Cyber Security – Why SMBs Need to Adapt Before it’s Too Late

img blog Cyber Security Why SMBs Need Adapt Before its Too Late r2

As you know, Rogers, one of Canada’s biggest telecom operators, recently experienced massive outages nationwide, which denied internet access to 10 million wireless subscribers and 2.25 million retail internet subscribers. The interruption, Rogers’ second in 15 months, drew fury from Canadians and lead to calls for the government to expand competition in the telecom sector. 

In excerpts from an article by CBC.ca, they wrote, “The widespread disruption, [beginning] early Friday morning, paralyzed communications across a number of sectors, including health care, law enforcement, and the financial industry. Many 911 services couldn’t receive incoming calls, several hospitals reported impacts to their services, and debit transactions were paused when Interac was knocked offline.

Small business owners were among those hardest hit by the outage, which left them unable to process debit card payments.

Sharif Ahmed, the owner of Plantforsoul plant shop in Toronto’s west end, said the outage left him feeling helpless, as he turned away customers who didn’t have cash. “It pretty much stopped my business,” he said in an interview on Saturday. 

Richard Leblanc, a professor of governance, law, and ethics at York University in Toronto, said the outage was a learning opportunity for [businesses] who can now see how vulnerable they are to an attack.

“This could have been catastrophic for the country if this was a cyber attack,” he said on Saturday.

What SMBs Can Learn From Groundhog Day

If you’ve never seen Groundhog Day, it’s a movie from the 90s about a man who is caught in a time loop that no one else in town is aware of. He lives the same day, February 2nd, over and over again; seemingly for decades or even centuries. 

Realizing he is free to do anything he wants – because there will be no consequences for his actions – Phil begins spending “loops” indulging in binge eating, one-night stands, robbery, and other dangerous activities.

Living without a purpose, he eventually becomes suicidal. He commits suicide in a variety of ways, including driving off of a cliff, but each time he reawakens on February 2.

Realizing that debauchery may not be the answer, Phil decides to use his knowledge of the loop to change himself and others: he saves people from deadly accidents and misfortunes, and learns to play the piano, sculpt ice, and speak French. In the end, he falls in love and realizes that he’s finally happy. The next time he wakes up and it’s finally a new day, Feb. 3rd.

The Roger’s and Groundhog Day Take-Aways

You are probably asking yourself what these two seemingly disparate topics have in common. In short, they’re learning opportunities. You can choose to do the same things, in the same way, day after day, or you can learn two powerful lessons. Both of which just might save your business someday. 

The lesson of the Roger’s outage? 

It was a powerful opportunity to experience – no matter how briefly – the reality of having your business hijacked. It would be a crime to just brush the memory aside. Let it sink in. Really think about it. What if the outage lasted a week, or two, or … forever? 

Rogers attributed the outage to a “glitch” in a software upgrade. A glitch? That’s like saying they had a case of the hiccups when really they were struck by lighting. Twice. In 15 months. That’s not an anomaly, it’s the beginning of a pattern. And, like being struck by lighting, cyber attacks can cause short-term damage, have lingering effects, and change you in ways that you may not realize for many years to come.

Can Rogers say with absolute certainty that they will never experience an outage again? Absolutely not. In that same vein, can you say with absolute certainty that you will never be the victim of a cyber attack?  The answer is the same, absolutely not. 

If you’re still in denial about the chances of your small business becoming a victim, here are a few statistics about cyber attacks on SMBs that might convince you: 

  • 61 percent of all SMBs have reported at least one cyber attack during the previous year.
  • 43 percent of cyber criminals attack small businesses.
  • 14 percent of small businesses rate their ability to mitigate cyber risks as highly effective.
  • 60 percent of small companies go out of business within six months of a cyber attack.
  • 48 percent of data security breaches are caused by acts of malicious intent –  human error or system failure account for the rest.

The Groundhog Day Lesson?

Nearly 30 years after the movie was made, the film is still being interpreted in countless ways by different groups. In one religious philosophy, the film was seen as a message that the spiritual self cannot evolve until it learns from past mistakes. In another, Phil’s situation can be identified as a form of purgatory, escaped only by embracing selflessness. Bill Murray, the lead actor, saw the original script as an interpretation of how people repeat the same day over and over because they are afraid of change.

Religious philosophies aside, we think Bill Murry is on the right track. But we’d like to add a caveat… yes, people can be afraid to change, but most of us simply don’t want to. 

“I’ve done the same things in the same way for years, so why change?” 

That shouldn’t be a rhetorical question. The answer is… because if you don’t change of your own volition, something will happen that will force you to. 

Part of our job as human beings is to evolve. As one of our clients has said, If you’re not getting better, you’re getting worse. 

In terms of business evolution, it is imperative to commit to ongoing education and continuous improvement. Additionally, I think we can all agree that technology is the very lifeblood of most businesses. Without it, most organizations would cease to exist. 

Our world runs on data, and the integrity of our systems relies on strong cybersecurity measures to protect them. Weak cybersecurity measures can have a devastating effect on SMBs. It is no longer an option to ignore cyber threats or resist implementing cyber security protocols. 

According to the first (staggering) statistic listed above – In the last year, 61 percent of businesses reported AT LEAST one cyber attack – that means only 39% were left unscathed. Are you willing to bet that you won’t be affected by cyber threats at ANY point in the future? That’s a gamble smart business owners should not be willing to take. 

Let this be your wake-up call before lightning strikes… twice. Remember, if you don’t change of your own volition, something will happen that will force you to. 

Would you like to get healthy now, or would you rather experience a health crisis later? Would you prefer to learn to live within your means now, or file for bankruptcy later? Would you rather go to couple’s therapy now, or get a divorce later? Would you rather implement cyber security measures now, or be among the 60% of businesses that are OOB in 6 months?

This is your life, and these are your decisions. But, there is something else you should consider before you make them. The way that all of the people you interact with will be affected by your choices… your family, friends, neighbors, business associates, and colleagues. 

No one in their right mind would knowingly choose to harm themselves, or those they care about. But, sometimes by not doing something, we’re actually contributing to failure. 

We are obligated to adapt and improve as our personal and business lives evolve. Doing things the “way you always have,” is a recipe for disaster.

So, what do you need to do? Several things. Cyber security is like baklava, it has many layers. 

What does a multi-layered cyber security plan include? 

 Minimum Requirements –  

  • Monitoring   
  • Software Patches
  • AntiVirus Protection and Updates
  • Spam Control  
  • Email Archiving and Continuity 
  • Critical Monitoring 24/7/365
  • Routine Network Maintenance
  • Advanced EndPoint Protection (EDR) 
  • A password platform 
  • 2FA
  • Zero Day Endpoint Protection
  • Managed Backup (Encrypted) 
  • Staff Education
  • Business Risk Reviews

But, if you value your business add these too… 

  • SOC
  • SIEM
  • Security Policies
  • Centralized User Management
  • C-Level Consulting
  • Vendor Risk Management (VRM) 
  • 24/7 Backup Failure Monitoring 
  • Disaster Recovery Plans
  • Redundant, Multi-Locational Backups (also known as Geo Redundancy) 
  • Testing, Verification, and Reporting
  • Employee Response Procedures and Practices 

Yes, we know, this can feel like a herculean amount of things to tackle. But, here’s the good news… you don’t have to do them all at once, and you don’t have to do it alone. The ideal solution is to outsource a cyber security firm that specializes in SMBs. They know how to protect you quickly, thoroughly, and sustainably. 

We’re not suggesting this as a means to promote Adaptive Office Solutions. We’re suggesting it because businesses are suddenly realizing that they need professional-level cyber security protocols, and there aren’t enough qualified professionals to go around. 

According to statistics: 

  • As of February 2022, there are nearly 600,000 job openings in the cybersecurity industry, meaning only 68 percent of open jobs are filled. (Cyber Seek)
  • 76 percent of cybersecurity professionals consider recruiting and hiring new employees difficult. (ISSA & ESG)
  • There was a 350 percent growth in open cybersecurity positions from 2013 to 2021. (Cybercrime Magazine)

As cyberattacks increase in frequency, so too does the demand for cybersecurity professionals. With these increases, many companies’ cybersecurity budgets continue to rise as well. However, the imbalance in skilled cybersecurity workers along with the high demand to fill these positions results in a crippling cybersecurity skills shortage.

In short, either become a cyber security expert or hire one while you still can. 

In the meantime, here are some things you can do to protect your business beginning today…

According to excerpts from an article by the FCC, they wrote, “The Internet allows businesses of all sizes and from any location to reach new and larger markets and provides opportunities to work more efficiently by using computer-based tools. Whether a company is thinking of adopting cloud computing or just using email and maintaining a website, cybersecurity should be a part of the plan. Theft of digital information has become the most commonly reported fraud, surpassing physical theft. Every business that uses the Internet is responsible for creating a culture of security that will enhance business and consumer confidence.

10 Cyber Security Tips for Small Business

Broadband and information technology are powerful factors in small businesses reaching new markets and increasing productivity and efficiency. However, businesses need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats.

1. Train employees in security principles

Establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.

2. Protect information, computers, and networks from cyber attacks

Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.

3. Provide firewall security for your Internet connection

A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.

4. Create a mobile device action plan

Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.

5. Make backup copies of important business data and information

Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud.

6. Control physical access to your computers and create user accounts for each employee

Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.

7. Secure your Wi-Fi networks

If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router, so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.

8. Employ best practices on payment cards

Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.

9. Limit employee access to data and information, limit authority to install software

Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.

10. Passwords and authentication

Require employees to use unique passwords and change passwords every three months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account.”

Doing these things may help to protect your business in simple ways, but they don’t come close to the type of cyber protection you can get by hiring a cyber security expert. Again, we aren’t saying this to self-promote. We’re saying it because we don’t want to leave you with the idea that you’ll be fully protected by implementing the 10 suggestions above. You won’t. So if you value your business, invest in professional cyber protection. You’ll be glad you did.  

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

When you know your technology is being looked after, you can forget about struggling with IT issues and concentrate on running your business. By making an upfront investment in your cybersecurity, you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime. 

To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca

Categories
Archives