A recent article by Gal Ringel, an online privacy advocate and CEO of Mine, caught our attention when it raised the question of how to extend cybersecurity technology normally only available to organizations with large IT budgets to the small and medium business market (SMB). In the article, Ringel raises the point the we have become desensitized to being hacked due the large number of breaches that are reported every day. In fact, it is now accepted that you will be hacked, and it is simply a matter of when.
While we do hear about the results of those large attacks for the public at large, we rarely hear how fatal these types of incidents can be for smaller organizations. Of small businesses that are hacked, 60 percent close up shop within a year. Additionally, a study conducted in 2018 shows that 90 percent of internet users aged 24 to 34 found their information on a scan of the dark web.
“It’s now so commonplace to get your information stolen online that entire industries exist to help businesses deal with the problem,” Ringel states. But these remedies are expensive. And, he asserts that the reason that less expensive alternatives are not being offered or developed is the monetization of data. If the cybersecurity remedies used by big corporations were available to small businesses and non-commercial users, that data wouldn’t be nearly as available to those who profit from it. By not having access to security expensive remedies, everyday users and small businesses become easier targets for hackers.
Even without access to these expensive security solutions, there are a few things that small businesses can do to better protect themselves and their consumers:
– Educate your employees: Teach employees what a threat looks like and how to avoid an intrusion. (Southwest Cyber has partnered with KnowBe4 to provide a training platform to raise awareness in your organization.)
– Monitor BYOD (Bring Your Own Device): It’s becoming more and more common for employees to use their own phones and tablets in the workplace so small businesses need to be aware of the risk that is introduced when this occurs. Monitoring those devices closely and having a separate network for BYOD are two ways to mitigate that risk.
– Make sure your employees are deleting unused accounts. Make sure you have a process in place to remove the accounts of employees upon release. Track and remove accounts used by third-party software tools and network services promptly when no longer needed. Avoid tools and online services that do not allow you to erase your data and delete the account when no longer needed.
– Activate MFA (multi-factor authentication). Definitely implement MFA for services that access company data from outside the company’s secure network (e.g., when using Outlook Web Access to check email).
– Provide a password manager to all of your employees.
– Use browsers that include anti-tracking tools, ad blocking, etc. Firefox and Brave include these tools and DuckDuckGo is a search engine that focuses on privacy.
For more information and links to the studies quoted, the article can be found at this link.
