According to The PSA Network, in the past 12 months 68% of small businesses have experienced a cyberattack. And yet, 70% of small business say that they are not prepared to deal with the aftermath of an attack.
Defendify Co-Founder Rob Simopoulos was recently interviewed by Candice Aragon of The PSA Pod, a podcast by The PSA Network that shares insights on the system integrator industry and features various guests across the industry, on tangible steps you can take to defend your small business from cyberattacks.
Cybersecurity in the Spotlight
There is a growing awareness among organizations about cybersecurity. This is in part due to the growing number of incidents that have been picked up by the media. Over the past year, Ransomware attacks have been making headlines weekly. According to Rob, the cost of ransomware totaled about $7.5 billion in 2019.
And it’s not just the big corporations being hit. Hackers are increasingly targeting cities, municipalities, and even schools. In the spring of 2019, Baltimore was hit with a ransomware attack that cost the city tens of millions of dollars. Small businesses, which are defined as businesses with less than 500 employees, are also being hit just as hard as the bigger companies and organizations, Rob adds.
From a security and system integrator perspective, attackers are targeting integrators more frequently as a method to access sensitive customer data. System integrators often have access to valuable customer information such as floorplans, network topology drawings, IP addresses, and remote access to their customer’s sites, making them the perfect gateway to other companies.
This has changed the way that many companies look at potential vendors, resulting in an increase in third-party vendor security assessments, insists Rob. As such, system integrators must start taking the necessary steps to show their customers that they take cybersecurity seriously and are properly protected. Check out our video series with Rob Knake, former Director of Cybersecurity Policy at the National Security Council on tangible steps you can take to prepare for a third-party vendor security assessment.
According Rob, another common cyberattack used by hackers are phishing emails, where adversaries impersonate real people and craft emails that appear to be coming directly from the source. Often, it can be difficult to identify which emails are real and which ones are fake. With Defendify, you can train your employees to recognize and avoid phishing emails by using simulated cyberattacks.
In this podcast, Rob outlines several steps companies can take to protect themselves against unwanted phishing, ransomware attacks, and other common tricks used by adversaries to gain access to your information.
It’s important to go through a secondary verification process for all unexpected emails, especially when they are finance related. Rob suggests using a different form of communication, such as a phone call, when verifying any suspicious or unexpected emails.
Written Incident Response Plan
Creating a written incident response plan before you are hit with an attempted attack is critical, according to Rob. This will help ensure that you and your company are prepared to combat any attacks or threats effectively. Defendify’s simple tool helps you build your plan, clearly detailing how to respond in the case of a security incident, including what steps need to be taken, when they need to happen, and who takes responsibility for what. Check out our blog post, Be Thankful You Created an Incident Response Plan, on more reasons why you should create a written incident response plan.
Investing in Cyber Insurance, a specific kind of business insurance you can implement to offset the financial strain and remediation burden of a cyberattack, is an great way to prove to your customers you are serious about cybersecurity and to protect your company from the financial consequences of a cyberattack.
Find an Attorney
Rob also suggests having an attorney available to you who is an expert in cybersecurity. Partnering with an attorney that specializes in cybersecurity will ensure you are compliant with any state or federal security requirements and help you navigate any potential legal proceedings over privacy and security breaches.
Cybersecurity doesn’t have to be complex. With Defendify, you can train your employees to recognize phishing and ransomware emails and engage your team through classroom-style online education, training videos, and more.
“There really is no silver bullet.”
To better understand cyber security, Rob suggests comparing it to physical security— it’s a layered approach.
“There really is no silver bullet. It’s not like you install this one thing and all your cybersecurity needs are taken care of,” insists Rob.
Rob notes that a large portion of small businesses are only protecting themselves with antivirus and firewall. A truly comprehensive cybersecurity plans needs more. At Defendify, we took all the cyber tools you need and packaged them into an all-in-one cybersecurity platform that delivers everything you need to strengthen and manage your organization’s cybersecurity.