By: Matt Gotschall
Salvus TG, LLC
Nowadays, when people ask us to talk about relevant small business technology topics, it is always about security. Ten years ago, small businesses were focused on hardware and software, five years ago, it was how to move to the cloud, and then it was how to become mobile and improve remote access. All these concepts are still important, but cybersecurity is currently dominating the conversation. The reason that security is the #1 topic today is because it is the most crucial piece of the IT puzzle for small business.
Most small business owners are unaware of this, but they have recently become the favorite target of cybercriminals. Ransomware has changed the game and created a global market overnight by monetizing security breaches. These criminals have learned that small businesses have the most to lose when their data is encrypted and do the least to protect their networks. Making small business very lucrative to target and attack.
Approximately 43% of small business have ZERO cybersecurity defense plans. If you are one of the 43%, stop reading and start making a plan. How do you make a cybersecurity plan? It all starts with finding an expert. Cybersecurity is dynamic by nature. It is crucial for small business owners to transfer this responsibility to someone who understands the industry and how to stay ahead of the latest threats.
When we talk to our partners about cybersecurity, we often reference the ‘old standards’ versus the ‘new standards’. Years ago, having antivirus and a firewall was enough to consider your business secure. With all the advancements in technology and the ease of access to hacking tools, these cybersecurity solutions are longer sufficient to protect your business. Here are a few specific examples to illustrate the ‘old standards’ versus the ‘new standards’ of small business cybersecurity.
Most businesses have a firewall and have had one for years. A traditional firewall (old standard) works by monitoring and restricting network traffic in a very static way. This fixed method leaves it vulnerable to modern cyberattacks. Next generation firewalls (new standard) inspect traffic more dynamically and at a much deeper level. This not only provides protection against more advanced threats but can also prevent attackers from maintaining a long-term presence on your network and harvesting your data.
Traditional antivirus (old standard) has been around for decades and has become synonymous with business security. Traditional antivirus uses signature-based detection, meaning it only stops known viruses. This leaves you susceptible to unknow variants and ransomware. Endpoint detection & response (new standard), or EDR, is one of the best defenses available to small business to combat viruses & ransomware. EDR works by leveraging AI and behavioral analysis to scan traffic on your network. EDR learns how you and your staff use your network and devices and can spot anomalies in that behavior. Think of EDR as a virtual security guard. They recognize everyone and know how they work. If they see something unusual, they stop it and investigate.
Strong, complex passwords (old standard) are one of the most implemented security solutions and are still critical to secure your data. However, what if your password is guessed, stolen or phished? Multi-Factor Authentication (new standard), or MFA, is included with most cloud services for free and provides an extra layer of security that stops 99% of cyberattacks, even with a stolen password. MFA is by far the easiest way to significantly improve your cybersecurity posture.
Over the last year small businesses have adopted new workflows, policies, and procedures to remain productive and competitive. It is crucial to remember this rapid transformation comes with an increase in cybersecurity risks. With the constant evolution of the cybersecurity landscape, these modern security standards have become the bare minimum to protect your business. Now is the time update or create your plan to protect your organization. We like to say, “the best time to invest in cybersecurity was yesterday- the second-best time is today.”