive technological event – even the smallest of incidents – can have an amplified impact on day-to-day business and profitability. Being proactive with data recovery solutions, and having emergency response procedures in place prior to a disruption or data disaster, is the only way to minimize downtime and soften the impact of such events.
Research has revealed that over half of all users end up opening fraudulent emails and often even fall for them. Phishing is done with the aim of gathering personal information about you, generally related to your finances. The most common reason for the large number of people falling for fraudulent emails is that the phishing attempts are often so well-disguised that they escape the eyes of a busy email reader. Here are a few tips that help you identify whether that email really came from your bank or is another attempt at defrauding you…
1. They are asking for personal information – Remember, no bank or financial institution asks you to share your key personal information via email, or even phone. So, if you get an email where they ask for your ATM PIN or your e-banking password, something’s amiss.
2. The links seem to be fake – Phishing emails always contain links that you are asked to click on. You should verify if the links are genuine. Here are a few things to look for when doing that:
Disguised URLs – Sometimes, URLs can be disguised…meaning, while they look genuine, they ultimately redirect you to some fraudulent site. You can recognize the actual URL upon a mouseover, or by right clicking on the URL, and selecting the ‘copy hyperlink’ option and pasting the hyperlink on a notepad file. But, NEVER ever, paste the hyperlink directly into your web browser.
URLs with ‘@’ signs – If you find a URL that has an ‘@’ sign, steer clear of it even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means, the URL firstname.lastname@example.org will take you to mysite.net and not to any Bank of America page.
3. Other tell-tale signs – Apart from identifying fake URLs, there are other tell-tale signs that help you identify fraudulent emails. Some of these include:
Emails where the main message is in the form of an image, which, upon opening, takes you to the malicious URL.
Another sign is an attachment. Never open attachments from unknown sources as they may contain viruses that can harm your computer and network.
The message seems to urge you to do something immediately. Scammers often induce a sense of urgency in their emails and threaten you with consequences if you don’t respond. For example, threat of bank account closure if you don’t verify your ATM PIN or e-banking password.
Finally, get a good anti virus/email protection program installed. It can help you by automatically directing spam and junk mail into spam folders and deactivating malicious attachments.