It’s true: even businesses that have impressive cybersecurity practices in place get breached. However, it is SIGNIFICANTLY less likely. The vast majority of breaches come from businesses that are missing common sense cybersecurity.
It's easy to blame the IT company for this. "I don't know anything about cybersecurity for small businesses, and I rely on my IT team to tell me what to do!"
That argument is perfect, if you’re actually implementing what they have to say.
For instance, multi-factor authentication blocks 99% of personal identity attacks, yet many businesses opt out when their provider makes this recommendation. Banks already require MFA for sensitive information: your business data is no less important.
MOST breaches occur from a few easy to avoid scenarios:
1. Patches and updates are not being pushed out quickly enough - Think of these as holes being filled. If this is not getting done, your computers and network are filled with holes for attackers to sneak in!
2. Open RDP ports - Don't worry about what this means, just know that an open port leaves your business open to the world. Ask your provider about this!
3. No Multi-factor authentication - This is a second form of authentication outside of your password. Taking 2 extra seconds when you login could save you from weeks of downtime!
4. No GEO-IP blocking on firewall and email - Do you do business with China, Russia, or other countries outside of your home country? If not, block those countries! It's a force function that keeps a lot of hackers at bay, and a barrier that will have them looking elsewhere for low hanging fruit.
Cybersecurity for small businesses gets complicated, yes. But at the end of the day, there are EASY common-sense layers you can put in place that will set you up to be resilient in this new cyber landscape.
Make sure you're covering the commons sense items first, and if you have an engaged IT provider, make sure you're listening to their recommendations. They’re most likely not trying to "upsell you," but rather protect your business, your reputation, and their own integrity and reputation as well.
If you would like a 30-minute-high level audit of the common-sense cybersecurity for small businesses layers, reach out (HERE) and our owner will give you a call.