Let’s get serious about cybersecurity
Cybersecurity is important. You know that. We know that. But why are so many businesses not doing enough about it? It can be for a number of reasons, from lack of knowledge to lack of budget. But just because you’re a small business doesn’t mean you can’t protect yourself. There are plenty of things you can do that can have a huge impact and won’t break the bank.
Each year, Verizon produces the Data Breach Investigations Report, which looks into real incidents and breaches across a variety of industries. This report helps highlight the biggest risks to businesses and can help you identify where your own security could be strengthened. But we know our report can seem daunting, and small business owners are often too busy to read it in full. That’s why we’ve pulled out the recommendations that are most practical and actionable for small businesses like yours, to help you understand how you can better protect yourself.
Are you making these 3 common mistakes?
We all make mistakes, and that’s fine. What isn’t fine is when we keep making the same ones. And when it comes to cybersecurity that’s what a lot of businesses are doing. Whether it’s using the same passwords for multiple accounts, failing to back up data, or falling for phishing—companies are still doing it, and the consequences could be severe. Now is the time to improve your defenses, train your employees and learn to stop making these same common cybersecurity mistakes. Read our guide for actionable tips your business can use right now.
Avoid these 3 common excuses.
“It’ll never happen to me,” “I’ll sort that next week” and “I can’t afford better cybersecurity.” Sound familiar? These are just some of the reasons small businesses procrastinate when it comes to cybersecurity. But tomorrow could be too late—don’t wait to be the victim of an attack before looking into your defenses. There are plenty of things that you can be doing right now to help avoid becoming a negative statistic in our next Data Breach Investigations Report. Read our guide now.
3 simple rules to improve your cybersecurity.
Protecting your business from threats can seem daunting, but effective cybersecurity doesn’t have to be complicated or expensive. It doesn’t matter if you already have policies in place, or if you’re a complete beginner, there are simple things you can do to improve your defenses—from correct disposal of data and devices to better management of employees and their own devices. Read our guide for real actionable tips your business can use right now.
All businesses are at risk from cyberattacks—no matter their size. And all businesses can do more to improve their cybersecurity. Give your business the protection it deserves and don’t put off till tomorrow what can be done today.
Follow our tips and get proactive about security. And for even more advice, talk to one of our security experts.
- Everyone's Tags:
by Scott Lerner, Director of Mid Market Sales at Verizon Business Markets
Twitter | @Coach_Lerner
You might think you can keep your head down and stay out of cybercriminals’ targets — after all, they’re more interested in the big fish, right? Wrong. Cybercriminals don’t just target large enterprises — based on our analysis, almost two-thirds of data breach victims had under 1,000 employees1.
Most cybercriminals don’t care about the size of your business or who you are — they care about money. According to our research, over 70% of breaches were financially motivated1. And they don’t mind where they get it. Many cybercriminals don’t target their attacks at all. They take a scattergun approach, hitting the organizations with the weakest defenses.
That’s the problem. You’re facing the same threats as large enterprises, but you don’t have an enterprise-level security budget to build a state-of-the-art defense.
Cybercriminals are lucky, not smart
That doesn’t mean you should throw in the towel. Cybercriminals — from the kids operating out of their parents’ homes to sophisticated state-affiliated hackers — are still using the same old tricks to compromise organizations. Mostly, they’re playing an odds game. They don’t rely on their own smarts — they spread their nets wide and wait for you to make a basic mistake. And it’s amazing how many people are still making them.
Surely people aren’t still falling for phishing? It turns out they are. They fall for it time and time again. One in 14 users fell for phishing, and a quarter of those were duped more than once1. And people still haven’t got the message about strong passwords — over 80% of hacking-related breaches leveraged either weak and/or stolen passwords1.
Teach your employees the basics
- Use strong passwords. You should encourage employees to vary their passwords and use two-factor authentication to protect sensitive data/systems. But the strongest passwords aren’t necessarily what you’d expect — four randomly selected words unrelated to you could actually be more secure than an alphanumeric password.
- Don’t get caught by phishing emails. Show your employees what a phishing email looks like. The poor grammar, incorrect branding and “click-bait” messages are easier to spot when you know what you’re looking for.
- Create a culture of security. Your employees should be sending sensitive information over secure networks. And they should extend the same care to physical documents. Develop a culture where printing out sensitive information is frowned upon. If physical copies are necessary, encourage employees to shred documents when they’re finished with them.
- Be alert. Educate your employees about the tell-tale signs of a cyberattack. Is the sudden spike in network traffic really due to increased interest in today’s lunch options? Or are you the victim of a DoS attack? Are your customers encountering problems with your e-commerce site because of a fault or because a cybercriminal has tampered with it?
- Have a clear incident response plan. Your employees need to know who to contact and how to contact them if they suspect an attack or there’s a data breach. Because that’s when every second counts. Your people should know the best way to record a security incident and where to do this. And your IT team should know if an incident needs to be handled by a security provider or if it can be dealt with in-house.
Knowledge is the best defense
The best defense is built by thoroughly understanding your opposition. That means analyzing and learning from your own experiences of cybercrime to avoid falling for the same trick twice. It also means learning from the experience of others. The annual Data Breach Investigations Report (DBIR) is based on an analysis of over 40,000 security incidents and offers an unparalleled insight into the world of cybercrime.
You can get a clearer picture of the biggest cyber threats facing your business using the DBIR’s nine attack patterns — almost 90% of the breaches investigated in the report fall into these patterns1. Understanding them can help you prioritize your defenses and mitigate your cyber risks.
1 2017 Data Breach Investigations Report, Verizon
by Margaret Hallbach, VP of Public Sector Sales at Verizon Business Markets
When you think cyberattack, do you picture a criminal mastermind launching a carefully planned attack on the White House? Can you hear the dramatic music and feel the tension building as the good guys find themselves with only seconds to spare before the country descends into unmitigated chaos.
It’s a successful Hollywood formula. But the reality is much scarier because it’s not just central government and big businesses that are the intended victims of cybercrime — everyone is at risk. You expect that police security camera overlooking your apartment complex to be operational. But is it? What if it had been infected with malware weeks earlier and was “offline for maintenance” during an assault?
Cybercriminals are often motivated by financial gain, but you could fall foul of hacktivism and cyber-espionage. Cities and municipalities have become targets because of limited resources, insufficient expertise, and unknown vulnerabilities.
Attacks that are simply launched for fun can have a devastating impact as well. What happens if your emergency response systems are overwhelmed by a telephony denial of service attack swamping your inbound call takers at your public safety answering centers?
Manage the risk of more tech
Cities are constantly competing against each other. Do people feel safe? Are the schools good? Are companies thriving and providing jobs? To improve constituent experiences and quality of service, while driving cost efficiencies, local governments are leveraging technology. Many cities are now looking to the Internet of Things (IoT) for smart street lighting to reduce energy consumption, and for intelligent traffic systems that cut congestion — there are even systems that detect potholes. The potential benefits are huge.
But as local government becomes more reliant on digital technologies, the consequences of cyberattacks grow. You’re holding more personal data. Your critical systems depend on technology. That means security can’t be an afterthought. When you’re developing new systems, you need to think security first. Imagine your facilities organization is refurbishing a municipal building with a new HVAC system. The automated detectors for sensing employees in the building allows the system to be remotely controlled, managing energy consumption and cutting operating expense. But it could also provide a new entry point for a cybercriminal.
Understanding the threats
Many municipalities and cities are budget constrained. New sources of funding are hard to find and these funding sources are difficult to maintain. IT professionals are aware of the threats, but they don’t have the support from City Councils to earmark dollars. Cybersecurity funding should be no different than traditional public safety.
The 2017 Data Breach Investigations Report (DBIR) draws on the analysis of over 40,000 security incidents and almost 2,000 confirmed data breaches to bring you an unparalleled source of information on cybercrime. The nine attack patterns we first identified in 2014 still cover almost 90% of data breaches. Understanding them can help you gain insight on where and how to invest your limited resources. We are all trying to stay ahead of the bad guys. Ask for advice and guidance – from a colleague, from another city, from a partner, from the industry. And most importantly, take action. Don’t regret the decision that you did nothing.