Doable Cybersecurity Checklist for Small Business
Cyberattacks represent a real threat to businesses of all sizes. Without proper cybersecurity measures in place, small businesses risk monetary losses due to cybercrime, including those resulting from a damaged reputation and even potential lawsuits.
Cybercrime continues to evolve with more sophisticated attacks occurring as criminals find new and improved ways to ambush their targets. Things like DDoS attacks, ransomware, and phishing schemes weren’t a concern for businesses in the past but now represent daily threats.
Why do small businesses need cybersecurity?
To put things in perspective, here are a few small business cybersecurity statistics to digest:
In its 2018 State of Cybersecurity in Small & Medium-Sized Businesses (SMB) study of companies with less than 1,000 employees, the Ponemon Institute found that 67% reported a cyberattack within the last 12 months and 58% reported that customer and employee information had been breached in the same time period.
The same survey found that the average cost attributed to IT property theft or damage (assets or infrastructure) was $1.43 million. The average cost attributed to normal operations being disrupted was $1.56 million. These figures were up 33 per cent and 22 per cent over 2017, respectively.
Cybersecurity Ventures reported that damages to businesses due to ransomware attacks are expected to reach $11.5 million by the end of 2019. By that time, a ransomware attack will affect a business every 14 seconds.
What are the most common cybersecurity issues for businesses?
While human error is a concern in many respects, cybersecurity often involves protecting against cyberattacks by malicious parties. Here are some examples of the threats that are out there:
1. DDoS Attacks:
A Denial of Service (DDoS) attack involves flooding systems (or servers or networks) with traffic. As a result, resources and bandwidth are exhausted, so the system can no longer deal with legitimate requests. A Distributed Denial of Service (DDoS) attack involves multiple devices that have been compromised.
2. Phishing Attacks:
These involve cybercriminals trying to find out information via various forms of communication, including email, message systems, or phone calls. Phishing uses social engineering to trick people into divulging private information. Spear phishing (targeted phishing) attacks, including whaling (where very senior employees are targeted), are of particular concern for businesses.
3. Ransomware:
This is a type of malware holds systems or files hostage until a ransom is paid, often in the form of cryptocurrency.
4. Man-in-the-Middle (MitM) attacks:
In a MitM attack, the attacker will eavesdrop on traffic to steal data or change or filter it in some way.
5. Tech support scams:
An employee could be duped into handing over remote control of their device or company information to someone posing as a computer technician. These types of schemes are often initiated over the phone.
6. Physical theft or hack:
Criminals might try to steal or gain unauthorized access to computers, hard drives, disks, USB sticks, or other sensitive information devices.
These attacks can often be avoided, or at least their damage can be limited, using a combination of cybersecurity savvy and some of the tools mentioned in the next section.
How can we improve our cybersecurity to prevent those attacks?
Having a cybersecurity strategy and accompanying policies in place is a must for any business hoping to stay safe against cyberattacks. But to complement these policies, it is either helpful or necessary to have tools in place to help. Here we’ll give you a couple of our top budget options for each as a sort of one-stop-shop.
1. Antivirus Software
A good antivirus software is one of the first things you need to have in place as part of a solid cybersecurity plan. Antivirus software is designed to detect and remove viruses and other forms of malware. It won’t guarantee you security, but it can help a lot.
2. Firewall
A firewall acts as a first defense by creating a barrier between your device or network and the internet. It does this by closing ports to stop communication with your device. This can help against threats, for example, by preventing entry of known malicious programs sent by hackers. It can also stop data leakage from your device. Software firewalls are often built into your device’s operating system and hardware firewalls can be found built into many routers. Often, it’s just a simple case of making sure yours are enabled.
3. Password Manager
It’s impossible to stress strongly enough the importance of using strong passwords for each account. Employees should be guided on best practices such as using a different password for every account and coming up with long passwords that are difficult to guess. While it seems convenient, passwords shouldn’t be shared among users. One of the obvious issues with following these guidelines is the difficulty in reembering all of these passwords. Often, people feel forced to write them down, which brings about an even bigger security issue. A simple option is to use a password manager that will remember and autofill passwords for you.
4. SSL Certificate
Is your website secure? Implementing HTTPS and getting an SSL certificate sounds complicated, but it’s simple. Plus it offers great benefits, including encrypting the traffic going between your website and your customer — preventing things like ISP snooping or man-in-the-middle attacks — and letting users know that the site is authentic.
5. Defacement Monitoring Tools
Website defacement is a cyberattack that changes the visual representation of a web page or a website. As the word deface explains, cybercriminals change the images or text on the compromised web page or website. It is comparable to drawing graffiti without permission; it only happens virtually on websites. Defacement Monitoring Tools is an easy and elegant solution that helps you secure your social media profiles or websites from website defacement. These tools automate the task of monitoring your web pages or websites for defacement issues and instantly notify you when they find unauthorized changes.
One of the most well-known defacement monitoring tools out there is SentryPage.
What is SentryPage?
SentryPage is a defacement monitoring platform supported by an Intelligent Detection Engine to detect threats and anomalies that might happen on a website. Some of its main features are:
The fundamental of high-performing detection is done by finding the slightest change. SentryPage achieves them by comparing the before-and-after change.
A well-trained external resource engine to detect an external domain with an unknown source. The source can be links or certain media (such as images) embedded in the source code on a webpage.
Attack signature engine can detect a word and classify it as an unusual text (dirty words, defacement-related words, etc.) that matches the words in the database.
- Whenever a web page changes—or worst: being hacked—users will get an almost real-time alert/warning.
SentryPage will provide a monitoring system that checks for website defacement, website uptime, and other critical aspects of a live website. SentryPage is simple to use and provide all the features to monitor your websites. Moreover, SentryPage will give you free credit for new users to provide just the required features to monitor a website, allowing you to start monitoring on budget.