10 Cybersecurity Actions for an SMB to Consider in 2023!
All organizations including Small-to-Medium businesses (SMB) have a digital environment on display to the world daily that is vital in the success and progression of their organization. This digital environment makes every company a reachable target by cybercriminals. This makes multiple aspects of the company vulnerable to risk from a breach. Exposed cyber-attack surfaces associated with company operations, brand, reputation, revenue, and supply pipelines will provide ongoing opportunities for threat actors to find open vectors to engage an organization. Cyber-attack surfaces can include organizational websites, shared cloud drives, social media accounts, poor vendor cyber hygiene, and more. Emerging technology that organizations will begin incorporating into their operations such as the utilization of the Metaverse and Artificial Intelligence such as ChatGPT will increase threat vectors that cybercriminals with seek to exploit. While an SMB is considering how to incorporate great emerging technology it should also take steps to mitigate threats and improve its resiliency to absorb and recover from possible future attacks.
The team here at Seimitsu wanted to share some nuggets of awareness about actions all organizations can take to strengthen resiliency in preparation for a possible engagement by cybercriminals. Some of these actions you may have heard before. They continue to be included in recommendations because of their strength as a foundational element of cybersecurity posturing. Our action recommendations will include topics to focus on and references to additional content on the topic that will allow you to further develop your understanding of the topic.
Increasing reliance on remote work: With the ongoing effects of Covid-19, many businesses but especially small businesses are moving their operations online and adopting remote work, which creates new opportunities for cybercriminals [4]. The aspects of remote work that entice cybercriminals include a disconnected workforce where it is harder to check with each other directly on things such as requests to transfer funds. Remote workers may not have the strongest security posture set up in their homes to support the management of organizational data making it easier to get into a home network. Some workers may be using the same internet connection that their children are playing online video games which can allow access to the remote network through unrealized vectors. Organizations that do not have a remote work plan or policies in place may be at risk of fines for not meeting compliance requirements such as those associated with HIPAA.
Omnichannel cyberattacks: Phishing has become omnichannel, exploiting the technologies businesses use to communicate, and hackers use these channels for targeted attacks [10]. Omnichannel cyberattacks are performed by cybercriminals using cross channels to engage a target. Cybercriminals will use phone calls, SMS, social media direct messages, and chat capabilities to include on an organization’s website. A targeted user will receive contact by phone, then will be contacted by chat, and possibly next by email. These are attempts to unsettle the user and project more authenticity in the engagement.
Employee cybersecurity awareness training: Cybersecurity awareness and training for employees are crucial to avoid falling victim to various cyber threats, such as phishing attacks [6]. Cybersecurity awareness training equips them with the knowledge and skills to identify and prevent potential threats, such as phishing emails or malicious links. Well-trained employees can serve as the first line of defense in an organization, reducing the risk of breaches and minimizing the impact of attacks. Employee training and awareness programs should be implemented to create a culture of cybersecurity, where every team member is knowledgeable about best practices and understands their role in protecting the organization's assets. By fostering a culture of cybersecurity awareness, businesses can significantly enhance their overall security posture and resilience against cyberattacks.
Two-factor authentication (2FA): Implementing 2FA is an effective way to add an extra layer of security and protect sensitive data and accounts from unauthorized access [7]. Two-factor authentication (2FA) requires users to provide two separate forms of identification before granting access to sensitive data or accounts. This additional layer of authentication makes it more difficult for cybercriminals to gain unauthorized access, even if they manage to obtain a user's password. By combining something the user knows (e.g., a password) with something the user possesses (e.g., a physical token or a unique code sent to their phone), 2FA significantly reduces the risk of account breaches and data theft.
Growing sophistication of cyber defenses: Midsize businesses must opt for sophisticated cyber defense strategies that adapt to the ever-changing landscape of cyber threats and vulnerabilities [2]. A sophisticated cyber defense strategy for a midsize business begins with a thorough assessment of the organization's unique risks, vulnerabilities, and assets, allowing for the development of a tailored security plan. This plan should include a multi-layered approach, incorporating firewalls, intrusion detection and prevention systems, encryption, and secure communication protocols to protect the organization's network and data from various threats. Regular security audits and penetration testing should be conducted to identify potential weaknesses and ensure that the defenses in place are effective.
Regular data backups: Backing up company data and files is an essential practice to minimize the impact of potential cyberattacks, such as ransomware attacks [7]. Backing up company data and files ensures that businesses can recover their critical information in the event of a cyberattack, such as a ransomware attack that encrypts or deletes data. Regular backups stored in secure, offsite locations or cloud services provide a safeguard against data loss and minimize the impact of a successful attack. Moreover, having reliable backups in place can reduce the need to pay ransom demands, as organizations can restore their systems without relying on cyber attackers to decrypt or return their data.
Secure wireless connections: Ensuring the security of wireless connections is vital to protect company networks and data from unauthorized access and potential cyber threats [7]. Poor security of wireless connections is problematic because unsecured networks can easily be exploited by cybercriminals, who can intercept data transmissions, steal sensitive information, or gain unauthorized access to company resources. By implementing strong encryption protocols, such as WPA3, and regularly updating router firmware, businesses can greatly reduce the risk of unauthorized access and data breaches. Furthermore, enforcing unique and strong passwords for network access, as well as isolating guest networks, helps to maintain the overall security of the company's wireless connections and protect against potential cyber threats.
Cybersecurity plans: Creating and regularly updating a cybersecurity plan helps businesses to proactively address potential threats and respond effectively to incidents [7]. Creating and regularly updating a cybersecurity plan helps businesses proactively address potential threats by identifying vulnerabilities, setting security priorities, and outlining preventive measures to protect against cyberattacks. A well-defined plan also establishes guidelines for employee training and awareness, ensuring that everyone within the organization understands their role in maintaining a secure environment. Moreover, an up-to-date cybersecurity plan includes a detailed incident response strategy, which enables businesses to respond effectively to incidents, minimize damage, and recover more efficiently, ultimately reducing the overall impact of cyberattacks on the organization.
Public and private investments in security: Increased investments in security can lead to significant progress in cybersecurity and help organizations better prepare for cyber threats [3]. Public and private increases in security investments can lead to significant progress in cybersecurity by providing organizations with the resources needed to adopt cutting-edge technologies, improve their security infrastructure, and employ skilled cybersecurity professionals. These investments also enable businesses to regularly update and maintain their security systems, ensuring they stay ahead of emerging threats and vulnerabilities. Furthermore, by prioritizing security investments, organizations demonstrate a commitment to protecting their assets and stakeholders, fostering a culture of cybersecurity awareness that helps them better prepare for and manage cyber threats.
Adapting to new technologies: As technology advances, small businesses must continuously update their cybersecurity measures to protect against new threats and vulnerabilities [5]. Small businesses must continuously update their cybersecurity measures because the threat landscape is constantly evolving, with new vulnerabilities and attack techniques emerging regularly. By staying up-to-date with the latest security measures, small businesses can proactively address these new threats and minimize the risk of successful cyberattacks. Additionally, continuous updates to cybersecurity practices help maintain a strong security posture, ensuring that the organization's defenses remain effective against potential breaches and safeguarding valuable assets, data, and customer trust.
While these are only 10 action areas to consider, we understand that even one of these areas may be overwhelming for an SMB leadership team to execute. Seimitsu is here to help with all your IT and Cybersecurity configuration and posturing needs. We have over 39 years of experience helping our clients and friends progress through technology changes and improve their resiliency. Contact us today at www.seimitsu.com, by email at hello@seimitsu.com, or give us a call a(912) 352-3689.
References:
[1] "Explore the Foundations of Our Security Strategy and See Microsoft Defender in Action. Microsoft Defender Offers a Comprehensive Security Solution for Small Businesses." URL: https://duckduckgo.com/y.js?
[2] "Midsize businesses must opt for a sophisticated cyber defense while understanding that the "way in" for attackers is never static — it varies as vulnerabilities shift and techniques evolve - and..." URL: https://help.duckduckgo.com/company/ads-by-microsoft-on-duckduckgo-private-search/
[3] "What everyone misses when it comes to cyber-attacks. Below are some of the key insights, tensions, and trade-offs that will likely shape the future of cybersecurity and that can help an organization better prepare to face cyber threats. 1. Progress in cybersecurity, but access must be widened. Public and private investments in security ..." URL: https://hbr.org/2021/09/4-cybersecurity-strategies-for-small-and-midsize-businesses
[4] "10 cyber security trends in 2022 that small businesses should know Small businesses worldwide are still reeling from the effects of Covid-19. Many are moving their operations online and adopting remote work. And cyber criminals are happy about this development because they can practice their trade and target small businesses with more elbow room." URL: https://www.weforum.org/agenda/2023/03/trends-for-future-of-cybersecurity/
[5] "We wanted to understand how the future of work impacts the way small and medium-sized organizations in the private and public sectors view cybersecurity and password management. To learn about cybersecurity trends, we conducted separate surveys of workers and IT decision-makers, along with supplemental interviews with a select group of IT leaders." URL: https://everydaycyber.net/10-cybersecurity-trends-for-small-businesses-in-2022/
[6] "Top 10 Cybersecurity Strategies and Tips for Small Businesses. Next, let's look at some of the top cybersecurity tips for small businesses. 1. Provide Employees with Cybersecurity Training. In ..." URL: https://blog.dashlane.com/10-new-cybersecurity-trends-at-small-businesses/
[7] "Here are ten basic cybersecurity practices every small business owner should know: Change Your Passwords Implement 2-Factor Authentication Create Strong Passwords Security Headers Create a Cyberplan Back-Up Company Data and Files Secure Wireless Connection Have Safeguards Against Phishing Turn Your Employees into Cyber Warriors" URL: https://www.linkedin.com/pulse/10-best-cybersecurity-strategies-small-businesses-gregory-brown
[8] "New frontiers of cybersecurity for SMBs. Long before the current crisis became an issue for businesses, SMBs were easy targets for cyber-attacks. A 2021 report by PunkPanda found that..." URL: https://www.smallbusinesscomputing.com/guides/cybersecurity-best-practices-small-business/
[9] "Small and Medium Businesses. Report a Cyber Issue. Organizations should report anomalous cyber activity and/or cyber incidents 24/7 to report@cisa.gov or (888) 282-0870. Small businesses may not consider themselves targets for cyberattacks due to their small size or the perception that they don't have anything worth stealing." URL: https://www.forbes.com/sites/theyec/2021/03/22/why-small-to-medium-businesses-should-rethink-cybersecurity-in-the-post-covid-19-world/
[10] "Omnichannel cyberattacks increase risks Phishing has become omnichannel, mirroring and exploiting the technologies businesses use to communicate. These attacks cross channels, as hackers use..." URL: https://www.cisa.gov/audiences/small-and-medium-businesses