In light of the recent cyberattack on Marriott’s Starwood’s database, where upwards of 500 million people may have been affected, you should take a look at how your business can prevent this from happening. While large firms and large amounts of data typically garner the headlines, and rightfully so, it doesn’t discount the fact that small businesses are taken to the woodshed for almost $80,000 annually as a result of cybercrime. Your first thought may be, if Marriott can’t stop such attacks, how in the world can I?
On a global scale, cybercrime will cost more than $2 trillion by 2019, according to the Better Business Bureau’s 2017 State of Cybersecurity Among Small Businesses in North America report. Like any problem or addiction, the first thing you have to accept is that this is a real issue that could become a problem. A survey conducted by GetApp in 2017 revealed security concerns ranked second as the challenges small businesses were facing. The small business marketplace has caught on for the most part. For your business, perhaps the easiest way to stay safe is to monitor emails. Not surprisingly, the number one tactic cyber criminal’s use is email, or, more specifically, email attachments. According to the Symantec’s 2018 Internet Security Threat Report, 92.4% of malicious emails use malware-laden attachments to ensnare their victims.
Email remains the most common method of getting a foot in the door. Once that initial access has been established, however, the techniques attackers use to evade security, deploy malware, and establish control over compromised computers are changing. New techniques are replacing the need for dropping malicious executable files on disk, so traditional security solutions such as antivirus (AV) programs can’t detect them.
The question again is how can you protect yourself? It turns out, there are quite a few things you can do. And most of them are pretty easy to implement. First, you must install cybersecurity software on all of your computers and mobile devices. Yes, mobile devices! These systems are run through the cloud and are always on which should make that a no-brainer. Second, you need to install remote computer backup so that, should the worst ever occur and you are attacked, you will have a remote system backup protecting you and allowing you to recover and not be one of the 60% to go out of business because of a cyberattack. Losing your business to some hacker in Serbia is not the way to go. Defend against this at all costs.
In the worst case scenario, if a breach has occurred, implement the following plan immediately:
- Notify IT: Contact your IT team, legal counsel and cyber liability insurance agent.
- Contain the Problem: Take affected systems offline, but don’t turn them off. That’s so your IT team can examine the source of the breach.
- Document the Process: The authorities will want to know the details of what happened.
- Clear Communication: Ensure affected groups are made aware of the issue and the steps being taken.