“Winter is Coming,” a phrase viewers of HBO’s Game of Thrones heard from the very first episode and continued to hear for seasons to come; a meaning of warning and constant vigilance. Others laughed off the caution, believing winter would not arrive for thousands of years and there was absolutely no chance that the White Walkers would ever return. Even if they did return, they had built a wall that would keep them out so there is no need to worry in the south.
They could not have been more wrong. In the Season 6 finale [SPOILERS], “The Winds of Winter,” the snow began to fall in the north, signifying that “Winter is Here.” The White Walkers moved closer to the wall, all the while, the ignorant houses in the south believed they are completely safe…but they are not. (This becomes clear in Season 7, but I’ll stop here to not spoil for those who haven’t watched yet).
Subsequently, you may be wondering, what does this have to do with Cybersecurity? Many business owners have been cautioned to become more vigilant with their cybersecurity efforts before it is too late. These warnings aren’t just coming from IT Providers, but also from government agencies.
So, you’ve been advised that “Winter is Coming,” but have you prepared your business for the Long Night? Or are you one of the many business owners who replies with one of the following responses:
“My business is too small for them to come after.”
“I didn’t have to worry about cybersecurity 10 years ago, so why start worrying now?”
Unfortunately, these answers leave your business unprepared for the truth, which is that Small businesses are in-fact the low-hanging fruit because many small business owners do not believe that they are a target, and therefore do not put the proper policies and solutions in place. Now that you have accepted you are at risk, let’s examine cybersecurity in more detail and how to prepare your business.
“Winter is Coming,” is now a caution from the past, because in the virtual world of cyber-attacks and the fictional world of Westeros, “Winter is Here.” The statistics are alarming when looking at the number of businesses being hit with cyber-attacks and that ransomware attacks are up over 200% in 2017.
While Jon Snow is out looking for Dragon Glass to use against the White Walkers, here are the four vital cornerstones for protecting your business from cybercriminals:
Before putting together any security policy, it’s important that you have a security assessment completed. With a security assessment, you will be able to establish a baseline and red flag any immediate vulnerabilities that can be quickly resolved. I’d recommend finding an IT Provider who can complete this Security Assessment for you with the ability to provide a detailed report. Once your security assessment is completed, you should use this to create your security policy to ensure any vulnerabilities are covered. At minimum, your security policy should define password policies (No, Password123! Is not a good password), deny or limit USB file storage access, limit user access and set lock-screen timeouts.
Many breaches can be caused due to human error. Most ransomware attacks begin as an email to an employee, and since at least one employee in every company will click on ANYTHING, they gain access in and are able to attack your network. By training your employees and training them often, you teach them about data security, email attacks and the policies that you have created above.
I’d also recommend PII (Personally Identifiable Information) protection training for your employees. As users become aware of how cybercriminals attack and what to look for, they help to close your borders. Additionally, you can research for services or providers that offer fake “phishing” attacks and reporting to help identify the employees within your organization that put your business at the highest risk.
It’s no longer as easy as installing business class firewall and any anti-virus suite you can find out on the internet. Cybercriminals have evolved and are some of the most creative individuals out there. Your Endpoint protection must be multifaceted, protecting your network entry (firewall), DNS protection, Advanced Endpoint Security with Ransomware detection. This will help to ensure you are protecting your computers and data from malware, viruses and cyber-attacks. With the latest in Advanced Endpoint Security, you can replace your outdated antivirus solutions that protect against file less and script based threats of today.
When disaster does strike, no matter if it’s from a cybercriminal, natural disaster, or human error, the most important cornerstone is your business continuity plan. Even the FBI agrees, as they have stated in their ransomware warning, “The creation of a solid business continuity plan in the event of a ransomware attack.” When you have a solid business continuity plan in place and disaster strikes, your IT provider can roll you back to just before disaster struck and get your business working again.
Unlike popular belief, saving to USB Flash Drives and to services such as Dropbox are NOT a business continuity plan. Business continuity is the insurance of your data and it’s critical that you ensure you find the right provider to provide this protection. When looking for a business continuity solution, look for one that provides automated screenshot verification, 24x7x365 support, and ransomware detection to ensure your backup chains never fall victim to ransomware attacks.
By starting with these four vital cornerstones, you ensure that your business is protected and prevent your company from becoming just another statistic during the next ransomware census. I would also recommend obtaining cyber insurance, so if all else fails you have protected your income and business with cyber damage and recovery insurance policies.
Remember, that it is absolutely okay to seek help in protecting your business. Jon Snow asked for help to go after the White Walkers and you can do the same to protect your business. Find an IT Provider who offers Security Services, you can sit back and focus on running your business, while they focus on protecting your business, in addition to implementing the needed blocks for your success.