Let’s get serious about cybersecurity
Cybersecurity is important. You know that. We know that. But why are so many businesses not doing enough about it? It can be for a number of reasons, from lack of knowledge to lack of budget. But just because you’re a small business doesn’t mean you can’t protect yourself. There are plenty of things you can do that can have a huge impact and won’t break the bank.
Each year, Verizon produces the Data Breach Investigations Report, which looks into real incidents and breaches across a variety of industries. This report helps highlight the biggest risks to businesses and can help you identify where your own security could be strengthened. But we know our report can seem daunting, and small business owners are often too busy to read it in full. That’s why we’ve pulled out the recommendations that are most practical and actionable for small businesses like yours, to help you understand how you can better protect yourself.
Are you making these 3 common mistakes?
We all make mistakes, and that’s fine. What isn’t fine is when we keep making the same ones. And when it comes to cybersecurity that’s what a lot of businesses are doing. Whether it’s using the same passwords for multiple accounts, failing to back up data, or falling for phishing—companies are still doing it, and the consequences could be severe. Now is the time to improve your defenses, train your employees and learn to stop making these same common cybersecurity mistakes. Read our guide for actionable tips your business can use right now.
Avoid these 3 common excuses.
“It’ll never happen to me,” “I’ll sort that next week” and “I can’t afford better cybersecurity.” Sound familiar? These are just some of the reasons small businesses procrastinate when it comes to cybersecurity. But tomorrow could be too late—don’t wait to be the victim of an attack before looking into your defenses. There are plenty of things that you can be doing right now to help avoid becoming a negative statistic in our next Data Breach Investigations Report. Read our guide now.
3 simple rules to improve your cybersecurity.
Protecting your business from threats can seem daunting, but effective cybersecurity doesn’t have to be complicated or expensive. It doesn’t matter if you already have policies in place, or if you’re a complete beginner, there are simple things you can do to improve your defenses—from correct disposal of data and devices to better management of employees and their own devices. Read our guide for real actionable tips your business can use right now.
All businesses are at risk from cyberattacks—no matter their size. And all businesses can do more to improve their cybersecurity. Give your business the protection it deserves and don’t put off till tomorrow what can be done today.
Follow our tips and get proactive about security. And for even more advice, talk to one of our security experts.
- Everyone's Tags:
by Scott Lerner, Director of Mid Market Sales at Verizon Business Markets
Twitter | @Coach_Lerner
You might think you can keep your head down and stay out of cybercriminals’ targets — after all, they’re more interested in the big fish, right? Wrong. Cybercriminals don’t just target large enterprises — based on our analysis, almost two-thirds of data breach victims had under 1,000 employees1.
Most cybercriminals don’t care about the size of your business or who you are — they care about money. According to our research, over 70% of breaches were financially motivated1. And they don’t mind where they get it. Many cybercriminals don’t target their attacks at all. They take a scattergun approach, hitting the organizations with the weakest defenses.
That’s the problem. You’re facing the same threats as large enterprises, but you don’t have an enterprise-level security budget to build a state-of-the-art defense.
Cybercriminals are lucky, not smart
That doesn’t mean you should throw in the towel. Cybercriminals — from the kids operating out of their parents’ homes to sophisticated state-affiliated hackers — are still using the same old tricks to compromise organizations. Mostly, they’re playing an odds game. They don’t rely on their own smarts — they spread their nets wide and wait for you to make a basic mistake. And it’s amazing how many people are still making them.
Surely people aren’t still falling for phishing? It turns out they are. They fall for it time and time again. One in 14 users fell for phishing, and a quarter of those were duped more than once1. And people still haven’t got the message about strong passwords — over 80% of hacking-related breaches leveraged either weak and/or stolen passwords1.
Teach your employees the basics
- Use strong passwords. You should encourage employees to vary their passwords and use two-factor authentication to protect sensitive data/systems. But the strongest passwords aren’t necessarily what you’d expect — four randomly selected words unrelated to you could actually be more secure than an alphanumeric password.
- Don’t get caught by phishing emails. Show your employees what a phishing email looks like. The poor grammar, incorrect branding and “click-bait” messages are easier to spot when you know what you’re looking for.
- Create a culture of security. Your employees should be sending sensitive information over secure networks. And they should extend the same care to physical documents. Develop a culture where printing out sensitive information is frowned upon. If physical copies are necessary, encourage employees to shred documents when they’re finished with them.
- Be alert. Educate your employees about the tell-tale signs of a cyberattack. Is the sudden spike in network traffic really due to increased interest in today’s lunch options? Or are you the victim of a DoS attack? Are your customers encountering problems with your e-commerce site because of a fault or because a cybercriminal has tampered with it?
- Have a clear incident response plan. Your employees need to know who to contact and how to contact them if they suspect an attack or there’s a data breach. Because that’s when every second counts. Your people should know the best way to record a security incident and where to do this. And your IT team should know if an incident needs to be handled by a security provider or if it can be dealt with in-house.
Knowledge is the best defense
The best defense is built by thoroughly understanding your opposition. That means analyzing and learning from your own experiences of cybercrime to avoid falling for the same trick twice. It also means learning from the experience of others. The annual Data Breach Investigations Report (DBIR) is based on an analysis of over 40,000 security incidents and offers an unparalleled insight into the world of cybercrime.
You can get a clearer picture of the biggest cyber threats facing your business using the DBIR’s nine attack patterns — almost 90% of the breaches investigated in the report fall into these patterns1. Understanding them can help you prioritize your defenses and mitigate your cyber risks.
1 2017 Data Breach Investigations Report, Verizon