The last thing we need in Monroe County is a business shutting down because of a preventable cyber attack. Yet, we see it time and time again — A bad password, unpatched software, or accidental click leads to a ransomware event.
Ransomware is the most common cyber crime we deal with today, and the cost to pay a ransom can be devastating to a business. Just imagine paying a ransom of $50k – 150k — and think about if your small business would be able to pay, or would survive if the word was out that all of your data has been compromised (not to mention the HIPAA/GLBA/PCI fines you might face)..
One of the first items you need to think about is training for your employees. Believe it or not, your devices and software are not the weakest link in your network. Your people are! There are plenty of free cyber training resources out there — one f my favorite is Wizer-training.com.
Next, start using tools you already have available such password managers, VPNs, and multi factor authentication. Your existing business grade router might already have a VPN solution built in, consider using that to access your internal systems. Also, be on the lookout for any login that does not require multi-factor; and figure out how to enable multi-factor for that service or website.
Next, Onto the topic of backups.. And I can’t stress this enough. If you have a manual process for backups — you need to change that immediately. Backups should be automated, with offsite backups being sent offsite (encrypted).
If you have automated backups in place, make sure these are tested regularly. I like to say that a backup is only as good as your last restore test.
Finally, create a policy and procedure in the event you do have a breach. Things to include should be:
- Who to contact? Who to Alert?
- What are the steps you should take to block the attack?
- What should your employees do during the breach?
- What to do if a device is lost or stolen?
One last bit of detail — if you don’t have a cyber policy in place — I suggest you reach out to your insurance provide and start talking about it today.
There are many other things that you can and should be doing. Security isn’t something that you will solve overnight, it is an ongoing process that you will need to continue forever. Each step of the way you should be looking to identify next steps on your cyber security timeline.