For many of us, this time of year is the time to start planning for next year. Reviewing marketing, sales, financials, strategic planning. Something to strongly consider adding to your planning is cybersecurity. Just as in other areas of business, you plan for the best and prepare for the worst. Cybersecurity planning is an essential part of business planning. We all have locks on our doors, alarm systems for our offices and insurance against theft and we all have a constant connection to the internet. Cybersecurity is no different than this (except theft can happen by criminals located anywhere in the world). We must have layers of protection, stay vigilant for unusual behavior of our systems and backups and cyber insurance. I know how busy we all are with all of the other activities related to business ownership, so I’ve taken a considerable amount of time to compile and curate vital data to help you understand the risks and appropriate actions you must take. I’ve summarized this information into a brief report and provided many sources for more information.

Everyone has different tolerances for risk, but negligence results in risking your business, your customers, your reputation and the livelihoods of you and your staff. Thank you for taking the time to review this information. I hope you find it informative and it energizes you to take action today.

Be Ready For 2020

In the 2019, the threat of cyber-attacks to small business has changed and so has the forecast for 2020. Consider the following 4 points:

  1. Overall sentiment remains positive, while threats continue to evolve.Three-quarters of respondents said hacker sophistication will continue to grow, while a mere 2% said it will stabilize. The top three most dangerous threat vectors also shift, leaving phishing scams as the only one to remain top-of-mind
  2. Cyber security budgets will continue to increase.Security awareness and user training are at the top of the focus list, while cyber budgets first half of 2019 increased at 59%. Respondents also note that they will continue to increase their cyber dollars in the next 6 months.
  3. Data privacy legislation and compliance are becoming the norm for enterprises.Almost 29% of respondents said GDPR was not as much of a challenge as they thought it would be in first half of 2019.
  4. Security awareness continues as a top priority for the next six months.65% of respondents said that security awareness was their priority in the last six months, while about the same percentage said it will remain a priority security solution for the next six months.

Source: Cybersecurity Hub

 

This is just a small sample of the mountain of evidence that business owners must take persistent action to minimize risk to their business. I strongly agree with Ginni Rometty, IBM’s chairman, president and CEO, who said: “Cybercrime is the greatest threat to every company in the world.” And she was right. During the next five years, cybercrime might become the greatest threat to every person, place and thing in the world. With evolving technology comes evolving hackers, and companies are very behind in security.

Integritechs has researched, tested and compiled a collection of services and actions to take to stay ahead of the evolving threats to protect businesses for the year ahead. We are strongly recommending the following actions:

  • Upgrade to Microsoft Business 365 – Includes Office 365, but also includes Microsoft Security Center, Azure AD (Identity Management), and a GDPR Compliance Dashboard, offering a much better overall security posture
  • Upgrade to Integritechs Protection Platform – This is an enhanced training program for employees, Improved Dark Web Monitoring, and creates an employee security score (ESS) similar to a credit rating, identifying security risk by individual behaviors. Includes an Outlook plugin that helps users identify phishing emails.
  • Enhanced Virtual Imaging Backup – This type of back up is better protected from ransomware and provides not just files backups, but a complete virtual replica of your systems that can be accessed from a secure data center or copied back down to your systems or new systems in the event of a total loss along with a very fast recovery rate
  • Even if your industry is not required to by compliance, consider having a vulnerability scan performed. This involves a technician running an industry standard security scanner application, that tests your companies’ network from inside and outside the organization and it identifies any vulnerabilities in your systems. The benefit of doing this is that you and your IT provider or staff won’t make any assumptions about how secure your network and data are because these tools provide objective factual results and often provide instructions for remediation of any exposures or risks. Risk reduction and lower risk of cybersecurity insurance denial of coverage.
  • 2FA – Two factor or multifactor authentication for all of your accounts (or at least accounts with elevated privileges or sensitive data access). Using 2FA will prevent hackers from accessing these accounts even if your password is stolen. We’ve all probably experienced this when online banking requests you to verify a code via text or phone when we try to log on for the first time or from a new device. In business, a system of deploying 2FA across critical account and assets is a great step in securing your business. Using text messages as a form of 2FA is not recommended. While it is better than nothing, it is much easier to compromise than an authenticator application.

 

Additional resources:

15 Alarming Cybersecurity Facts and Stats: https://www.cybintsolutions.com/cyber-security-facts-stats/

7 Key Cybersecurity Tips to Keep Your Small Business Safe: https://www.thomasnet.com/insights/7-key-cybersecurity-tips-to-keep-your-small-business-safe/

Manufacturing and Cybersecurity: Know the Essentials: https://www.nationaldefensemagazine.org/articles/2019/6/14/viewpoint-manufacturing-and-cybersecurity---know-the-essentials

Healthcare Data Breaches, By the Numbers: https://phoenixnap.com/blog/healthcare-cybersecurity-statistics

Legal Tech Report: American Bar Association: https://www.americanbar.org/groups/law_practice/publications/techreport/ABATECHREPORT2018/2018Cybersecurity/

2019 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics: https://cybersecurityventures.com/cybersecurity-almanac-2019/