We talk about it plenty. Now it's time to Double Down on Cybersecurity

Cybersecurity breaches are on the rise and growing at an alarming rate. We all remember the big names from the 2017 breaches, like Equifax, which had the personal data of 145 million accounts hacked. Yahoo released a report on previous breaches: 3 billion accounts hacked in 2013 and another 1 billion accounts in 2014. Verizon reported that 14 million subscribers may have been affected by a cyber- attack. This list goes on and on.

But big corporations aren’t the only targets. It is estimated that 58 percent of all cyber-attacks are targeted toward small businesses. Still not convinced if cybersecurity is right for your business? Here are a few statistics from SmallBizTrends that may shock you:

                • Only 14 percent of small businesses self-rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.

                • About 60 percent of small companies go out of business within six months of a cyberattack.

                • Almost half (48 percent) of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.

                • Fifty-eight percent of small businesses are concerned about cyber-attacks, yet they are not allocating any budget towards risk mitigation. 

                And, according to UPS Capital:

                • Cyberattacks on small businesses cost between $84,000 and $148,000 eacc to address. 

                • Ninety percent of small businesses don’t use any data protection at all for company and customer information.

Cybercrimes are increasing; the criminal business of stealing data and information is booming. It is estimated it will cost businesses $6 trillion annually by 2021. Right now, it is said that a business will fall victim to ransomware every 14 seconds. 

Malicious email is the No.1 method as an entry point for a cyberattack. A 2018 report from Verizon DBIR said that 92.4 percent of all malware is delivered via email. According to Symantec, 88 percent of malicious emails use malware-laden attachments to deliver their attacks. With email being the primary source of delivery for cyber-attacks, having the proper protection in place is vital to the survival of your business. 

Although these statistics are daunting, don’t fret. Implementing the proper tools and processes to protect you and your customers from attacks is easy and cost-effective. 

The late great coach of the Green Bay Packers, Vince Lombardi, said, “The best defense is a good offense!” 

This quote, often used in sports settings, couldn’t be more relevant to cybersecurity. Being proactive rather than reactive will pay dividends in the long game. Don’t let them bring the fight to you. Rather, you should be proactive in your strategy by putting the tools and processes in place to stay ahead of would-be attackers before they have a chance to steal your data. Criminals — like the slime they are — will always follow the path of least resistance. Putting more security checks in place adds more resistance! 

The techniques used by attackers, are evolving every day — becoming more advanced and harder to detect. Because of this, legacy antivirus software alone is an obsolete solution and needs to be upgraded to include additional levels of protection, such as multi-factor authentication or a password management tool. 

Multi-factor authentication is used often in our daily lives. Every time you enter your password when swiping a debit card, when you answer a unique question to log in to a site you’ve previously made an account for or when you show your identification when paying by check, these are forms of multi-factor authentication. 

Many common threats involve trying to obtain a user’s login credentials for the purpose of gaining access to your systems. Implementing a two-factor authentication strategy, such as needing to input a code sent to a mobile device or email, in addition to inputting a password, can thwart the most common phishing and social engineering attempts we all face on a daily basis. This can help further secure your domain, Office 365 and other tools you use.

Let’s face it, we as users are lazy by nature. We don’t like to remember long, complicated passwords. Even worse, we often use the same simple password for multiple websites or applications, if not the same password for all accounts. Let me say this just once, “Do not reuse passwords!” If one of your accounts becomes compromised, these nefarious individuals will use that password to try and access every account associated with your name. The solution is simple: Invest in a password manager tool. 

Using password manager tools such as LastPass, DashLane or Keeper can help you remember and randomize your passwords for everything you login to. So, if a social media or email account password is stolen, cybercriminals can’t use the same credentials to login to your bank account, etc. Using a password manager is one of the best ways to protect your digital identity. 

One key thing to note is that no matter how well a company utilizes firewalls, antivirus and other tools to secure its data, the human element still leaves networks of every size vulnerable to attacks. Investments in cybersecurity should not end at software and tools. Cybersecurity awareness training for all personnel is just as important as the software and tools — if not more important. 

Having a people-centered approach to cybersecurity in your business will be your best asset to ensure your employees are educated and empowered to understand what the risks are and to make better decisions. Do not rely on technology alone to protect your data.  

Get with your IT professionals to conduct training or bring in a cybersecurity specialist to speak with your team about best practices and how your company can be more security- minded. Having cyber-aware employees could be your saving grace in keeping hackers out of your network. 

If you don’t have a cybersecurity policy in place, create one. For your cybersecurity policy to be successful, it needs to be documented, reviewed and distributed throughout your company. After assessing your company’s cybersecurity policy and identifying the risks, make the necessary changes to ensure your policy is up to date, effective and clear to all personnel. Review and update your policy on a regular basis as technology is always changing. 

Keeping up to date with current cybersecurity trends and best practices is vital to the success of your defense system. Be vigilant by having the capabilities in place to detect cyberattacks and vulnerabilities. Be cyber-aware, ensuring your employees have access to your cybersecurity policy and understand the requirements. Be resilient by being prepared to effectively respond to incidents so your business can return to normal operations quickly, with minimal impact. 

The time to act is now. Be proactive. Don’t let your business become a cyberattack statistic. Every company, no matter its size, needs to invest in cybersecurity as one of their top priorities — your business depends on it. Having the right policies in place with the proper execution is key to protecting your business from falling victim to cybercriminals. 

David Black is the director of business development for Wasatch I.T., a Utah provider of outsourced IT services for small and medium-sized businesses.