Well hello there reader! To start things off, a brief history on the origins of Bsquared Intel.
From 2017-2018 we entered into the personal brand reputation arena because our OSINT skills are useful in finding information that a client would want to know should they need to holistically polish up their image. Our frustration with this line of work is that the only way to get rid of inaccurate information online is to suppress it which means the data still exists with whoever hosts it. You’re just attempting to push the search results to the second, third, fourth, or tenth page of Google. One of our driving factors to help people at that time was the Harvard University incident in 2017 and the very real prospect that your past online history can come back to haunt you when it comes to applying for jobs, college, or building any sort of relationship for that matter.
While we were working to make in-roads to with the personal brand reputation stuff, we knew in the back of our mind one audience we needed to help was small businesses when it comes to cyber security.
There are a few hurdles small businesses face. One is mindset, which we wrote about here. If 2020, up to this writing, showed us anything it’s how insecure and vulnerable our systems are, which leads us to the second hurdle: money.
Some of these security software/hardware vendors are expensive and it prices out small businesses who need it.
A final hurdle that we’ll focus on in this article is a lack of understanding of cyber risks and threats to small businesses. If you are a small business owner we present to you our top 5 cybersecurity (and information security) things small businesses need to know.
1: Identifying your most business critical assets that you need to protect. These are the assets that if something ever happened to them you might experience loss of revenue or loss of productivity. In some instances, like a data breach, you most likely will encounter lawsuits.
2: Plans! There are three types of overarching plans your business must have to weather a storm. The first type of plan is a Business Continuity Plan. This plan addresses how does the business function if you are unreachable for some reason, or worse, you get hit by a bus.
The second plan is an Incident Response Plan. This plan is about how your business handles an incident and who is the person that has this responsibility. An incident can be as benign as a file accidentally being deleted to something more serious like a hacking attempt, a bomb threat, or extreme weather.
The third plan is a Disaster Recovery Plan. This plan tells you how to recover from an incident, estimated time it may take, and who is the point person to take care of things.
3: Back your stuff up and test restore files. Back your files up on a regular scheduled basis (make sure they’re encrypted too). There are many backup schemes and methods. Pick one that works best for your business needs. Some of the reasons for backing up your files include quickly restoring a file someone accidentally deleted, restoring data to a new system where the older one crapped out on you, or having clean backups should you become a victim of ransomware.
4: Patch your systems! Leaving your systems vulnerable and open to being hacked will certainly bring you lawsuits. Just ask Equifax how that turned out for them in 2017. By making sure your computing devices and software (which includes your website) are up to date is a reasonable measure to take to protecting your business.
5: Understand the risks and threats that exist inside and outside of your business. An example of an inside risk is not having a cyber security awareness training program for you and your employees. An inside threat could be a disgruntled employee who steals data or client lists.
Shifting gears, external threats include many flavors of bad actors operating outside of your business, the types of attacks they bring with them, and what they do post attack. According to Verizon’s 2022 Data Breach Investigations Report roughly 80% of data breaches are from external actors and over 80% of attacks are financially motivated. An example of this might look like one of your employees opening up a phishing email and clicking on malicious link in the message. The malicious link installs malware on their work laptop which allows the bad actor to gain access to your network. From there, they steal sensitive files/databases and sell them on various dark markets. To put this in perspective of financial impact, cybersecurity vendor Sophos, in their 2022 State of Ransomware report, states that the average ransom paid was just over $800,000 USD. The question is, how would even an $80,000 cyber incident affect your small business?
If you’re a small business owner reading this, hopefully it gets you thinking about things your business can start implementing.
If you have questions, or want to learn about our services, fill out the contact form below. Also sign up for our free cybersecurity and intelligence newsletter with this link https://bsquaredintel.com/newsletter-signup/