With all of the warnings about ensuring business cybersecurity is up to par, you’d expect the number of cyberattacks would dwindle. The sad fact is breaches continue to climb year after year as cybercriminals become more cunning in their techniques and many business owners continue to fail to implement even basic cybersecurity principles.
For example, the number of breaches through Sept. 30, 2021, had already exceeded the total number of events in 2020 by 17 percent, according to Security Magazine. That makes 2021 a record-breaking year for breaches and 2022 is expected to be worse.
What’s the Problem?
The increase in attacks starts with money. Cybercriminals have found easy pathways using malware and phishing attacks to access data. Once in a system that lacks proper security and inadequately trained employees, they can hold data ransom or steal a business’s cold hard cash.
Additionally, it’s not just cybercriminals attacking businesses. State-sponsored actors in countries such as China and Russia have been ramping up attacks for years. With current geopolitical events, the threats are only expected to increase.
Despite warnings, many businesses are avoiding the cost of implementing even basic cybersecurity. That’s a huge mistake considering the average cost of a breach now is nearly $3 million.
Russian State-Sponsored Cyber Threats
With the invasion of Ukraine by Russia, businesses worldwide have been warned to prepare for an onslaught of cyberattacks. On Jan. 11, 2022, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the Federal Bureau of Investigation (FBI), and National Security Advisory (NSA) issued a joint cybersecurity advisory to provide an overview of Russian state-sponsored cyber operations including common tactics and techniques. The warning also provided detection actions, an incident response guide, and mitigations.
Not only must businesses face standard cyber threats from bad actors, but the political ramifications of what’s happening in Eastern Europe are now also a consideration. There are mitigations outlined in the cybersecurity advisory every business should implement now:
- Be Prepared. Confirm reporting processes and minimize personnel gaps in IT/OT security. Create, maintain, and exercise a cyber incident response, resilience, and continuity of operations plans so critical functions and operations are kept running if technology systems are disrupted or need to be taken offline.
- Enhance Your Organization’s Cyber Posture. Follow best practices for identity and access management, protective controls and architecture, and vulnerability and configuration management.
- Increase Organizational Vigilance. Stay current on reporting on threats. Subscribe to CISA’s mailing list and feeds to receive notifications when CISA releases information about a security topic or threat.
Back to Basics
At ORAM Corporate Advisors, we’re still seeing business leaders and employees avoiding basic cyber hygiene protocols. There has been an increased use of reused passwords and a failure to use multifactor authentication. This allows hackers to create havoc such as accessing corporate email accounts. The bad guys then have what they need to create nefarious transactions, steal data, hold your business for ransom, and completely shut down your operations.
To prevent such serious issues that could shutdown of your business, follow these cybersecurity tips:
- Change your passwords for logins and use unique passwords for each system or application. Employ a password manager such as LastPass to help you keep track of passwords. Require every employee to do the same. Passwords should be at least 12 characters long with a mix of numbers, special characters, and capital and lowercase letters.
- Use multifactor authentication whenever offered. Ensure systems are using software that requires staff, customers, and partners to use multifactor authentication to log in. This helps prevent unauthorized access and significantly reduces the odds of a hack.
- Train every employee on an ongoing basis. It is much easier to prevent an attack than recover from one. Employees are your first line of defense. Teach basic security practices, personal cybersecurity, and the prevalence of cyber threats they are likely to face. Such training should occur at onboarding and at least once every six months.
- Secure your WiFi. Ensure WiFi networks are encrypted and hidden from public view. If employees work from home, ensure they have encrypted internet since hacking an employee’s remote network is an easy access point.
- Ensure software is up to date. From anti-virus to firewalls, ensure all security software is updated regularly and patches are updated automatically. This is also true for software and firmware your business depends on daily. Think in terms of security layers, especially when it comes to phishing and social engineering attacks used to steal login credentials.
- Secure physical devices and workspaces. Set the auto-lock feature on every company device from mobile phones to desktops. Just as you would lock your house, every business device should lock automatically after a short time. Every device should be secured with an individual pin or password. Have a policy about what can be printed and kept and how it should be stored. Ensure every employee knows and abides by the security policies in place.
- Plan ahead. Have a plan in place should a hack occur. The Federal Communications Commission (FCC) has a free Cyberplanner online to reduce cybersecurity risks or contact a third-party organization such as ORAM Corporate Advisors to help build a plan.
- Know the ABCs of cybersecurity. The ABCs are simple: Always Be Cautious. Don’t click suspicious links or open emails from unknown/untrusted sources. Every email, link, and attachment should be carefully scrutinized. If you suspect something is awry, pick up the phone and call the sender directly or notify your IT department.
Compliance is Key
In addition to following basic cybersecurity practices, make sure your business and staff are compliant. Conduct an internal systems audit, identify security gaps, and provide solutions for shoring up gaps so your business can showcase its compliance to land that big fish client.
Without the audit, you won’t know if your IT systems are up to snuff and you may not land that contract because the potential client won’t be able to trust you with their data. Proof your business is cyber secure can make the difference between getting the deal or not.
Whether a business is manufacturing, utilities, or healthcare, most industries require certain cybersecurity measures to be in place. At ORAM, we see that even small businesses are being asked if their systems are up to par when it comes to cybersecurity.
Reducing Business Risk
Implementing basic cybersecurity measures and mitigations is much cheaper than recovering from a breach. It is also in the best interest of every business to undergo annual cybersecurity audits to ensure everything is up to par and cyber plans are in place. Furthermore, every business should invest in Dark Web monitoring and cyber insurance. It all boils down to basic cybersecurity practices and compliance.
At ORAM, our experts are able to help with everything from hardware and software to cybersecurity audits and solutions to ensure that your network is operating smoothly with the best in security to promote uptime. If you’d like to sign up for a free initial consultation with no obligation, contact ORAM Corporate Advisors today at (617) 933-5060.