Companies have been hit hard this year, and hackers and cybercriminals have been quick to capitalize on the confusion caused by a global pandemic. They launched a wave of malicious emails, false government documents and simulated websites — even going so far as to create a fake site for the World Health Organization. As thousands of companies moved their operations online, hackers found an exponentially expanded attack surface.
Many companies are turning to multiple vendors to provide security across numerous servers, platforms and applications. However, in our Global Data Protection Index 2020 Snapshot, Dell Technologies found that organizations using more than one data protection vendor are approximately two times more vulnerable to a cyber incident, costing organizations an average of $1,090,436. That kind of hit could cripple smaller businesses.
It’s not all bad news. As we continue to learn from the past few months and look ahead to the future, here are some ideas for how companies can build greater resiliency into their security processes.
Start by Empowering and Educating Teams
As a small business owner, employees are the beating heart of your company — but they’re also one of the biggest risk factors when it comes to cybersecurity. In fact, Gartner Inc. estimates that 95% of corporate data breaches that happen in the cloud can be attributed to employee errors.
Today, we’re increasingly accessing company systems from both work and personal devices, and network perimeters are no longer limited to physical locations. Empower your teams with best practices for detecting threats, securing logins and protecting personal hardware devices. It’s a low-cost, high-impact way to reduce your company’s cybersecurity risks.
- Ensure your team knows how to identify a phishing attack, and fully understands the risks that attachments carry, especially from unfamiliar addresses. In 2019, the average downtime caused by a ransomware attack was 10 days — and when you consider the cost of each employee losing 80 hours of productive time, it puts the ROI of dedicated security training into sharp perspective.
- Provide parameters around only downloading apps and tools from official, authorized sources. Considering it only takes one click on a bad source to compromise your business’s network, it’s crucial that employees know that they should never share their work devices with other members of their household.
- Educate team members on the security hazards of poorly managed passwords. Teams need to select complex and personal passwords for their workplace applications that only they would know, and they must avoid reusing the same passwords across multiple accounts or leaving login information written in places where someone could find it — either physically or digitally.
Reduce Your Attack Surface and Reinforce Your IT Stack
While bigger breaches make bigger headlines, many attacks are against smaller companies because they’re typically easier to hack. The most effective way to avoid threats is to take steps to put protections in place for your software, hardware and devices.
- You know that strong passwords are necessary for your email, web apps and shared workplace tools and resources, but they’re necessary for home routers as well. All employees should change the default passwords on their routers to something stronger.
- If your company employs a virtual private network (VPN), ensure that team members are using it to access work apps and data. VPNs help add an important layer of protection for your team by creating encrypted pathways between your server and your distributed workforce. If your company is setting up a VPN from scratch, make sure you buy from a trusted vendor in a jurisdiction with stringent privacy and cybersecurity regulations. Some free VPN services fund themselves by selling customer data to third parties.
- Make sure you’re using the most current versions of your software — whether that means regularly installing system updates on your computers, or implementing new solutions rolled out by the manufacturers of your hardware. Having antivirus software on your devices can also help block unwanted software, spyware and programs.
- If your team is working remotely, communication apps with encryption features keep your conversations confidential. While not every application includes encryption, you can still enter the advanced settings, and modify them to ensure you’re selecting the highest standards of security. When it comes to video conferencing, there are many additional measures you can take to stop intruders, such as implementing waiting rooms so hosts can view and verify attendees before a meeting begins.
- Lastly, to protect your network’s endpoints — all those employees and third parties accessing your systems — consider investing in solutions such as single sign-on (SSO) and multi-factor authentication (MFA). These help you secure your logins and protect your business from common data breach techniques.
As you decide on a cybersecurity strategy for your business, remember that the cost of doing nothing is simply too high.
By Erik Day, Senior Vice President, Small Business at Dell Technologies