Of the most common perils faced by many of today’s companies in 2017 are those threats that are posed to IT. Entire countries are being hacked to steal information. Large companies are being hacked to steal credit card information or private health information—and it isn’t just large businesses that face these threats. Over the past decade, small and medium-sized businesses face greater threats than they had in the past, and will probably continue to face worse cyber threats in the future.
The most common threats to cyber security include data theft, hacking into the cloud, extortion and ransomware attacks, and hacking into a system through known vulnerabilities. There are solutions for each of these issues, however, someone has to ensure that everyone participates in the solutions.
Data Theft: Recently, 90% of all businesses—whether part of a huge conglomerate or an SMB, reported that they had faced some sort of security breach through IT channels, and almost half of those companies lost data. Kaspersky Lab estimated that it cost around $38,000 for SMB’s to recover from a data sort of breach.
Hacking the Cloud: Although it seems that cloud providers are being hacked more often than in the past, a recent report from Gartner indicated that data stored on the premises of a business was not necessarily safer, so it probably makes more sense to improve the security of data in the cloud. It just indicates that some cloud businesses are safer than others, and all cloud providers should expect the bad guys to search for vulnerabilities in the cloud.
It is not comforting to realize that Gartner also found that the biggest risk to cloud computing was the cloud company’s customers—meaning the fault is with most businesses. They estimate that 95% of the data breaches in cloud companies will be customers who have weak protocols for accessing the cloud, and who don’t require updated passwords and similar safety measures. One easy solution in many cases is for a business to implement the recommended safety procedures the cloud service providers ask.
Ransomware: Ransomware is becoming the bane of technology as a work tool. At the end of 2016, Trend Micro called 2016 the Year of Online Extortion. The problem has only gotten worse since the end of 2016. The problem is likely to become even more frequent in the future as the villains learn to sharpen their attacks and make money the old-fashioned way – stealing it.
Unintended open Access: Finally, another very common way that hackers get into business networks is to attack through avenues that are known to be vulnerable. Hackers know that there is a way into a system, and even though there may be updates and patches to remove the vulnerability, often people ignore the recommended patches. After all, people seem to think that it might take three minutes or even five to install a patch that will keep the bad guys out.
That five minutes could save a company $38,000 in referring back to Kaspersky Lab’s earlier report. The IT department needs to ensure they install patches or ensure all employees put the patches on their own machines as soon as reasonably possible. Not doing so just allows your network to get hacked.
IT teams need to set up automated network searches to look for and find problems and “holes” in the network. These searches can find potential problems before hackers do. Then, once the protocols are in place to do the searches, someone will need to be responsible for checking on them and dealing with them as they are found. Some SMB’s especially do not have full-time IT staff, so someone will have to be trained to take information gleaned from the searches and find ways to plug those holes. If not, then IT pros will need to be hired as contractors to check on the security and deal with problems. These are definitely not problems that will go away if they are ignored.
It is also important to have someone in the organization keeping up with the latest threats. Often, a virus is in the news days before it sweeps over the entire nation. Read about it and take recommended precautions. The alternative is to hear about the virus, hope it doesn’t hit your business, then go about working like all is well. That might work out well, but it probably won’t.
Finally, as a basic but important level of protection, train your staff. Train them that there are websites they should never visit with company computers. Train them to recognize what to do when a suspicious email comes to them, and what a suspicious email looks like. Also, train them to understand what they should do if they get a ransomware demand on their computer screen. Ignoring it is not the best solution, so tell them what the best solution is.
IT threats are all over the place. Everyone needs a plan to prevent problems for crippling their organization, and from costing unnecessary money.