2016 Small Business Cybersecurity Safeguards
The increasing threat of cyberattacks against small businesses requires a reassessment of the tools and services used to monitor and secure company data and customer information.
Why Small Businesses Need Advanced Cybersecurity
If the past few years have taught us anything about cybersecurity, it was that nothing should be dismissed or taken for granted.
Take, for instance, the Target breach.
We now know that the breach started months earlier with an email phishing attack against a small HVAC vendor that could have been prevented. There are four lessons small business owners need to take away from that:
- Never underestimate the value of confidential customer information, especially usernames and passwords.
- Never underestimate the value hackers place on that information.
- Don’t fall victim to complacency — falsely believing that your business is safe because you have nothing of value worth a hacker’s time.
- Don’t make the mistake of believing that on-demand, or manual scanning is sufficient to protect your business from the sophistication of modern threats.
With that in mind, these are 3 of our top cybersecurity safeguards to implement for your small business in 2016:
1. Cloud Data Leak & Breach Monitoring
The rise of cloud computing has led to the massive adoption of services by businesses, especially small businesses with tight technology budgets. Unfortunately, many small businesses make the mistake of leveraging free, less functional versions of cloud software, like Dropbox. Dropbox provides minimal protection or auditing for its free version, and confidential information can be accidentally exposed to the public relatively easily.
A 2015 report compiled by IBM, where 62 US businesses responded, placed the estimated cost per breach at $6.5 Million USD. Auditing logs alone are insufficient to proactively monitor for data leaks and breaches across multiple cloud platforms. A centralized, unified monitoring solution is necessary to ensure the safety of corporate data across all technology platforms (mobile, virtual, physical).
2. Layered Adaptive Network Security
With online extortion, ransomware being the most common application and topping cyber-threat predictions for 2016, businesses need to evolve their security solutions to protect their data. No single solution is sufficient to protect against the sophisticated and ever-present danger of cyberattacks. Traditional security methods that still rely on blacklists, definitions, and patching have been outpaced by advanced, persistent threats. A 2008 report by the SANS Institute details the need to move past traditional security approaches towards collaborative solutions that monitor for atypical traffic and behavior across multiple channels and update endpoints in real-time. Layering these solutions to protect public and private DNS, perimeter devices, endpoint devices, cloud, and virtual systems will present a significant barrier against malicious access.
3. Virtual Desktop Infrastructure (VDI)
A November 2015 address given by DISA Director, Lt. Gen. Alan Lynn at an AFCEA D.C. Chapter event, underscored how “migrating to a virtual desktop infrastructure (VDI) could mitigate sources of the greatest number of network breaches.” Virtualization eliminates the need to manage widespread computing platforms, allow insecure communication through perimeter devices (firewalls), and the need to host public internet facing systems (email, apps, websites) on private corporate networks.
If you are interested in learning more about how a high-availability network design will benefit your business, contact us today!