Hackers view Small-to-Medium-Size Businesses (SMBs) as low hanging fruit, and they are being spammed and hacked at an alarming rate.
Over the years, we’ve spoken to numerous businesses. Many rely on break-fix vendors and have modest cyber- defenses at best. When victimized, they cannot quickly recover because they were unprepared.
Why does this problem persist even though stories about hacks and ransomware are constantly shown on about every news outlet in existence? Let’s look at five of the most persistent and costly beliefs that many business owners have that puts their companies at risk every day:
#1 – I’m Too Small and Have Nothing A Hacker Would Want
This is the “security through obscurity” belief. SMBs have a lot of data that will fetch good money on the dark web. Most have at least a few of the following:
- Names and addresses
- Social Security Numbers
- Credit Card Data
- Complete medical records (doctors, dentists, etc.)
- Passwords and logins
- Driver’s License information
- Employee records with background check information
According to the New York Post, sales prices on the dark web range from a measly $2.29 for email addresses to a whopping $1,000 for medical data!
The thing to remember is that the above prices are per record. Even an incompetent thief can make over $2,000 by stealing 1,000 email addresses. Not bad for a few minutes work. The more data they steal, the bigger their payday.
#2 – There’s No Way To Prevent Malware, So why Bother
SPAM is the primary mechanism that hackers use to deliver malware. With 54% of all email traffic being SPAM, stopping it is a challenge. Technology can help reduce the number of SPAM in mailboxes. Advanced anti-SPAM technology plus employee training are essential.
#3 – I Back Up My Data, So I’m OK
Many SMBs have cloud-based, data-only backup systems in place. If attacked by ransomware, they will likely be down for days, maybe weeks.
With data only backup, if your server is compromised, to recover:
- You need first to clear your server of all data and programs, etc.
- Re-install the Operating System, all software, and data
- Re-configure security settings, preferences, etc.
This process could take much longer if you’re downloading data from the cloud. If the download process is interrupted, your back to square one. With data-only backup, don’t expect to be in full operation soon.
#4 – I’ll Buy A Better Anti-virus program
No one solution can guarantee 100% protection. A defense-in-depth strategy is the best way to mitigate cyber threats. This means putting in place several security mechanisms, processes, procedures, and training. Each mechanism represents another barrier for malware or hackers to penetrate.
Anti-virus (AV) is but one level of defense that should be augmented with additional security measures. The problem with AV is that it will always be behind the hackers. For AV to be effective, it must first see new viral infections to identify them for quarantine.
Did you know there are over 325,000 NEW pieces of malware being created daily! AV is necessary, but not sufficient alone.
#5 – Even If I get Breached, It’s No Big Deal
WRONG! The General Data Protection Regulation was enacted in Europe in 2018. Its reach is Global and carries severe penalties. Many countries and numerous U.S. states have followed suit, passing their own privacy laws. Businesses can face severe penalties if data is leaked, lost, or stolen.
What Can An SMB Do?
As mentioned previously, a defense-in-depth strategy is best and may include:
- Encrypting servers and workstations
- More powerful and centrally managed Anti-virus programs
- Additional anti-malware solutions
- Software and hardware firewalls
- Patch management
- Unified Threat Management (UTM) systems
- Company-wide Password Managers
- Robust, advanced email SPAM Filtering programs
- Cloud Data Protection for O365 and G Suite
- Business Continuity Disaster Recovery solutions
- Physical security solutions
- Network monitoring, maintenance, management, and support
- Employee training
The Biggest Mistake Business Owners Make
They think they can “go it alone.” They can’t― because implementing some or all of the above takes coordination and expert knowledge.
In today’s digital environment, the part-time, break-fix IT guy just doesn’t cut it. Your computer network should be monitored, managed, and maintained. Only a Managed Services Provider (MSP) will do that.
What To Do Next
Those businesses that do not have computer expertise onsite need to get a Managed Services Provider (MSP) on board. A good MSP will quickly assess the state of your network, propose solutions, and give you EXACT PRICING in writing before you sign an agreement.
Act now before one or more of the above beliefs become your reality and living nightmare!
XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions. We provide Disaster Recovery as a Service (DRaaS), Backup as a Service (BaaS), Cloud Data Protection (CDP), and Managed IT Services (MSP). Call (845) 362-9675 for a free consultation. Backup & Disaster Recovery| Cloud Data Protection |Managed IT Services