Cyber Security Toolkit
We dedicate a lot of our blog to issues surrounding Cyber Security because it is a serious and growing threat, especially to small businesses. Every year, people save, share, and access an enormous amount of personal information online. The more we rely on digital applications, the more we leave ourselves vulnerable to Cyber Security threats.
This past May, cyber criminals stole about $10 million from Norway’s state investment fund because one employee was tricked into transferring money into an account controlled by hackers. In the same month, software businesses in Japan, Italy, Germany, and the UK were attacked by anonymous cyber criminals and in June, the University of California San Francisco paid over $1 million in a ransomware attack on its school of medicine.
It’s easy to say that these attacks are only a risk for large businesses but the median credit union manages an average of $35 million in assets. And according to the last available data, there are over 350,000 US businesses that bring in over $5 million in revenue. That’s more than enough money to attract the attention of Cyber Criminals. The truth is that many small and mid-size businesses are prime targets for Cyber Security attacks due to their large revenue and limited capacity to fund or staff large-scale Cyber Security operations.
Now’s The Time to Start
With the drastic move toward remote work and learning during the COVID epidemic, the risks have multiplied exponentially. Now is the time to make sure your business has a solid Cyber Security strategy in place. But where to start? There’s so much jargon and so many people selling their “magic pill” to solve the problem. We thought we’d help you cut through the clutter by creating this Small Business Cyber Security Toolkit. Let’s get started!
Reach Out To an EdTech Expert
If you’d like to discuss any of these questions with one of our Cyber Security experts,
please reach out using the button below.
FREE Cyber Security Assessment: Your First Step
The best way to start building a Cyber Security strategy is conducting an assessment. You can’t know where you’re going until you know where you are. And if you’re not quite sure whether it’s worth the spend, our team of Cyber Security experts is offering a comprehensive, FREE Cyber Security Assessment. We will take a look at 20 major risk categories including:
- Botnet infections
- Spam propagation
- Malware servers
- Open ports
- Patching cadence
- File sharing
At the end, you’ll get a detailed, customized report that shows your overall security rating and how you measure up against your peers. We can then make recommendations on how to address any risks. Some solutions are free, others come with a cost, but no matter how you decide to move forward, you’ll have the information you need to make informed decisions for your business.
Phishing Prevention: Mitigate The Problem Before It Starts
As we’ve detailed before, Phishing is one of the most common Cyber Security attacks. Instead of trying to hack into a secure server or steal encrypted data, it works by tricking employees into giving away sensitive personal information. You might have great intrusion defense. But if your employees aren’t careful about the email links they click, it won’t matter. Cyber criminals can quietly get everything they need through deception. These days, your employees are on their computers more than usual, and accessing information from homes, outside of the protection of your office network.
There are many ways to combat phishing attacks. We recommend threat-blocking programs like INKY. INKY works by preventing scam emails from hitting your inbox. If your staff never see the Phishing emails, they can’t be tricked into divulging sensitive information. INKY also regularly publishes information on the latest Phishing scams. They recently released a blog post all about the top COVID-19-related Phishing scams and how to spot a suspicious email. Check out the full INKY post here.
For example, a recent scam email looks like a message from the CDC, claiming to share an updated list of COVID-19 cases in your area. The link looks like it leads to a cdc.gov webpage, but upon closer inspection, it’s actually a link to a different site. That’s a giant red flag. Links can say one thing and be something different. Anytime you see a link, you can move your mouse cursor over it to verify where the link actually leads before clicking. Usually there’s a space at the bottom of your screen that shows the real web address. If they match, great. If it looks like the example below, DON’T CLICK!
Other things to look out for are unsolicited emails about:
- A public health agency asking you to share your SSN or tax IDs
- A government official requesting personal info related to stimulus checks
- A change to a billing cycle created by Coronavirus circumstances
- An IT person asking you for passwords or to download new software
- A new teleconferencing platform
While information and training like this is a great line of defense, we highly recommend using a scam-filtering service like INKY to prevent the bulk of those phishing emails from ever reaching you and your employees. To learn more about how INKY works, contact us to schedule a free demo!
Whitelisting Filters: Approving Applications Instead of Blocking Them
While it is critical to detect threats in your IT environment with antivirus and endpoint monitoring, small businesses like credit unions, real estate agencies, and legal offices must understand that these solutions are not enough on their own. You need more to entirely prevent the type of attack that damages member/client trust. By relying on threat detection alone, many attacks, old and new, are missed if you’re not specifically searching for them. A big part of the solution is called Whitelisting.
Many older Cyber Security platforms work by blocking websites and applications that are known to be unsafe. But that leaves open many bad websites and applications that are not yet known to be unsafe. Since Cyber Criminals are always at work, creating new unsafe entities every day, it’s hard to keep up.
Whitelisting works the opposite way, determining what software, scripts, executables, and libraries can and should regularly run on devices in your IT environment, and then blocking everything except those entities that are known to be safe.
Tools like Threatlocker use this Whitelisting approach and then add a second layer of defense called Ringfencing, First, by defining how applications can interact with each other, and then controlling what resources applications can access.
Want to learn more about protecting your staff, members, and their data? Contact our team of Cyber Security Experts for a demo to see Application Whitelisting and Ringfencing in action!
Security Training: Your Staff Is Your Biggest Liability
We’ve talked a lot about the importance of staff training, but it’s always worth repeating. Your team members have full time jobs dealing with responsibilities other than Cyber Security. But when one slip up can cost you millions, you can understand why proper training can help your employees become an asset to your Cyber Security efforts instead of a liability.
Not all training is the same. To really be effective, training must be relevant and results documented. Cyber Security threats are constantly evolving. If your training program hasn’t been updated in the last 6 months, it’s out of date. And if your current training program is just about checking a box, you may be enjoying a false sense of security. A great training program should track results over time and tie those results to other job performance indicators.
Our partners at usecure address training needs in Cyber Security by first identifying each user’s individual cyber security knowledge gaps, then crafting a personalized learning path that addresses their unique needs. By completing bite sized tutorials and assessments completed at the users’ own pace, and organization-created content if desired, each user (and the organization) can visualize risks and improvements to overall safety.
If you’d like to evaluate or revamp your learning and training evaluation tools, contact our team for a demo today!
Schedule a Consultation
As you can see, there are many great tools available to help you improve the Cyber Security of your small business. The Macro Connect team is always here to help you evaluate your needs and give you a recommended action plan. To schedule a free consultation, whether it’s for our Assessment or to learn more about one of the specific security services we mentioned in this Toolkit, just use the contact information below. We look forward to helping you improve your Cyber Security.