Small Business Cybersecurity Resource
The Cyber Readiness Institute is a public-private partnership founded in 2017 to improve the cybersecurity posture of American small and medium businesses through free education and training resources. The Cyber Leader Certification Program is geared towards small business managers who may not have tech experience or expertise. It’s designed to teach the layman essential principles and behaviors to improve their organization’s cyber readiness. It’s an excellent program that focuses on four critical components that will have the most impact on protecting an organization’s people and data.
The four core components are:
- Passwords.
- Software updates.
- Phishing
- Malware and USBs.
This list captures the main issues that account for the vast majority of cyber breaches. Addressing those will have a tremendous impact on an organization’s cybersecurity posture.
Passwords Protection
Weak passwords that can be cracked by simple, free tools or stolen passwords that are shared across the darkweb account for 63% of data breaches. This vulnerability is compounded when people use the same password for multiple accounts. Password managers such as 1Password allow users to create complex passwords unique to each account and to privately share passwords amongst employees without posting credentials on email, Slack, or other communications tools. That combined with a multi-factor authentication app such as Google Authenticator (SMS authentication is not recommended) will go a long way to reducing the password vulnerability.
Software Updates
Maintaining a consistent and disciplined software update schedule prevents an oft overlooked threat: hackers taking advantage of old software bugs to gain entry into an organization’s systems. These account for 77% of hacker attacks. Once a vulnerability becomes known, it populates the Common Vulnerabilities and Exposure (CVE) list. Software patches are released to address them, but the user must download them for them to be implemented. Software companies are locked in a constant battle of evolution with hackers, with each side continually countering the other. Staying abreast of the most current software and patches is an excellent way to mitigate risk.
Phishing
Email continues to be the most common attack vector targeting small, medium, and large businesses alike. 91% of cyber attacks begin with a phishing email. Criminals are extremely proficient, often using names of C-suite officers in emails to influence users to click on malicious links. Once in the system, hackers may take months to fully execute their attacks; making discovery extremely difficult. These attacks focus on the human element. Protecting against this threat means addressing the technical risk via email filters such as Proofpoint or KnowBe4 and the human risk through training via platforms such as KnowBe4.
Malware and USBs
Malware can infect an organization’s systems via phishing attempts or Universal Serial Bus (USB). Infected USBs are responsible for 27% of malware infections. Having a formal removable media policy and using endpoint antivirus software such as Sophos are key to mitigating this threat.
In closing, integrating a mix of policies, protocols, and tools, will yield positive results dramatically improving an organization’s cybersecurity posture. It takes far less than one would think to bring an organization from zero to one regarding cyber protection.
Ready to fortify your organization’s cybersecurity defenses? Take the first step and receive a Cybersecurity Audit from Firewatch Solutions and assess your current security posture.
