Does your medium business have the cybersecurity basics covered?

by Scott Lerner,  Director of Mid Market Sales at Verizon Business Markets

Twitter | @Coach_Lerner

You might think you can keep your head down and stay out of cybercriminals’ targets — after all, they’re more interested in the big fish, right? Wrong. Cybercriminals don’t just target large enterprises — based on our analysis, almost two-thirds of data breach victims had under 1,000 employees¹.

Most cybercriminals don’t care about the size of your business or who you are — they care about money. According to our research, over 70% of breaches were financially motivated¹. And they don’t mind where they get it. Many cybercriminals don’t target their attacks at all. They take a scattergun approach, hitting the organizations with the weakest defenses.

That’s the problem. You’re facing the same threats as large enterprises, but you don’t have an enterprise-level security budget to build a state-of-the-art defense.

Cybercriminals are lucky, not smart

That doesn’t mean you should throw in the towel. Cybercriminals — from the kids operating out of their parents’ homes to sophisticated state-affiliated hackers — are still using the same old tricks to compromise organizations. Mostly, they’re playing an odds game. They don’t rely on their own smarts — they spread their nets wide and wait for you to make a basic mistake. And it’s amazing how many people are still making them.

Surely people aren’t still falling for phishing? It turns out they are. They fall for it time and time again. One in 14 users fell for phishing, and a quarter of those were duped more than once¹. And people still haven’t got the message about strong passwords — over 80% of hacking-related breaches leveraged either weak and/or stolen passwords¹.

Teach your employees the basics

• Use strong passwords. You should encourage employees to vary their passwords and use two-factor authentication to protect sensitive data/systems. But the strongest passwords aren’t necessarily what you’d expect — four randomly selected words unrelated to you could actually be more secure than an alphanumeric password.
• Don’t get caught by phishing emails. Show your employees what a phishing email looks like. The poor grammar, incorrect branding and “click-bait” messages are easier to spot when you know what you’re looking for.
• Create a culture of security. Your employees should be sending sensitive information over secure networks. And they should extend the same care to physical documents. Develop a culture where printing out sensitive information is frowned upon. If physical copies are necessary, encourage employees to shred documents when they’re finished with them.
• Be alert. Educate your employees about the tell-tale signs of a cyberattack. Is the sudden spike in network traffic really due to increased interest in today’s lunch options? Or are you the victim of a DoS attack? Are your customers encountering problems with your e-commerce site because of a fault or because a cybercriminal has tampered with it?
• Have a clear incident response plan. Your employees need to know who to contact and how to contact them if they suspect an attack or there’s a data breach. Because that’s when every second counts. Your people should know the best way to record a security incident and where to do this. And your IT team should know if an incident needs to be handled by a security provider or if it can be dealt with in-house.

Knowledge is the best defense

The best defense is built by thoroughly understanding your opposition. That means analyzing and learning from your own experiences of cybercrime to avoid falling for the same trick twice. It also means learning from the experience of others. The annual Data Breach Investigations Report (DBIR) is based on an analysis of over 40,000 security incidents and offers an unparalleled insight into the world of cybercrime.

You can get a clearer picture of the biggest cyber threats facing your business using the DBIR’s nine attack patterns — almost 90% of the breaches investigated in the report fall into these patterns¹. Understanding them can help you prioritize your defenses and mitigate your cyber risks.

1 2017 Data Breach Investigations Report, Verizon