Top 3 Lies Companies Tell Themselves About Cybersecurity

Top 3 Lies Companies Tell Themselves About Cybersecurity

Whenever I write about cyberattacks, I like to Google the latest big attack and write a piece on it. There is always an article or two I can link to. Well, when I Googled “cyberattack” this time…

Let’s just say that there is plenty of breaking news on the topic from which to draw. With all that turmoil, it’s easy for companies to feel separated from the danger and immune to risk. Let’s look at some misconceptions we’ve heard from our customers and other SMBs regarding their current cybersecurity needs.

I’m Too Small for a Hacker to Target Me

Our blog has covered this, but it bears repeating: no business is too small to be victim of a cyberattack. Bad actors assume (often correctly) that smaller companies aren’t as adequately prepared to deal with attacks. According to Cyber Security Magazine, approximately 43% of significant cyberattacks targeted small businesses, and 61% of SMBs reported having an attack in the prior calendar year. 61%! Attacks are getting more sophisticated and wider-reaching; it almost isn’t a matter of if your company will get attacked, but when.

And then: what are you able to do about it? Join us on 3/24 for a webinar with Aegis IT, where they will walk us through 5 simple ways to secure our data.

Our Data Is Not Hosted in the Cloud – On-Prem Is Safer

Computer SecurityOn-premise servers often mean on-premise backups; all of your data is stored only in your environment. So let’s assume that you are diligent with your backups, as long as they’re still subject to the same security framework as your main database, attackers can easily thwart it. Oftentimes, they encrypt the backups first, rendering them completely useless by the time you notice you’ve been compromised.

Cybersecurity is Too Expensive

No: cyberattacks are too expensive. There are plenty of cost-effective but high-impact steps that all companies can take to ensure they are prepared in the event of an attack, or can easily recover from one. A sound security strategy, a disaster recovery plan, and backups outside your environment are all ways that a small- to midsized business can affordably build a framework for business resiliency.

Take the First Step Towards Securing Your Data

Analyze your risk. Aegis IT is a trusted Galeforce partner, and they offer a simple risk assessment tool, as well as a host of other managed IT services. Ilya Rubinshteyn, Aegis’ President and Chief Compliance Officer, will be presenting a series of webinars on securing your data and mitigating risk in these times of cyber turmoil.  Join us!

Think Your Business Is Too Small for Hackers and Ransomware Attacks? Think Again!

Think Your Business Is Too Small for Hackers and Ransomware Attacks? Think Again!

Small and medium sized businesses are often the focus for ransomware threats because they usually are less prepared to deal with cyber-threats. Some of the most common attacks SMB’s see are distributed denial-of-service (DDoS) – attacks resulting in hours of downtime and revenue loss, to malware attacks, including those involving ransomware, that may ultimately cause a company to go out of business.  With affordable modern technology, you can make sure your business is protected.

How many businesses (especially SMBs) can afford to lose ten’s, if not hundred’s of thousands of dollars, and get locked out of key systems for weeks, if not months?

We’ve heard many stories and had a least one client struggle to recover from an attack.  In August, a client of ours suffered a brutal ransomware attack that shut down their operations for weeks.  Even after paying the ransomware demand, it took hours and hours of time to try and recover their data and systems. 

Ransomware Attack Overview:

Hackers got into an engineering firm’s on-premise Dynamics SL system and targeted select files to encrypt. This meant those files are no longer accessible to anyone. You can’t even see them on your computer. Further, the artificial intelligence that is used by ransomware attackers looks for the most frequently used, high-value files and folders, so they hit you where it hurts the most. 

When you run an on-premise environment, you often rely on Virtual Machines, that are stored on a server. This ransomware attack targeted their main server and disabled all access to those Virtual Machines, encrypting everything. The IT team couldn’t get in no matter what they tried. Their accounting team was completely shut down, they couldn’t see invoices, or pay bills.

This client decided to pay the ransom, which was expensive. But even paying didn’t bring their systems back immediately. The decryption codes they were given didn’t work. This meant they had to call the ransom company for support! If that doesn’t underscore how big of an industry ransomware are, and how vulnerable we can all be, I don’t know what does.  

Their IT consulting firm worked with the ransomware firm for weeks to get the system restored.  This mid-sized engineering firm has now spent money on the ransom and a lot of dollars on the IT consulting firm to restore even basic functionality to their business. And we haven’t even mentioned the ERP system restoration. The IT firm took the repairs as far as they could, but when it came to the accounting systems, they needed GFC’s help. We worked side-by-side with their IT firm. Essentially, we had to do a fresh install of the software, because everything from the virtual servers to the signature files for checks was corrupted. The entire library of custom reports was gone. They’ve lost a lot, and are starting over with their data. It was a real mess and they are still cleaning up some performance problems a full two months later.

The question becomes, how are you going to protect your most valuable data: customers, payroll, vendors, invoices, payment histories, custom reports, etc.? A few of the easiest ways are outlined below.

46% of SMBs have been targeted by ransomware, 73% have paid the ransom

How to Safeguard Your Business:

  1. Backups:  The biggest thing you can do to make sure your business isn’t vulnerable to hackers it to have good backups with offsite, backup storage.  When attackers get into your system, they know what to look for, including backup files, crippling any business.  Additionally, have a current backup and disaster recovery plan, a “playbook” of processes and activities, invoking backup and disaster recovery services and their interaction with your data and servers.

It is pretty easy to use Microsoft Azure and other cloud services, such as Microsoft’s data recovery vault to ensure that you never have to experience what this client did. Read more about Azure and data recover in “SMBs have access to top notch security and technology.”

  1. Test your disaster recovery plan on a regular basis: By performing a few tests, you will work out any kinks and be confident if sabotage happens, you’ll be up and running in no time. We recommend testing your backup and recovery strategy at various times and from different angles. To do this, conduct regular and random tests in which you simulate an event that would call for data disaster recovery and access to your on-premises or online backup.
  2. Education: Educating your users on how to identify, avoid, and report data threats is the most important method an organization can adopt to protect its data. By teaching them to identify and avoid threats, you deprive cybercriminals of the opportunity to compromise data.
  3. Find a partner you trust: Stay current and informed.  Have a trusted partner to help your business.

Important Take-Aways:

First, make sure you have solid, offsite backups which have been tested.  Look at the backup files – are they complete? Are they valid? There are so many modern-day solutions for SMBs, there’s no reason your business should be without one.  Second, talk to your ERP partner right away.  Make sure together, you have a disaster recovery plan in place.

Have questions about managing cybersecurity for your business? Please contact Galeforce Consulting Partners today to see how we can help!