Just before the Ukraine invasion, a top official at the DOJ issued a stark warning to companies in the U.S. and abroad, calling on them to immediately shore up their cybersecurity defenses amid a potential Russian invasion of Ukraine. Last month after the invasion, the White House urged all businesses to “make the following steps with urgency.” US Cyber agencies are warning that Russian (and Chinese) threat actors often use Microsoft 365 to first enter the system and gain official credentials and then send malware to compromise devices without the person knowing.
Was this enough to cause you to look at your own cyber vulnerabilities? Have you determined how or if your company could recover from a ransomware or other cyberattack? Do you still think that it can’t happen to you? If not, a recent piece of coverage in FORBES may change your mind. The article is worth reading in its entirety, but I am listing just a portion focused on small-medium-sized businesses because it’s important that you understand just how at risk you may be:
- If you’re still in denial about the chances of your small business becoming a victim, 61% of all SMBs have reported at least one cyber-attack during the previous year.
- A benchmark study by CISCO found that 40% of the small businesses that faced a severe cyber-attack experienced at least eight hours of downtime. And this downtime accounts for a major portion of the overall cost of a security breach.
- The above-mentioned CISCO study also found that ransomware was not among the top three cyber threats identified by small businesses. Business owners may be underestimating the threat of ransomware, however, MSPs are not. 85% of MSPs consider ransomware one of the biggest threats to their SMB clients.
- 30% of small businesses consider phishing attacks to be the biggest cyber threat.
- 83% of small and medium-sized businesses are not financially prepared to recover from a cyber-attack.
- Despite the staggering numbers, 91% of small businesses haven’t purchased cyber liability insurance. This truly reflects how unaware and unprepared small business owners are to deal with security breaches.
- Only 14% of small businesses consider their cyber-attack and risk mitigation ability as highly effective.
- 43% SMBs do not have any cybersecurity plan in place.
- One in five small companies does not use endpoint security, and 52% SMBs do not have any IT security experts in-house.”
Look, I know everyone is busy, but you really can’t keep this on the back burner any longer. The White House has provided a robust list of recommendations on what you should do. I’m going to share with you what I consider to be the top 3* steps you can take today as a beginning set of tactics for mitigating today’s prevalent threats:
- Invest in password management software such as Dashlane for Business that can not only make it easier for you login to websites, but can help you manage all of your passwords, generate random passwords, and even tell you which passwords are already compromised on previously known breaches (i.e., Facebook breach, etc.) It also has a feature that allows you to securely share passwords among your teams/colleagues.
- Use built-in data drive encryption software; Windows 10 and 11 business versions both allows for drive encryption and secures all private keys (it’s called BitLocker).
- Use Cybersecurity tools, such as Proofpoint, to scan and filter your incoming emails before they get to your email servers. Such tools allow for URL defense and other capabilities to block access to malicious websites.
Don’t put it off any longer, and you can’t just stop there. But if you do these three things it will be a solid beginning. If you want to have an evaluation of where you go from there, feel free to get in touch with us.
* Products mentioned are as example only, SRS does not benefit in any way from their mention, and it is important that the implementation of all security software be done with assistance and advice of an IT professional.