You are only as strong as your weakest link
The FBI reported $3.5 billion business losses in 2019 due to cybercrime. Actual losses are estimated to far exceed what was reported. It is much less expensive to prevent cyber-attacks than it is to repair the damage after it happens. We estimate prevention is 10% of the remediation costs. That's right - a 90% savings strategy.
The FBI's 2019 Internet Crime Report states the most prevalent crime types were Phishing/Vishing/Smishing/Pharming. What do these all have in common? The use of deception to manipulate individuals. Hackers focus their attacks on human vulnerabilities. People make mistakes. Bad actors use this to their advantage.
Business needs to invest in strengthening the Human Firewall. Be aware that your business can only be as strong as your weakest link. For example, if you provide cyber security training, do you train everyone including part-time workers and consultants? Or do you only invest your training budget on FTEs. A Chicago suburban municipality learned that lesson the hard way in 2018 when a phishing scheme successfully convinced a part-time consultant to email a complete list of W-2 information including names, SSNs, addresses, and earnings to a bad actor. This municipality invested in the most respected, comprehensive cyber security training program available for small organizations. But their training program investment was limited to FTEs. Consultants and part-time workers did not receive the training.
The best cybercrime prevention strategy is a multi-layered security approach with an emphasis on human behaviors. Here are a few ways to protect your business from a cyber-attack.
1. Security Risk Assessment - Know where your vulnerabilities exist.
2. Spam prevention - Secure your email. Most cyber-attacks originate by email.
3. Passwords - Apply security policies on your network.
4. Security Awareness - Train your users - often! Train ALL of them. Teach them about data security, email attacks, and your policies and procedures.
5. Advanced Endpoint Detection & Response - Protect your computers and data from malware, viruses, and cyber-attacks with technology to manage and monitor these activities.
6. Multi-Factor Authentication - Use Multi-Factor authentication whenever you can. Use MFA on your network, banking websites, and even social media. It adds an additional layer of protection to ensure that even if your password does get stolen, your data stays protected.
7. Computer Updates - Keep the Operating Systems and software products like browsers, Adobe and Java updated for better security. Use technology to manage and monitor the updates.
8. Dark Web Research - Which of your passwords and accounts have been posted on the Dark Web?
9. Encryption - Whenever possible, encrypt. Do you send sensitive information through email?
10. Backup - You should have multiple backup copies; one local backup and another backup in the cloud. How much data can you afford to lose? How long can you stay in business without access to your computers and data? Those answers should determine your backup solution budget.
11. Privileged Access Management - Who can access what data? How are user access requests managed? How quickly can you remove access privileges? Organizations need a unified view of privileged user access across the company.
12. Cyber Security Insurance - More affordable than you may think. Ask your insurance provider to add this to your policy.
• Deb Reiter is CEO of CMIT Solutions of the Tri-Cities in Batavia.