It seems like we hear about a new cyberattack every day. They’re hard to miss when cybercriminals breach companies like LinkedIn, Marriott, Target, McDonald’s, Adobe, eBay, Equifax, and Yahoo and shutdown infrastructure like the Colonial Pipeline and JBS (20% of the nation’s meat supply).
Unfortunately, these big headlines are only a tiny fraction of the actual attacks cybercriminals carry out. Most of the cyber-attacks happen at SMBs and don’t make big news but have a huge impact.
Two in five SMBs were impacted by ransomware in 2020, and 47% of businesses report having five or more cyberattacks last year. Cybercriminals see SMBs as easy targets, as they lack the security infrastructure of the big guys. As larger corporations further fortify their cyber defenses, the focus shifts even more towards SMBs.
CIT has a long history of providing cybersecurity to SMBs and can assure you that a defense is not beyond your means. In reality, a good cyber defense starts with education on how to identify phishing and other malware before it leads to ransomware or a breach.
You’ve probably heard that anti-virus and firewalls are no longer enough of a defense to feel secure. This is true, but there are now many other solutions available to fortify an SMB’s defenses. We’re pleased to offer you a list of six steps SMBs can take now to protect employees, customers, and businesses from cyberattacks.
- Security Layers – Layered security is a network approach that uses several methods to protect your business. The purpose of layered security is to ensure every defense component has a backup to counter any flaws or gaps in your defenses.
- Zero Trust Model – Zero Trust is a security model centered around the ethos to not trust anything inside or outside your business perimeter without first verifying it isn’t compromised. Zero Trust boils down to don’t trust anything or anyone.
- Activate Multi-Factor Authentication – This security method adds a step onto the password process requiring the user to also provide an identity code provided via text, phone, or app.
- Disaster Recovery Plan – Assume a breach is inevitable, make regular backups, and have a plan to restore your critical data if/when disaster strikes. A disaster recovery plan sounds simple, but it requires a lot of planning to do right.
- Use a Security Operations Center (SOC) – A security operations center deals with security issues at a technical level. SOCs are comprised of three building blocks people, processes, and technology for managing and augmenting a business’ security posture.