Guest post by cyber security consulting firm Pragma Strategy
When it comes to cybersecurity, many small business owners lull themselves into a false sense of safety by assuming hackers have bigger corporate fish to fry. If you think obscurity will protect you, you are unwittingly putting your company in a particularly precarious position.
The reality is SMEs are especially vulnerable because they are less likely to have dedicated IT teams, full-stack protection software, or redundant back-ups. These issues, along with the dangerous assumption that they are not probable targets, leave many small business owners unprepared for cyber attacks.
While there is no way to completely shield your business from cyber attacks, you can choose a proactive rather than reactive approach. By taking precautionary measures to prevent successful attacks and by securing a cyber insurance policy, you will be able to reduce the impact of a security breach and recover more quickly than business owners who are caught unaware.
Adopting a proactive stance is less expensive and far easier than you might think. Read on to learn some simple strategies to be more proactive, and since it is easier to learn from the experiences of others, we will share some recent case studies which show how other SMEs have dealt with security breaches.
Painless ways you can prepare for and protect your business from cyber attacks:
Keep software up to date. Installing updates allows for flaws to be repaired in programs or operating systems. By mending these holes, software updates protect your data by keeping cybercriminals out. We recommend three simple strategies you can implement right away:
Streamline the number of different types of software which you use by reducing redundancies, like multiple word processing programs.
Maintain an up-to-date list of all the software your company uses.
Keep current with these vendors so that when updates are announced you can act immediately.
Use strong passwords. Passwords are your first line of defence against unauthorised access. Best practice is to create a personalised shorthand for passphrases that are easy to remember. For example, if my passphrase is the maxim “Early to bed, early to rise, makes a man healthy, wealthy and wise.” I could use a personalised shorthand to create this password: EbErMmh2w.
Use firewalls. A first line for protecting your company’s network, a firewall monitors incoming and outgoing network traffic based on your company’s previously established security policy. Your firewall will be particularly strong if you implement the following:
Only enable traffic from known network services and restrict all other traffic by default.
Eliminate default user accounts; Instead, create a limited number of administrator accounts protected with strong passwords.
Test your firewall structure by performing penetration testing and vulnerability scans.
Keep your firewall software updated.
Remove remote desktop protocol access. With the COVID pandemic, many companies have failed to consider the security risks associated with working virtually. This has left many businesses vulnerable to cyber attacks through remote desktop access. The easiest way to avoid this threat is to simply remove remote desktop protocol access.
Purchase Cyber Insurance. Breaches in security are expensive! The average cost of cyber insurance claims for SMEs in 2020 was US$354k. A security breach incurs significant expenses from crisis services, legal services, and incident services--all necessary in order to get a company back in working order. (Source: Cost of Data Breach Report 2021 IBM Security)
Unfortunately, the COVID-19 pandemic has caused a dramatic rise in cybercrimes. In order to avoid the expenses associated with a breach in security, we advise that you act proactively and purchase a cyber insurance policy to protect your company.
Hire a consulting firm. While you can adopt the strategies suggested above to protect your business, you may wish to make this process even more painless by outsourcing your cybersecurity. Pragma can help you adopt an even more robust proactive stance by tailoring bespoke services and by actively keeping you abreast of best cybersecurity practices in a rapidly evolving field.
Consider these case studies:
Fraudulent Payment Email Attack
After an executive for a global leader in the hospitality industry lost a business mobile phone, vendors began to report sophisticated phishing emails making payment requests based on fraudulent PDFs.
Careful investigation revealed the attacker’s progress as well as the company’s continued exposure to attack. Subsequent attacks were launched from other email addresses within the company, indicating the attackers may have gained a foothold in the company’s systems.
Pragma helped their company strengthen their security by identifying employees who were at high-risk of having their email accounts hacked, had them create stronger passwords, and implemented multi-factor authentication for all users.
Key takeaway: In this case, a more proactive stance, like training employees to use strong passwords and requiring multi-factor authentication could have prevented or stopped the initial security breach and subsequent email attacks much earlier.
Illegal Crypto Coin Mining Attack
An engineering company specialising in heavy machinery spare parts discovered excessive CPU usage on their server cluster. Email services hosted on-premises were also running slowly and causing work disruption. Initial investigation by the in-house IT team discovered some malware persistence that went undetected by their anti-virus software.
The company shut off internet connectivity to prevent data exfiltration, business operations were temporarily conducted via manual recording, and email services were halted.
As part of the company’s cyber insurance claim, Pragma sent a team to the company’s offices the next morning to determine which servers were affected and eradicate the malware.
Through initial analysis of the available data, Pragma found Crypto Coin Miner software on the company’s systems and investigated how the malware was able to go undetected and get past the company’s first line security measures. Upon the discovery of security weaknesses, the company chose to upgrade its existing antivirus software and firewall policies to reduce the chance of future security breaches.
Key takeaway: In this case, the engineering company was taking a proactive stance; they reacted quickly and had a cyber insurance policy in place. They were able to immediately get the expert support that they needed, update their security protocols and get back on track despite being the target of a cyber attack.
When facing the threat of cyberattacks, a reactive stance is expensive, stressful and time-consuming. And whilst a proactive approach cannot guarantee there will not be attacks, having preventative measures in place will reduce the chance of a successful cyber attack. Even better, by insuring your SME, you can enjoy further peace of mind knowing that if a breach does occur, professionals will be in your corner to support you and minimise the stress and costs incurred by breaches in cybersecurity.
How can Pragma help?
As part of your cyber insurance application, Pragma can perform security testing services and implement security measures to mitigate cyber risks while providing assurance to stakeholders.
About Pragma
Pragma is a global Cyber Security and Regulatory Consulting firm that helps leading businesses, governments, and not-for-profit organisations strengthen cyber and regulatory resilience with a pragmatic approach.
info@pragmastrategy.com
Image credit: macrovector