The threat of multi-vector attacks is real, and can have dramatic repercussions. A recent report by the Australian Small Business and Family Ombudsman revealed that 60 per cent of small businesses who experience a significant cyberattack went out of business within the following six months. This alarming statistic reveals how vulnerable SMEs are to cyberattacks.
Many SMEs today are unprepared – some of them simply don’t have any cyber security strategies in place, relying only on traditional firewalls that are unfortunately not fit for today’s cyber landscape.
How can SMEs, despite limited human and financial resources, protect themselves from the business risks linked to cyberattacks?
1. Cross those Ts
To survive in today’s complex cyber-threat landscape preparation is vital.
Being able to quickly react to a potential threat is often the difference between a successful and a failed mitigation action. The first minutes after a threat or a hack is detected are crucial. As we’ve seen with large scale attacks such as WannaCry and Petya, the organisations hit within the 48 hours following the attack were the ones who didn’t react quickly enough and install the right Microsoft patches in time.
It is important to create a plan of action spanning every possible scenario, from a large ransomware attack to a data breach caused by an employee’s negligence. Outside resources such as MSPs (managed service providers), can be very useful and provide SMEs with the expertise from high-level cyber experts they couldn’t afford in-house. Another best practice is to create a layered defence by implementing strong backup and business continuity plans.
2. Educating employees for better prevention
With strapped budgets, employee education can often be overlooked, however training is probably the best investment SMEs can make to reduce the chances of being attacked. Often a high number of attacks are a direct result of employee negligence, whether it be a laptop left open when the employee left the office, an iPhone lost in a taxi, or a fraudulent email attachment opened or forwarded to a colleague.
When designing a training plan, it is important that the training is regular as hackers are constantly evolving the type and methods of attacks, across multiple devices. On top of this, practical steps businesses can take such as requesting regular password changes will ensure employees are complying with basic security best practices.
3. Don’t overlook software updates
A simple tip that is often easily put aside is keeping enterprise software and security protections up-to-date. Software is continuing to develop in light of new and sophisticated multi-vector attacks and therefore it is important that it is updated as recommended by software vendors.
Whilst it is easy to press the “remind me tomorrow” button when an update notification appears, prioritising these updates is paramount to stopping at least the most common attacks.
4. Use a reputable, reliable cybersecurity solution
As cyberattacks are multiplying and getting more sophisticated every year, and as we are relying on an increasing number of devices and apps to do business, it is important to choose a comprehensive cybersecurity solution which includes endpoint protection.
SMEs should look for a security solution that protects web browsing, controls outbound traffic, protects system settings, proactively stops phishing attacks, and continuously monitors individual endpoints.
It is easy to brush a cyber-threat off and say “it won’t happen to me”, but if your business faced a multi-vector attack, how prepared would you be? By considering and implementing these steps for your business, you can work with peace of mind, knowing you have the best protection possible.
Dan Slattery, Senior Information Security Analyst, Webroot