Cybersecurity – When You’re Not a Large Enterprise

By Casey Lang • May 26, 2016

Business owners rely on internet connectivity for everything from business operations, productivity and collaboration services to maintaining customer relationships. Unfortunately, the reliance on internet connectivity and cloud services also increases the risks and enhances the exposure to the threat of cybercrime. In addition to stealing money by fraud and deception with things like ransomware, cybercriminals can also cause damage to your businesses reputation and put you out of business completely depending on the impact and headline worthiness of an incident. As a small business, the risk of a cyber incident or breach can be much more impact on your ability to do business than a large enterprise that has the ability to absorb the costs that incident response may present.

A business can never be completely safe from the threat of cybercrime but most cyberattacks can be mitigated with some basic security practices. Online security should be taken as seriously as locking the doors of your business and storing cash and valuables in a safe location. Clients have the expectation and right to the security of their data and it’s essential that steps are taken to prevent it from being exposed on the internet due to poor security practices. The following tips will enhance your defenses against cyber attacks:

1) Use strong passwords, credentials, and manage your access.

Strong authentication mechanisms are an essential layer of protection. All staff should understand the need to have suitable passwords and the risks of writing them down or sharing them. A long password with a mix of letters, numbers and other characters is well known as a best practice. Common words, names, and consecutive numbers are particularly vulnerable to hackers. Depending on the nature of the business and the information and data used or derived, consider applying multi-factor authentication as an additional measure of password protection. Additionally, ensure that you understand the extent of authentication services utilized by your business. You may use Gmail or Active Directory as your core authenticator and manage password requirements in those areas, but also consider cloud or internet-based services that have authentication not connected to your core authentication service. Ensure all authentication services are managed and audited, meaning that users access provisioning and deprovisioning should occur by a formal process as the employment status of your staff changes.

2) Use cybersecurity tools.

A firewall and antivirus software can mitigate many cyberattack risks and are better than no security tools at all. Don’t cut corners with your protection mechanisms as you put your business at risk if you connect to the internet without them. Antivirus software and any signature-based security tools must be updated on a regular basis to ensure the latest forms of malware identified and deleted. Also consider tools that provide additional capabilities such as host intrusion prevention, file integrity monitoring, and web browsing protection. From a network standpoint, many firewalls also have packaged capabilities like network intrusion prevention and malware detection.

3) Restrict personal use of company IT assets and company work on personal IT assets.

Accessing non-work email accounts and social media on company computing assets can increase the likelihood of compromise. Staff should be given clear acceptable use instructions on their cybersecurity responsibilities and the dangers of accessing websites not related to company business. Malware can be hidden in online games, apps, and attachments sent with emails. Staff members using personal assets for work tasks present different risks, with unmanaged IT assets potentially processing sensitive work-related information that can be compromised by an attacker due to unknown vulnerabilities or the potential for an employee acting as an insider threat, leaving the company with your sensitive business information.

4) Understand and protect your web presence.

Your website and the internet services you use are valuable resources that must be protected. Hackers may attempt to corrupt information on a website or use your computing resources for their own needs (i.e. attack pivoting, distributed denial of service campaigns, or bitcoin mining). Privileged level access should be tightly controlled as this is one of the routes cybercriminals leverage in attacks. Hackers are constantly scanning websites and web services for vulnerabilities and sensitive information. Software on your website should be updated regularly to make sure they are the latest versions, vulnerabilities should be assessed, and your security tools and configuration should be appropriately applied. For other web services such as cloud collaboration tools such as Slack, development platforms such as GitHub, understand how these services are being used and the potential for data exposure then ensure these tools are used in a secure way.

5) Be cautious and proactively apply security.

Cyber attacks are becoming increasingly more sophisticated with attack methods constantly evolving, and evasion techniques to circumvent security tools. Your protection mechanisms may not protect against all of the strategies they use and you must be prepared for the inevitability of security incidents by proactively planning to manage them. For example, cybercriminals might copy the identity of legitimate businesses and use these to deceive you. Common sense and caution are as valuable as antivirus software when it comes to cybersecurity. Keep your staff aware of cybersecurity risk with regular training, move away from security being an afterthought, and consider security in all aspects of your business.

6) Plan for security failures.

Security standards and regulations advise that planning and preparing for an attack are critical. Does your business have the subject matter expertise and resources to manage a cybersecurity incident? If not, do you have a relationship established or even contacts for a firm who can assist when such a situation arises? Having a response plan and capability can make the difference between a few days downtime or significant long term impact on your ability to do business. Ensure that all incidents and incident response tests include lessons learned and corrective actions for adequate incident preparation.

The threat landscape is constantly changing with business becoming ever more entwined with the internet and technology. Smaller businesses are well known as being less protected by cybercriminals and steps should be taken to mitigate the likelihood of becoming a successful target of attackers. Know your threat profile, know your exposures, know your risks, know what you’re protecting, know your regulatory and contractual security obligations, and let CyberSheath help you apply a cybersecurity strategy accordingly.

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Trace Security