While cyberattacks might not be top of mind for the local gym, restaurant or retail store, they should be. Ransomware is no longer an issue reserved for large organizations. Small and medium-sized businesses (SMBs) accounted for 82% of attacks in 2021.
Why now? Ransomware has been a threat for many years. However, as a result of the pandemic and people working remotely, its growth has been exponential. During the first half of 2021, the global attack volume increased 151%.
Ransomware groups now have their sights set on SMBs for three reasons:
- They don’t necessarily have internal security support and know-how.
- They often use out-of-date and/or unpatched software.
- They haven’t considered themselves at risk since most of the attention is on the big, high-profile businesses and organizations.
Additionally, the U.S. government, including the Cybersecurity & Infrastructure Security Agency (CISA), recently issued a warning urging all businesses to take action to mitigate the risks as the Russia-Ukraine war unfolds.
5 common SMB security mistakes and how to fix them
These five common security mistakes can leave smaller organizations vulnerable to cyber threats and risks.
- Misconfiguring a virtual private network (VPN). The traditional VPN does not have adequate control over who or what device can connect to the network. VPNs are legacy technologies and are relatively easy to configure, but if security teams don’t define the level of access, they make it easier for intruders to gain access. VPNs are often exploited because there is no standard way to set them up, operate and distribute access. Each IT department configures them in a way that makes sense to them, which can introduce risk. Organizations will want to ensure the access channel is secured to protect data and confidentiality.
- Relying on legacy technology. Many companies rely on outdated systems because of cost, such as the combination of a VPN and remote desktop protocol (RDP). Remote employees typically use VPNs and RDP to remotely access the systems they need on the network to perform their work, but these tools were never meant to manage remote employees across a range of devices. More modern technologies exist that are designed for secure access by remote staff.
- Thinking that a firewall is enough. A firewall often gives companies a false sense of security. And now that perimeters have expanded and morphed, a firewall doesn’t solve security problems, especially if hackers are getting more creative with phishing techniques to break into a system. The weakest links are usually employees and most compromises are caused by a simple error, such as an employee clicking on a harmful link, saving a damaging file, using a weak password, or forwarding sensitive information.
- Skipping backup. While backing up data may seem like a no-brainer, many organizations often overlook this step. A frequent backup strategy is essential, especially to protect financial data, intellectual property, source code and email. As security leaders define a backup strategy to protect company data, start with securing mission critical data first. A backup plan may involve cloud-based backup services or offsite storage.
- Forgetting patches. Similarly, this step often gets skipped. Don’t leave an organization and employees vulnerable when security updates and patches are available. Patch and update everything: operating systems, applications, firmware and devices.
Four cybersecurity priorities
There’s no silver bullet when it comes to cybersecurity, but there are defensive steps SMB security leaders can take to affordably mitigate risk and return their focus to what matters most: their businesses.
- Establish endpoint security. An organization’s compromised server usually stems from a compromised endpoint. An endpoint detection and response (EDR) solution that continually monitors all the endpoints and end-user devices can help detect and respond to cyber threats, such as ransomware.
- Train employees. Being vigilant about alerting employees to new threats and what to look for, coupled with regular training and knowledge testing, can prevent security breaches from occurring altogether. After all, one click on the wrong link can compromise an entire system.
- Outsource security services to service providers. With limited people and budget, consider outsourcing services to service providers. For example, if security teams want to deploy a virtual desktop infrastructure (VDI) solution, a remote access solution, software-defined perimeter (SDP), secure access service edge (SASE) or security service edge (SSE) control — don’t do this alone. A trusted and experienced third party can help security teams avoid configuration mistakes or overlook some of the key features.
- Encrypt. Encrypting the most valuable SMB data will make it unreadable to unauthorized users. It can only be deciphered with an encryption key, in the event that data is compromised. Many small businesses look to full-disk encryption, obtained through built-in programs or third parties.
Small changes make a big difference
There is always room for improvement. For SMB security, starting small can go a long way in protecting data and the company against ransomware and other cyber threats. With workforce transforming for good, now is the time to make a few adjustments to improve SMB security.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.