I’m making my New Year’s resolutions, and my number one goal this year is to keep talking about the potentially devastating threat of cyber attacks on small businesses. It won’t go away and it will continue to be costly. While the global average cost of a data breach is down 10 percent over previous years to $3.62 million, (Ponemon Institute), the average size of a data breach increased nearly two percent. Clearly we still plenty of work to do. Below are 5 significant elements of a strong cybersecurity strategy.
1.) Patching and application testing: Even though it’s not shiny or new or exciting, your IT company should be doing these two things regularly. The number of data breaches in 2017 was made possible by known vulnerabilities. A casual approach to patching is not acceptable. You can’t just identify your problems, you have to act. Application testing is right up there with patching. If you don’t test your security, then you don’t know how secure your application is. I believe that if everyone put a strong effort into app testing and patching in the coming year, we would see a dramatic drop in data breaches.
2.) There is still a skills shortage: The lack of skilled cybersecurity professionals continues to be a major problem. Even with average InfoSec salaries rising, there are still thousands of vacant positions. An efficient way to address this is with external IT and cybersecurity services and virtual CISOs. This is a quick and cost-effective way to fill the skills gaps, especially in mid-size to small businesses.
3.) Be proactive about ransomware: Ransomware has been a growing threat for the last few years. The best way to fight this is to back up regularly, keep patching and updating systems, and stay on top of new ways to strengthen your real-time defenses. These practices will dramatically reduce the impact of ransomware.
4.) The IoT is a weak link: We all work with more and more sensor-packed and internet-connected devices. Know that the Internet of Things remains a major weakness for company defenses. The lack of basic security features or the use of default passwords can open doors for attackers. The bad guys have created botnets to exfiltrate stolen data, to identify other vulnerabilities, or for brute force attacks. We need to properly secure the IoT.
And If Something Really Big Does Happen To You
5.) Handle data breaches gracefully: Equifax in 2017 is a memorable example of how not to handle a data breach. They delayed disclosure, misdirected victims, and failed to patch a known vulnerability. It was a good lesson to learn.
Aptica LLC can deal with all of the above, and walk you through what we do and why we do it. It’s better if you understand these things if computers are key to your business growth and development.
Jason Newburg, 260.243.5100, ext 2001, is the founder and owner of Aptica LLC. This IT management and support company has been serving small to medium-sized businesses for 15 years in the area that includes Angola, South Bend, and Fort Wayne, IN, Battle Creek, MI, and Toledo, OH.