Cybersecurity is a major point of anxiety for any business. Data breaches can be extremely costly, not only in terms of the data compromised but also in the damage to the organization's reputation following an attack. This issue is all the more important for small to midsize businesses (SMBs) that may lack the capital to bounce back from an attack as easily as large enterprises. If you find yourself among the many professionals worried about your security, then fret not. You have many tools at your disposal and, if you know what to look out for, you can protect yourself from all sorts of malicious activity.
Continue Reading Below
We recently spoke with Dr. Eric Cole, founder and CEO of cybersecurity consulting firm Secure Anchor Consulting, about cyber attacks and steps you can take to keep your SMB safe. Dr. Cole has worked in the cybersecurity industry for more than 20 years. He once was Chief Technology Officer (CTO) at security firm McAfee, and Chief Scientist and Senior Fellow for American global aerospace, defense, and security firm Lockheed Martin. Dr. Cole was also a member of the Commission on Cyber Security for the 44th President, Barack Obama. He has an upcoming book entitled, Online Danger: How to Protect Yourself and Your Loved Ones from The Evil Side of the Internet.
"SMB attacks are very widespread. The reason we don't hear about them as much is that our 'pain tolerance' has gotten so high for data breaches that smaller attacks don't make the news," Dr. Cole explained. "Imagine 10 years ago if you found out that your bank had 5,000 records stolen, you'd be freaking out. Today, if a million records get stolen, it's not newsworthy. A lot of SMBs say 'We are a smaller company, nobody's going to try to attack us' and that's just not true. Fortunately, there are still a lot of things you can do to protect yourself."
A Data-Centric View
One of the biggest takeaways from our conversation with Dr. Cole was that many breaches, even to large companies, are caused by little more than carelessness. "When you look at data breaches, the ones in news are caused because they are sloppy. Take Equifax, for example. They had a server that was accessible from the internet. They used the word 'admin' as credentials. They were behind on patches. These are all things that anyone, regardless of budget, can take care of."
Dr. Cole implores SMBs to take a data-centric view to their security. "Ask yourself, 'Why is our server accessible on the internet and why is that data so accessible?'" Businesses might not even need every one of their servers to be connected to the internet, especially if they contain information that hackers would want to sell or hold hostage.
The Power of the Individual
You can purchase and deploy as many security solutions as you want, but the truth of the matter is, the most important line of defense between your company and malicious attackers is your employees. "The adversary just needs an entry point. In most organizations, the biggest target is the individual," said Dr. Cole.
To access sensitive data, hackers will often target employees with phishing emails, making themselves appear as a manager or executive requesting information. The emails may be linked to forms that look official on the surface but are really sent back to criminals. "Criminals are operating on a much higher level these days than the 'Nigerian Prince' scam. Today, you're going to get a legitimate-looking email from your boss or co-workers that looks just like they sent it. Most users are going to click on that without thinking and that's extremely dangerous."
Training users on how to identify these attacks is crucial to minimizing them. If an executive contacts them and asks them to make a transaction that seems out of the ordinary, then check with them in person or over the phone first. "It all comes down to the message of 'think before you click.' Trusting emails at face value is about the worst thing you can do these days."
Consider Outside Help
Like any other business, the bottom line is of the utmost importance to an SMB. Unlike larger companies, however, SMBs have fewer resources so they need to focus on maximizing profits. As a result, focusing on cybersecurity often just isn't a priority. Many SMBs try to do everything in-house, often at the expense of effective security measures.
During our conversation, Dr. Cole made an analogy that summarized the unique problem that SMBs have. "A lot of us may have locks or some sort of security system in our home. Very few people, on the other hand, have their own security team. That's usually reserved for the richest among us," he said. "When something goes wrong, we usually have a third party handle it on our behalf. We call the police or some other emergency service. Many SMBs try to maintain their security operations all by themselves, and that's a problem."
Dr. Cole recommends that SMBs see themselves in the same light. Cloud services may be better equipped to handle customer information. Cloud services such as IBM/Softlayer offer secure data center services and may be a better choice for SMB customers than trying to do everything themselves.