Let’s face it. It’s hard to know what you’re supposed to believe when it comes to cyber security for your small business. It seems that most of the stories we hear about are big business or government security breaches that put hundreds of thousands of people’s data at risk. Because of that, it seems that all the advice, white papers and blog posts are meant for those big budget companies and not for small businesses like yours. So let’s really break it down for YOU—What do you really need to know about cyber security?
We were lucky enough to score an extensive interview with Michael Drag of Antares, a leading IT and cyber security firm in Minneapolis. Michael recently sat on a Lloyds of London panel for software security. He's an expert who really knows his stuff.
Do hackers really ever target small businesses?Michael made an interesting statement right away as we started our interview with him:
“Small Businesses [believe] there is nothing of value in their business, so no one is really interested in hacking them.”
Just because you may not think you are worthy of a hack, it doesn’t mean you won’t get hacked for other reasons. You could be negatively impacted whether your company is “worthy” or not. How you ask? Well…
A popular attack these days is something called a Crypto Virus. These viruses are considered ransom-ware. The point is to bring your systems down and force you to pay the hacker a certain sum of money to get your systems back up and running again.
So Michael asks, “What would happen if your systems went down and your workforce could no longer do their jobs?"
If you have a bank account, you are considered worthy of an attack.
Michael also warned that your small business may not be the end target in an attack. If your systems are easily penetrated, you could simply be a carrier for a hacker to get to other people or companies.
This presents a whole different problem. If malicious code were transferred to your customers by one of your employees sending them an email, it would damage the reputation of your business. Attacks can also happen through your website. If your site is infected, at best it displays warnings to website visitors. At worst, the virus will attack their system. Even if your customers never get infected, they'll be wary of visiting your site again. Now, that can’t be good for your business!
How Do Hackers Get In?According to Michael, hackers often target low-hanging fruit. In other words, businesses that make it easy for them.
Common and surprising ways hackers get in:
- Improper or incomplete firewall setup (leaving ports open)
- Passwords that are too easy for a bot to figure out (bots can use simple dictionary attack)
- External or remote connections to your network (employee home devices or networks perhaps)
- VOIP phone systems (often missed because of a low perception of threat)
- New Digital HVAC & Security Systems (often left vulnerable without the business owner even knowing)
Michael feels that small businesses owners and managers simply need to be more aware and take basic precautions.
Protecting Your Business from Cyber AttacksMichael recommends following these low-cost steps so your business will less likely become a victim of cyber attacks:
- Ask your providers about security. If they don’t seem to know what you’re asking or they seem to lack confidence in their response, find someone else.
- Make sure your passwords are reasonably secure by requiring 8-10 characters, uppercase and lowercase letters, numbers, symbols and NO DICTIONARY WORDS. Michael mentioned that changing passwords often can be overkill for most small businesses, but once a year is a good practice.
- Have your firewall setup looked at by a professional and take their advice. This does not have to cost a lot of money.
- Close down dormant accounts. Businesses managers can be slow to shut down old employee email accounts, but these can be open doors to your network. Michael recommends establishing a protocol for closing out these accounts any time an employee leaves the company.
- Restrict employee desktops from having installation rights.
- Install antivirus and malware protection at each workstation. Companies often avoid this for cost concerns, but Michael urges business owners to consider the cost of a hack. Be sure to compare monthly plans vs. up-front payment options. Michael does caution against free versions of these software programs. They simply are not updated as often as needed and may require manual updates, which are often missed.
If you truly consider the severity of consequences resulting from cyber attacks, this is a short list to run through. Of course, companies dealing with highly sensitive data may want to consider more robust steps to protect their systems.
One Final PointMichael wanted to stress the importance of backing up systems and hard drives. Backing up data can mean the difference between completely losing work forever or taking ten minutes to restore from a backup.
Esultants wants to think Michael for his time and his expert wisdom on this important issue! We hope it was clear and helpful for you as a small business owner. If you would like to talk with Michael or someone on his team directly, you can email firstname.lastname@example.org, or simply call our office at 612-623-8054, and we can get you connected.
On behalf of Esultants, we hope this was helpful, and we’d love your feedback.