How To Survive Your Inevitable Cyberattack
By David Wagner
Cybersecurity is increasingly synonymous with national security. Unfortunately, massive attacks on businesses and governments around the globe show that cybercriminals may be a step ahead of everyone else in the fight for internet control. To combat this, entire cities are looking to join the fight against cyberthreats. New York City has partnered with two Israeli venture capital firms and a number of major corporations to launch Cyber NYC
An initiative aimed at turning the Big Apple into a “cybersecurity hub” that would attract startups, skilled professionals and students in the field.
The effort does have its doubters, who mostly see it as a marketing ploy rather than a serious attempt at curbing cybercrime. Nonetheless, similar initiatives have been launched in Washington, D.C., and Pensacola, Florida, where the Department of Homeland Security, various branches of the Department of Defense and area schools have created a joint partnership to develop what they’re calling the Cyber Coast.
Whether the involvement of city and state municipalities actually creates more cybersecurity startups remains to be seen. What is certain, though, is that small businesses and startups in every industry must make security and awareness top priorities.
A Small Business Imperative
Startup founders and small business executives should bake security into their product-development processes from the very beginning. If the viable product is not being built with security in mind, then code vulnerabilities will create liabilities when it’s time to take on more or larger customers. Ultimately, such an error will prevent startups from gaining investor buy-in when looking to raise capital
Code will always be audited before an acquisition, so security should be an ongoing strategy and not an afterthought. Instead, start boosting security now by taking these three steps:
1. Educate Your Workforce
Not every breach is the result of a sophisticated cyberattack. Most hackers are looking for the easiest way in, and usually, that comes from employees. Human error is still the primary vulnerability in any cyber-defense system, and one click on an email advertising “HUGE Amazon discounts!” or a “$500 tax credit” can compromise the entire network.
According to the latest AppRiver Cyberthreat Index, 71% of all small businesses reported at least one security incident in the last quarter of 2018, and most said cyberattacks were prevalent among businesses like theirs.
To guard against falling victim, seek out training for everyone on staff so they know how to recognize phishing emails and malicious links and so the business is aware of what best practices to teach new employees. Moreover, make sure the entire team is aware of any security challenges the business is facing. The damage from a cyberattack lasts longer and cuts deeper than most people realize, and many small businesses never recover from a breach.
2. Ascend To The Cloud
The cloud is for more than just data storage. As the threat landscape changes and as older defenses become outdated, cloud security must also evolve. The burden of keeping data secure is better left to a specialized firm because the resources of most small businesses are relatively finite and security tools often require special expertise.
The 2019 Oracle and KPMG Cloud Threat Report highlights the rapid rise in cloud-service deployments among American businesses. Seventy-three percent of survey respondents say the cloud offers more security than they can produce on-site, and 49% indicated that the majority of their organization’s data would reside on the cloud by 2020. As businesses become more and more data-driven, having a cloud service in place becomes mission-critical.
With that said, try different tools before fully committing. Just remember to prioritize ease of use if adding cybersecurity to an employee’s current workflow. If a tool creates an additional challenge for employees, it may disrupt security rather than enhance it.
3. Consider Calling In Reinforcements
A growing number of startups and small businesses are forming partnerships to shore up their cyber defenses, with many choosing to team up with a managed service provider to ensure their IT-related needs are met. Most do so to save money in dealing with everyday tech issues, as partnering with a specialized firm not only gives businesses access to more knowledge, but also can be less expensive than hiring full-time employees.
However, an MSP can be more than just a “password guy” and “printer fixer.” The best MSPs will help businesses utilize IT resources in ways that are more strategic and actually help to advance business objectives. Before deciding to work with an MSP, try to lean on that firm for objective security advice (and technology advice in general). Moreover, most MSPs should be able and willing to help explain important security principles, such as how to take advantage of the cloud or how to train your workforce.
The gravitational pull toward MSPs isn’t specific to small businesses, however. Goliaths like Google are also getting into the action, as a growing network of MSPs helps the omnipresent tech company manage its IT needs and migrate customers to the Google Cloud Platform. When it comes to cybersecurity, more help is never a bad thing.
Ultimately, the first step toward improving security for any company is awareness. Small business leaders in every industry need to understand that a cyberattack is not an unlucky occurrence but an inevitability. Therefore, the sooner preparations begin for the likelihood of a cyberattack, the less damaging the ramifications will be.