5 expert tips to prevent cyber attacks and protect your business
There was no economic slowdown for cyber criminals. Already working remotely, they have continued to refine their tactics and improve their techniques for trolling small and midsize businesses (SMBs) for ransomware opportunities. The remote workforce only enhances their opportunities as the work-from-home trend brought on by the pandemic puts workers on their home networks, potentially beyond the security of a VPN. With all the challenges associated with navigating the pandemic, getting hit with a ransomware attack could not come at a worse time. A cyber attack can take your business down as sudden as a heart attack.
The good news is that SMBs continue to take positive steps forward in preparing for and defending against attacks. Analysis of the Q4 2020 Vistage CEO Confidence Index survey revealed other improvements — now 49% of SMBs report having an active, up-to-date cybersecurity plan in place, up 11 percentage points since 2017. The bad news is that 51% of SMBs are still vulnerable and exposed at some level. And just because you have a plan in place doesn’t guarantee you won’t get hit.
The best defense is a good offense
The best line of defense with ransomware is to be on the offense. According to Joseph Beaulieu, CEO of eStrategic Technical Solutions, “2020 saw the highest attack rate yet and in late 2019 more money was paid to bad actors than ever before at $84,116 — a 200% increase year over year.” If that financial impact is not concerning enough, he adds, “server downtime costs a company on average an additional $274,000 per attack, making it a costly year for those businesses impacted.”
To provide additional context, Beaulieu points out that in 2019, 50% of all cyber attacks were against small and midsize businesses — “that resulted in a successful attack rate of 69%,” he says.
The threat is real for all companies. With so many businesses moving to a distributed workforce in 2020, their guard was down, and these numbers show it. It is more important for CEOs now than ever before to be ready for when, not if, the attack hits your business. How they prepare for such an attack will determine how quickly they can recover from the attack as well as mitigate the cost to the business.
Beaulieu shares the following guidance for CEOs on how to best prepare their cyber defense, which starts with prevention. These steps will first, help prevent an attack and secondly, help minimize downtime if an attack is successful. “It is important to note that it is impossible to 100% guarantee that attacks will not happen with proper cyber security postures in place but a good defense will reduce the risk greatly,” says Beaulieu.
5 ways to prevent cyber attacks from happening:
- Phishing Training: According to one study, phishing was 57% successful in 2019, at this high success rate, phishing is considered one of the most successful ways to infiltrate the company. Training the employees to identify fake emails is a low cost, high reward measure that every company should deploy.
- Vulnerability Testing: Periodically all companies should review their server’s security posture and test against them, determine what vulnerabilities exist, and patch them. By building a more secure environment against the bad actor’s attacks, it will reduce the likelihood of a successful attack.
- Backups: Your company should be backing up all sensitive data and all servers that are needed to effectively keep the company operational. These backups should be kept off site for disaster recovery purposes. It is also suggested that multiple cold storage backups are kept in the event the data was compromised several months prior. Data storage can be expensive, so it is important to build a backup plan that only keeps enough iterations to protect the company.
- Cyber Insurance: With attacks becoming more prevalent and having such a high rate of success, cyber insurance is a must for any company. Even a well thought-out cyber defense can not guarantee an attack will be thwarted every time. The insurance will help cover the cost in the event an attack is successful. Insurance helps offset the cost to ransomware and losses to the company due to downtime while the systems are being brought back up.
- Build an Incident Response Plan: When an attack occurs, it is critical to act immediately. Inaction has an exponential factor on downtime costs and company reputation to the customer. Identifying that an attack happened, the type of attack, and what systems are affected needs to happen quickly. The company’s downtime is directly related to knowing what systems are affected. Building an incident response plan is a must for any company. This plan will provide the blueprint of what to do if an attack happens. Building the plan before an attack provides the company time to have a methodical plan in place that can be followed to reduce downtime to the company and identify the “what ifs” instead of being reactive in the moment. Just like phishing training, this strategy is low cost but provides tangible results by reducing the downtime and associated downtime costs.
By having a plan in place to protect against ransomware and other unforeseen circumstances, you can minimize the impact of the downtime to the company and eliminate the need to pay ransomware.
Joseph Beaulieu, CEO of eStrategic Technical Solutions, has over a decade of experience providing advice to both private and public sector businesses small and large. He has lead and architected mission critical projects for the U.S. government, and has identified, consulted, and developed solutions for a small business looking to break the $10M threshold without having to add to the labor count. His ability to analytically identify process gaps and recommend IT solutions to fill the void provides businesses a unique advantage when looking to remain competitive without having to increase their overhead.