SMBs are getting hit by an epidemic of cyber attacks: 10 tips to defend your business

As the number of COVID-19 cases escalate, so do the number of cyber attacks on remote workers, especially those in the small and medium business (SMB) sector.

“The bad guys know that large companies have all kinds of controls in place,” said Michael Ball, a virtual CISO and Cyber Security Consultant, at an ITWC webinar. They’re going to attack the little guys in the hope that there’s a network connection back to a bigger one.”

With the quick transition to remote work, many businesses haven’t had a chance to extend security measures to cover offsite employees.

These threats are particularly harmful for small businesses, said Ball. “Sixty per cent of small companies that suffer a cyber attack are out of business within six months.”

“Businesses are already fragile right now,” said Jim Love CIO of ITWC. “But if you think you’re too small for the attackers to bother, think again. Think when, not if.”

How to defend your business

Here is Ball’s advice on ten things that every business should do protect itself against the rising tide of threats:

  1. Use corporate laptops for work only. “That stops a lot of access to unsafe sites on the corporate machine,” said Ball.
  2. Use a VPN with profiles to control which apps on the laptop can access which apps in the company. “In a pandemic situation, businesses are standing up VPN situations that are wide open so everything inside your machine has access to everything inside your corporation and you’ve circumvented all controls on the firewall,” said Ball. Remote workers should also use the VPN for their VOIP phones.
  3. Use two-factor authentication. “Don’t let anyone tell you that you don’t need two-factor authentication,” said Love.
  4. Back up cloud applications and lap tops. Businesses should develop clear policies on who is responsible to back up lap tops and when, said Ball.
  5. Turn on endpoint protection against malware. When employees moved out of the office, they were no longer covered by onsite URL filtering. Any endpoint protection software that is continuously updated will do the job, said Love.
  6. Take steps to secure Wi-Fi. Change the password periodically. Ensure WPA2 encryption is turned on. Turn off SSID name broadcasting. “If people don’t know the name of the connection ID, there is nothing to attack,” said Ball.
  7. Protect conferencing. “There’s a new trend known as ‘Zoom-bombing’, where uninvited individuals join video conferences,” said Ball. To avoid this, set a pass word for the conference and mute everyone on entry. Make sure nothing confidential is shown on the desktop or is visible from your webcam.
  8. Do not click on any email link with COVID-19 in it.“There are a multitude of related scams,” said Love.
  9. Provide employee training. “All of this means nothing if your employees aren’t trained,” said Love. It’s been proven that frequent training cuts the number of security attacks.
  10. Be nice to tech support.“Our tech resources are stretched thin now and they’re fragile,” said Love.

Who has the time and money to do all that?

For small business, it’s not easy or affordable to take all of the necessary security precautions. “Three out of four small businesses don’t have the proper personnel to address IT security,” said Ball.

The solution is to subscribe to a virtual security team. A team of experts will handle the security side of things for you, including monitoring, preventative measures, a response plan and training, said Ball.

“Think of it like an alarm system for your house,” said Ball. “You put monitoring devices on your doors and windows and, if there’s a break-in, the alarm company will call the police. We offer the same thing for your corporate network.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Cindy Baker
Cindy Baker
Cindy Baker has over 20 years of experience in IT-related fields in the public and private sectors, as a lawyer and strategic advisor. She is a former broadcast journalist, currently working as a consultant, freelance writer and editor.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now