Evaluating and finding vulnerabilities within your organization: What are the weak spots?

The threat to every business and organization from cyber attacks is very real and very serious. Cyber attacks happen every 39 seconds.

Increasingly, cyber criminals are targeting smaller businesses, with 43% of cyber attacks aimed at that particular segment.

The potential damage from a cyber attack can be catastrophic. A business.com report puts the average cost of a data breach to a small business at anywhere from $120,000 to $1.24 million.

The cumulative damage extends far beyond monetary considerations. Consider the headaches to a company if sensitive information (such as customer social security numbers and income amount) falls into the wrong hands. Consider the problems that can arise from having company information land in the hands of someone with nefarious intentions, perhaps a competitor. There are also compliance matters to consider, and the reputational damage that can occur. Compromised data is every business owner's worst nightmare.

Most research agrees that around 90% of cyber intrusions come because of human error, meaning your employees or managers inadvertently allowed the system to be compromised (which is why employee training is such a critical component of keeping your infrastructure secure). Zippia.com reports that cyber crime cost an estimated $6.9 billion in 2021, and that only 5% of company folders and files are properly protected.

It's a serious problem. But there are steps a business can take to safeguard itself.

You must first identify the "weak spots" in your network, and take necessary measures to minimize the chances of a cyber attack. Here are some important steps toward accomplishing that goal.

1. Have the strongest possible cyber protection in place, best accomplished by partnering with a Managed Services Provider (MSP) to monitor the system, provide the necessary updates, and protect against threats with the latest technology.

2. Be certain that you have a strong cyber security policy in place - one that every employee buys into.

Some key elements of a cyber security policy include:

• Prohibiting employees from posting confidential company information and client information.

• Strong policies regarding storage of sensitive data. What is the chain of custody for this information? Who has access? This applies to both electronic and paper data.

• Identifying the company's key assets. What exactly is it that you are protecting?

• Select a public spokesperson should it be necessary to notify vendors, clients or the public about a breach. In so doing, also identify a plan of action to calm the anxieties of clients or vendors, which includes corrective steps.

• Policies governing use of the company website, use of individual personal devices, two-factor authentication, frequency and content for employee training.

• Using strong passwords which are changed frequently.

• A schedule for network vulnerability testing, from your outside IT provider or other cyber security expert.

3. While most cyber intrusions are external, the cause also can be internal, such as a disgruntled former employee. Don't allow employees to share login information, and change passwords and access frequently.

4. Ongoing training of employees, educating them on awareness of potential attacks on a company infrastructure.

Some key elements of an employee training program include:

• The importance of protecting company data.

• Identifying common phishing schemes (click on a link, bogus "invoices" and "payment" links).

• Encrypting data and using multi-factor authentication.

• Being aware of when a computer operates slowly or differently and reporting it immediately.

• Responsible and safe email use.

• What employees can and cannot do with company website and personal devices.

5. Test your infrastructure's vulnerabilities. Have your Managed Service Provider conduct a simulated hack into your network, test how your employees respond to simulated hacks, identify the weak spots and take the necessary corrective steps.

Be vigilant. With the right cyber protection, a strong cyber policy, and a comprehensive employee training program your chances of evading the cyber criminals will improve greatly.

• Chip Miceli is CEO of Pulse Technology, https://pulsetechnology.com, a technology company specializing in managed services (IT) with headquarters in Schaumburg.