The Definitive Guide to Cyber Security Protection for SMBs

Since you’ve begun reading this guide there has already been 1 hacker attack. In just a few short minutes there will be 5 more.

Don’t believe it?

A Clark School study at the University of Maryland is one of the few that can measure and quantify the rate of attacks and the results are shocking — a hacker attack occurs every 39 seconds which affects 1 in 3 Americans every year.

So, what do you do about getting your business and employees protected? How can you avoid a ransomware attack from a cybercriminal?

Cyber Security Facts

First, let’s take a look at Cyber Security Facts so that you can understand the sheer magnitude and impact these might have on us and our businesses.

The FBI has reported a 300% increase in cybercrimes since the beginning of COVID.

With employees shifting to working from home cyber criminals attacked vulnerable networks.

95% of cybersecurity breaches are due to human error. A chain is only as strong as it’s weakest link.

More than 75% of businesses do not have a Response Plan in place even though an estimated 54% of organizations say they have experienced at least 1 cyber attack in the past year.

Most organizations (large organizations included) do not detect a data breach within the first 6 months.

In 2019 88% of businesses experienced spear phishing attempts.

Statistically speaking, only 5% of data folders are properly protected within your business.

A Ransomware attack costs businesses $133,000 on average, which is over 30% more than in 2019.

Organizations with 1–250 employees have the highest targeted malicious email rate at 1 in 323.

In 2019, attacks on supply chains increased by 78%.

The cost of lost business due to cyber attacks averaged $1.52 million.

Cyber Security Terms

Second, let us introduce you to the most common terminology associated with cybercrime. Each employee should have some understanding of what these terms are.

Bot/Botnet

A collection of computers that have been infected by malware that allows hackers to control them.

Breach

The moment a hacker gains access to a devices files and network.

BYOD (Bring Your Own Device)

A security policy put in place by businesses to disallow or allow for employees’ personal devices to used for business over the corporate network.

Clickjacking

The ability for a hacker to trick their victims into clicking on a compromised link or button.

Cloud

A collection of servers and computers that allow users to access data and services anywhere in the world through an internet connection.

DDoS

DDoS stands for Distributed Denial of Service. This type of cyber attack targets your website by flooding it with malicious data or traffic which makes it unusable.

Deepfake

Audio or video clips that have been edited in a realistic way to make them seem believable.

Encryption

Encoded data that prevents cyber criminals from stealing it without a key.

Firewall

Hardware or software based security device that monitors and filters network traffic.

Malware

An umbrella term for software that has intentionally been designed to wreak havoc on computer, server, or network.

Phishing or Spear Phishing

The fraudulent technique used by hackers to obtain information through messages. An example of this is an email that looks as if it was from a reputable company that is used to gather such personal information as passwords, credit card numbers, or banking information.

Ransomware

A form of malware that holds your information hostage and prevents you from accessing it. Typically this is done through encrypting the files and requiring payment for the key to access these files.

Rootkit

Malicious software that gains access and control of your computer system without being detected.

Spyware

Malware that is used to spy on user activity. Examples of this include collecting keystrokes, logins, account information, and much more.

Trojan

Malicious software disguised as legitimate software used to gain access to computer systems.

Virtual Private Network (VPN)

A secure connection to another network over the internet.

Virus

Malware that is designed and used to corrupt a computer and spread to others.

Whitelist / blacklist email

The process of either adding an email to an approved senders list to receive their emails or blocking an email address to not receive their emails.

Worm

Malware that has the ability to replicate itself to spread to other computers.

Preventative Measures

Lastly, here are the preventative measures that we believe are an absolute necessity for every SMB to prevent a cybercrime attack on their business or employees.

Firewall / VPN Remote Access

Create that barrier between your corporate network and the internet through a firewall to assist in recognizing and filtering malicious attacks before they trickle down to your employees. The faster you stop an attempted cyber attack the better off your organization will be.

Establishing a secure connection through a VPN is allowing you to access your information through an encrypted virtual tunnel that hides your IP address. The more encrypted information you have the harder it is for cyber criminals to access this information.

Multi-Factor Authentication

Unfortunately, this preventative measure can be a little frustrating sometimes as you have to use 2 or more factors to authenticate that it is you trying to login to a particular software. However, it’s very good at preventing cyber criminals from accessing your information.

For example, the first authenticator step could be that you enter your password and select login on a particular software and the second authenticator step might be that you have to authenticate through the Microsoft Authenticator app on your phone. A cyber thief may have your password but if they don’t have your phone they cannot access your data.

Cloud Backups

The saving grace. If you were to be attacked having proper backups that can be restored saves your business from having downtime or making the touch decision to pay the ransom if your data is being held hostage.

User Education Program

Have a plan in place that educates employees. Teach employees what to look out for in malicious emails or software and what to do if their computer has become compromised.

How to get started?

It’s no longer an option to not implement the four preventative measure we talked about earlier. It’s an absolute necessity. Reach out to us and we’ll work with you to create a plan that suits your needs and budget.

Additional Resources

--

--

--

🥇 Microsoft Gold & Silver Partner 🥈 👨‍💻 ERP 📈 DataAnalytics ☁️ Cloud Platform ☁️ Small & Midmarket Cloud Solutions 💻 Application Development

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Spyfall Complete Hack Free Resources Generator

Deploy Elastic Agent with Microsoft Intune

Save time and deploy Elastic Agent the smart way — using automation!

Update Roadmap CyberClone

My impressions of the first phase of the S-Wallet ambassador program

How BestChange.com guards your anonymity when making financial transactions

What Are LPOP Tokens?

GNU Privacy Guard and Flotorizer: A Match Made in Cryptography

Critical Legal Data Classification Level Standards for Software Policies

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Solution Systems, Inc.

Solution Systems, Inc.

🥇 Microsoft Gold & Silver Partner 🥈 👨‍💻 ERP 📈 DataAnalytics ☁️ Cloud Platform ☁️ Small & Midmarket Cloud Solutions 💻 Application Development

More from Medium

Power of using pseudonyms on the internet

Memory forensics: a fun hands-on introduction

Who can reset the CISO’s password?

SpyWarrior review: can it protect you from malware in 2022?