As seen in the February 2019 edition of The Small Business Monthly, Jamie Lembeck a Cybersecurity advocate for The Purple Guys is featured in their Cybersecurity expert panel offering education to small and mid-sized business owners regarding the rise in security threats small business owners face.
How much of a problem is cybersecurity for small- and mid-sized companies?
It is a huge issue. Studies show that 70% of cyber attackers are after the small- and medium-sized businesses. Unfortunately, if these companies aren’t protected, about 60% of them go out of business within six months. It is a huge, huge issue. The cost, depending on the size of the company, can be $500,000 plus to some companies. These attacks are happening every day. According to a new FBI study, by the end of 2019, ransomware attacks will strike small businesses once every 14 seconds.
What are the threats to business owners?
The things that are happening is everything from malware being delivered via email, to hackers trying to get into your system and get into your financials, employee data, etc. One of the big problems is most small businesses don’t have a clear cybersecurity plan in place.
Why would cyber attacks be targeted at a small- or mid-sized business?
A lot of people think it is a waste of a cyber criminal’s time. But the reality is, these businesses lack investment in cybersecurity and they often don’t have a cybersecurity strategy in place. One of the things that happens is that getting into a small business can sometimes leadtoo other blue-chip companies. And, in all honesty, small companies are more willing to pay ransoms. Ransoms are right now averaging $2,500. We’ve seen it as high as $20,000. If you don’t have a clear strategy in place, there will be issues.
There seems to be a very human element to cybersecurity?
The employees are your weakest link, unfortunately. We just got out of what I call “Amazon Gift Card” season. People go to a trade show or event and they get an email that they just won a $20 gift certificate to Amazon, they click on it and malware is there and their system is compromised, and they are shut down. Something as simple as passwords can also be a problem. We are creatures of habit, so sometimes our personal passwords (bank account, emails, etc.) are the same as our passwords for work. It is important providers work with employees and educate them on how to avoid these situations.
What does a cybersecurity plan look like?
For starters, you must engage the senior executives and make sure they understand what is at risk and what would happen if technology failed. From here, we will put together a plan for the company, starting with password policies. It is important to make sure passwords are only for 90 days and, after that, they can never be used again.
Additionally, there are a plethora of things that need to be taken into consideration. Who has access? Who has the proper permissions?
Also, one of the most important parts of the plan is the backup strategy. That is one of our key differentiators in the marketplace. Backups are extremely important. They need to be happening on a daily basis. What we do is encrypt that data when we offsite it so there is a duplication of records. A lot of companies do not do that. If your server fails and you need to pull data from backup, you won’t know if that data is good until you try it. We are checking constantly to make sure that information is good. Making sure it is totally backed up is important. But we are not only backing up the files but the operating systems and the applications as well. That is something we do to make sure every bit of information is backed up so we can get that client up and running as quickly as possible.
Everything comes back to that backup. How often is it backed up? Is it being backed up offsite?
When searching for an IT firm to help with cybersecurity, what are the questions to ask?
What are the financial liabilities, internal and external, if an attack occurs? Who is responsible? Who reacts? What are the response times? Availability? What are the service levels? Is support going to be onsite or all remote? What was the last remediation you performed? How was it executed? Give me examples and references from clients. What happens when the staff changes? What happens to the passwords? If you are a HIPAA company, for example, do you have experience in that area? What is my exit strategy in case things aren’t working?
If you'd like to learn more about Cybersecurity for your business, reach out to The Purple Guys today. We can help get you started or help boost what you already have going for your business to ensure you're protected against cybersecurity threats.