Data Privacy Day has been and gone; however, its message lives on. As well as being an awareness day, it also commemorates the January 28, 1981, signing of Convention 108: the first legally binding international treaty dealing with privacy and data protection. So, in line with this international holiday and the greater “stay safe online” movement, here are our top tips on how to keep your SMB customers safe from cyber criminals.
1. Size doesn’t matter
You are never too small to be a target. A common misconception we hear regularly is that small and medium-sized businesses think they are unattractive attack targets for data breaches and cyber attacks. In reality, SMBs are often more prone to attacks because cyber criminals assume they’re resource limited and have less IT savvy employees. The truth is cyber criminals don’t discriminate because anyone’s money will do. Stay cautious so you can avoid becoming their next source of income.
2. Knowledge is power
User behaviour can be your customers’ biggest weakness. Attackers today exploit “human networks” as much as computer networks. Don’t forget your customers’ remote workers — a significant part of most work forces live outside the corporate perimeter. Educate them on how to detect social engineering threats. Phishing attacks and spear phishing attacks continue to become more sophisticated, and even savvy users fall victim to them daily. Continue to educate your customers and their employees on how to identify phishing attempts and how protect their organisation from these threats.
3. Simplicity is not the ultimate form of sophistication
Cyber threats are constantly evolving as attackers get access to and create more powerful and sophisticated exploits. It used to be that malware was generally mass delivered via emails that were — for the most part — poorly crafted, often with telltale signs that they weren’t from who they were claiming to be from. In response, most organisations now have some kind of protection in place to either prevent a click on malicious emails or restore from backup if a click occurs. But, cyber criminals’ approaches have evolved, and you need to evolve with them. Nowadays, the real danger comes in the form of highly targeted, heavily researched, compelling spear phishing attacks. These attacks work because they’re believable. Cyber criminals spend a huge amount of time making them look as realistic as possible, and the results can be devastating. You need to develop a more sophisticated approach to security in order to defend against these types of threats.
4. More is more
Two-factor authentication is now an industry standard, especially when it comes to administrator accounts that have even more access to valuable data. As highlighted by last year’s Deloitte attack, measures such as email encryption when exchanging confidential data as well as a layered approach is key to protecting your customers’ data. Each of your customers should have a disaster recovery plan in place, solid backup, and solutions to help mitigate an attack. One of the best ways to protect yourself is with a next-generation firewall and an email security solution that is more than just a spam filter. You want to secure every threat vector you can. Think of it this way: You wouldn’t just leave your house unlocked; if you do someone can easily get in. If you lock your house, the individual might move on to the next house or at least have a more difficult time getting into yours. Using technical safeguards can help prevent exposure to a variety of attacks, so taking extra precautions, such as encryption, to secure customers’ data is advised.
5. Be proactive, not reactive
The truth is that the best thing to do when it comes to defending your customers against cyber criminals is be proactive, rather than reactive. You need convince your SMB customers to invest in the correct hardware and software (which includes not only cyber security but also backup) and make sure that you can control and segment network access to minimise the spread of threats, should any get in.
By adhering to these five simple tips, you can reduce the risks and severity of an attack. However, the fight against cyber criminals doesn’t end here. In the marathon that is cyber security, these steps should be treated like the starting point, not the finish line.
The reality is, no one is invincible, and anyone—including you and your customers—can fall victim to an advanced threat at any time. Therefore, a constant effort will need to be given by all in order to prevent a breach.