How Start-ups and Small Businesses can mitigate common Cyber Attacks
Cyber-attacks have been significantly increasing in recent years and are predicted to cost $6 trillion by the end of 2021. The stark reality is that start-ups and small businesses are the most susceptible group to these cyber-attacks due to resource and financial constraints. The increasing frequency and severity of cyber-attacks means that it is more important than ever that you do what you can to protect your business. The aim of this blog post is to cover mitigation techniques that you can implement to help prevent the most common cyber-attacks from affecting your business.
Remember, things will go wrong
Every day, cyber-attacks affect businesses around the world, and most of them aren't making headlines. On occasion, large attacks such as the infamous WannaCry attack that took down hospitals, businesses, and government services in more than 150 countries, and more recently, the Conti ransomware variant has gained significant attention for attacking the Irish Health Services Executive (HSE). However, many attacks don't get much attention at all.
What we have learned over the years is that no matter how big or small your business is, you will at some point be a target for cyber criminals. Recent surveys have shown that 77% of micro and small business owners believe that despite the COVID-19 pandemic, cyber-security remains a top priority for them and their businesses.
These concerns are well founded given that small businesses are commonly targeted due to a lack of internal knowledge on how to prepare, respond and recover from cyber-attacks. To protect your business, we have outlined some techniques below that can help you avoid the most common cyber-attacks.
You need a system to defend against cyber-attacks
When it comes to cyber-security, there are two sides of the coin: the threat of attack and the defence against those attacks. One cannot exist without the other. The greatest threat to any business is a security breach. A good defence plan will help keep your business safe from these breaches. Elements of the plan should include the following:
1. Keep your software updated
Keeping your software updated is an important factor in security. Hackers are always on the lookout for unpatched computers and devices to exploit, so it's essential to keep your software up to date if you want to protect yourself against online threats. Simply put, if there's a bug in your software, you're more likely to get hacked. It's that simple! So, make sure you update all your system's core components, particularly applications and operating systems.
2. Use strong passwords
Passwords are the first line of defence in securing your accounts. Therefore, it's important you use strong passwords.
Trying to remember a unique and complex password for every website you visit can be difficult, but there are ways you can make sure your accounts stay secure, even if you're not able to memorize a new password every few weeks. Below are a few tips and tricks to help you keep your accounts safe:
- Use long passwords—at least eight characters long with uppercase and lowercase letters, numbers, and symbols. Passwords should also be made of random words, so that no one can guess them.
- Consider using a password manager so that you can store passwords securely without the need to memorize them.
- Don't tell anyone your password or write it down somewhere where someone can find it (like on a post-it note stuck to your computer).
- Use different passwords for each account. Using the same password for everything makes it easy for someone to steal all your accounts at once.
- Be wary of phishing emails asking for sensitive information like your name and password.
3. Have a backup system in place
Data loss can happen to anyone and cause massive problems for businesses. Trying to get back vital information can be expensive, time-consuming and recovery is highly unlikely. While there are preventative measures you can take, the best way to protect yourself against data loss is to have a robust backup system in place.
4. Test your backups regularly
You should test your backups regularly. That way, you'll know whether the backups are working and can recover your data in the event of a disaster. The most basic approach to testing is to run through the restore process periodically. Performing these tests can be time consuming, but if you don't do them, you run the risk of losing all your data if your backups fail unexpectedly."
5. Use multi-factor authentication
The best way to protect your accounts is with a multi-factor authentication system. This means that you must supply two separate pieces of information to log into an account. The most common way this is done is by logging in with a username and password, like how you log into an online banking site or Facebook account. Then, once you've been granted access, you can use an app on your phone to generate the code, such as Authy, Google Authenticator or Microsoft Authenticator.
6. Remove default user accounts
It's not uncommon for servers, network devices and software applications to come with default user accounts and passwords applied to administrative accounts. These credentials can be easily found on the internet which can be a significant security risk because a malicious actor can then easily gain access to potentially sensitive data. As such, the best way to mitigate this type of risk is to either remove or disable these accounts and setup similar accounts with usernames and passwords that will not be easily guessable.
It is critical to be aware of the potential threats that are out there, and the mitigations outlined above can help to protect you from the many common attack vectors. However, it is also important to remember that what has been outlined here should not be considered as a comprehensive list of controls, but rather a good starting point for implementing a basic cyber hygiene strategy for your business.
If you would like to learn more about how Secora can help you protect your business, get in touch. Our team has the skills and expertise to work with your organisation on creating a robust cyber security posture that provides peace of mind in an ever evolving cyber threat landscape.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.
We have arranged our services into four groups based on the objective of the tests.