%20cropped.jpg)
Human error is the most common cause of data breaches. In fact, studies have shown that 91% of data breaches begin with a phishing email sent to an unsuspecting user.
Preventing (or mitigating) the impacts of cyber threats is a 24/7/365 responsibility. And since October is Cybersecurity Awareness Month, I’d like to take this opportunity to shine a spotlight on what businesses can do to try to prevent cybersecurity “bad days” from happening.
In this article we will discuss:
- Who Is At Risk?
- How Can Employees Help Hunt for Cyber Threats?
- What Can My Business Do To Defend Against Cyber Threats?
- If Funds Are Limited to Strengthen My Cybersecurity, Where Do I Start?
RELATED: The Ultimate Guide to Cybersecurity for Business
Who Is At Risk?
At Elevity, we’ve spoken with a lot of businesses in a variety of market sectors. Some are public and others are private businesses – including manufacturing companies, schools and even law firms.
However, we’ve seen a trend that small and medium-sized businesses (SMBs) often don’t think of themselves as a target for a cyberattack. The incorrect theory is that hackers only target large companies.
The truth is that every business is a target. And since many SMBs think that antivirus software is all that is needed to protect their business – they are often a juicy target for cybercriminals.
On the brighter side, we’re also seeing another trend. If an SMB hasn’t experienced a security breach yet, its leaders often know of area business colleagues who have been impacted. These “bad day” stories are an effective wake-up call, motivating business leaders to evaluate their company’s own cybersecurity plans and consider enhancements.
RELATED: Free Cybersecurity Risk Assessment Online Tool
How Can Employees Help Hunt for Cyber Threats?
As mentioned earlier, many phishing attempts start with an email to an employee. This email often contains a link that when clicked on will ask the user to enter their credentials. This is why employee cybersecurity awareness training is crucial. Your employees are often your front line of defense against getting hacked.
As part of employee cybersecurity awareness training, we recommend education on the “Pause, Consider, Verify” method of email evaluation. Before you click, pause – and consider the email thoughtfully. Is the email from someone you know? Is this email asking you to do something risky? If there’s any reason for doubt, contact your IT Administrator to verify before going any further.
In addition, we suggest promoting a corporate culture that encourages employees to understand that mistakes can happen. And if they do, to report any possible cyber mistakes as quickly as they can. Speedy reporting will help to mitigate any potential breaches.
What Can My Business Do To Defend Against Cyberthreats?
We highly encourage all businesses to have a layered cybersecurity approach. While Elevity creates customized plans tailored to individual businesses, a layered cybersecurity plan often contains the following elements:
- Antivirus Software
- SIEM/SOC Solution
- Multifactor Authentication
- Endpoint Detection and Response (EDR)
- Employee Cybersecurity Awareness Training
- Backup and Recovery Solution
- Cybersecurity Insurance
However, even the most secure cybersecurity plan should also have a detailed and accessible IT Disaster Recovery Plan in place. If a breach does occur, you’ll be thankful you planned ahead.
If Funds are Limited to Strengthen My Cybersecurity, Where Do I Start?
First of all, KUDOS to you for taking the initiative to strengthen your cybersecurity posture! You are encouraging the health and longevity of your business.
While we recommend a layered cybersecurity approach, the thought of launching a multipronged cybersecurity plan may look a bit frightening – or costly – especially to an SMB.
Smaller organizations with a limited budget can maximize their cybersecurity impact by adding another layer of security. Over time, consider adding more layers.
What could that first layer be? Multifactor authentication is a good start. Multifactor authentication is kind of like adding a lock to the front door. The user will have the key. Multifactor authentication will remove some risk as it will deter many bad actors.
But it’s possible for a crafty hacker to “trick” a user into giving them their key. However, adding this step will at least slow them down. Having more layers of security guarding a business’s data will make it exponentially more difficult for a bad actor to break through.
EDR is another great addition to a cybersecurity plan. This technology monitors a business’s endpoints (e.g., laptops, printers or anything connected to the internet) for threats and automatically responds to mitigate them.
Focus On Outcomes: An Elevity Podcast
Searching for ways to elevate your approach to technology management? We’ve got the podcast for you! Chock full of advice from the experts at Elevity, Focus on Outcomes is an innovative podcast featuring candid conversations with leaders from a variety of industries to uncover the outcomes of their work and the real-world impact they’re making.
