If you think your business is too small to be of interest to hackers, you should think again, say cyber security experts. Every company has something that hackers want.
“Every one of us has value, whether it’s the information we retain within the company, or as a stepping stone to our business partners,” Michael Ball, chief information security officer with AGF Investments told participants at a recent ITWC webinar. “Don’t think you don’t.”
Security is a vital business issue and must be considered as a critical component in every project.
“We cannot emphasize this enough. You will be hacked. It’s only a question of when and how much damage they can do,” said Ratish Raghavan, vice-president of operations at Performance Advantage.
Sponsored by Performance Advantage and hosted by ITWC CIO Jim Love, the webinar outlined what small businesses need to know to survive the latest cyber threats.
No one, big or small, can afford to ignore digital security, said Love. “If you lost access to key data, how would it impact your company? That’s what it boils down to.”
Businesses have a lot at stake, including the potential loss of customers, reputation and the ability to do business. For example, Love said DNS service provider Dyn, lost 14,000 customers after a massive DDOS attack shut down its business for four days in October 2016.
The situation is becoming more dangerous. “Increasingly, the new players on the scene are organized and well-financed criminals,” said Love. “Hacking has become a big business.”
That’s driving the growth in ransomware, which was estimated to be worth $1 billion in 2016, said Love. With ransomware, hackers gain access to your system using a phishing email. They then encrypt your files and demand a ransom to get them back. Ninety per cent of phishing attacks contain ransomware according to Ball.
Best defences for small businesses
“Security has to be a core piece of every business, no matter what you do. You have to master it yourself or find a partner you can trust,” said Raghavan.
Protecting your business requires layers of security on top of the standard anti-virus software and firewalls, said Ball. “Training employees on how to recognize phishing emails is one of the biggest things you can do,” he said. There are fewer security attacks in organizations where employees are trained more than once per year.
As well, Ball recommended that businesses take the following steps to strengthen their security:
- Do patches and updates on your operating system and your middleware as quickly as possible.
- Back up regularly and test the system to see how fast you can restore your data.
- Limit access. Anyone with access should have no more access than what is required to do their job.
- Make sure you know what your normal levels of traffic are so that you can recognize changes.
- Improve the strength of passwords and use two-factor authentication.
It’s just as important to make sure your response team has a plan to address both the technical and communications issues after a breach happens. “You need to communicate to your shareholders and to the public to maintain your reputation,” said Ball.
The future is going to bring new threats, said Love. “This is war. Hacking has gone beyond vandalism. We’re at war with technically advanced businesses. It’s going to get worse.”