LEXINGTON PARK, Md. — Omicron is not the only virus businesses will need to contend with as 2022 starts.
To understand what’s happening now, we need to look back to the summer of 2021. Last summer, many local businesses were hit hard by cyber-attacks causing them to lose precious data, time, and money. Most kept it hush-hush as they did not want to admit that hackers and cyber thieves targeted them.
Some might think that small-town St. Mary’s County, and its small businesses, will not be affected by these breaches or hacks. The opposite is true, and smaller businesses are the primary targets of cybercriminals looking for an easy mark. The reason? Most small businesses have gaps in their cyber security, allowing cybercriminals to infiltrate their systems, often with ease.
Along with significant breaches like the Colonial Pipeline and GoDaddy, the local Leonardtown government was substantially compromised by ransomware on the Friday before the Fourth of July. This trend continued into the end of 2021 with major breaches at the Maryland Department of Health. Then if that wasn’t enough, the entire internet has been found vulnerable to newly uncovered exploitation methods.
With cyber-attacks at historical highs, it can seem like too much to deal with or an overblown exaggeration. Business owners can make two choices in 2022 when dealing with cyber security.
The first is they can choose to ignore it and pay the often steep price of consequences later in support of freeloading criminals trying to make an easy buck from business owners. In the most extreme case, businesses have to close because the compromise was so severe.
The second is they can choose to take proactive actions now to strengthen their cyber protections- keeping valuable time, money, and a good reputation that has taken hard work to build, intact, and alive for 2022 and beyond.
Here are five proactive steps that businesses can implement now to help protect themselves in the year to come:
1) Increasing awareness amongst employees: Officially identifying the growing concerns around ransomware and cyber-attacks and how everyone will play a significant role in protecting the business is the first step in protection. As long as there is still money to be made in ransomware, it will remain a threat; organizations will have to be ready for that. Attackers adapt and inflict more pain on businesses, often forcing them to close their doors post-breach.
2) Implementing and improving cyber security training programs: Many attackers will take the approach of targeting your employees. These cyber-attacks could come as ads, emails, spam mail, and text messages to mobile devices, to name a few. Once the employee has opened, clicked on, or allowed the infected data to compromise your system, the ransomware is then deployed throughout your system, causing your business to come to a standstill. Employees can identify potential threats with awareness training programs and education before getting to this level. A healthy cyber security training program should include instruction on all types of threats and the status of dark web data on employees and test phishing campaigns to keep skills sharp.
3) Strengthening password practices: We often think of one password and use different variations of that phrase or word to fit the requirements of what we are logging in to. Now hackers are on to this! Password security and education for employees will play a role in protecting your systems. Using your name, address, birth date, pet’s name, and the same word or phrase allows hackers to see your pattern and access your email, computer, and network. Using random passwords and keeping them in a secure password keeper (not a word document!) will help strengthen your security from these cybercriminals and help remove any risk from breached credentials found already on the web more quickly.
4) Reviewing permissions of employees: Not all employees need access to everything. Many organizations give excessive access to employees because it’s “easier.” The problem with it being “easier” is it also makes it “easier” for hackers to infiltrate the system. By allowing employees to have these permissions, once a cyber breach has occurred, the hacker now has access to everything the employee had access to. By reviewing access for the employees and implementing “Least Privilege,” you potentially limit what cybercriminal has access to penetrate. Users today operate in a complex IT world, and a zero-trust approach can be the best way to achieve this level of security. Many different tools are available to smooth the ability to learn what is needed for each employee so the criminals cannot run their nefarious software.
5) Multi-factor authentication: Imagine a door with a lock; this is your password to your computer. You have the key, and you open the door. If you are a cybercriminal, you can guess the code, but you don’t have the key to open that lock. Now imagine having a key and having a card, thumbprint reader, or an app on your phone that you will have to use to approve access to the “lock,” aka computer. That is multi-factor authentication. Why is this important? If you do not have the key and do not have the other “factor,” you don’t gain access. Simple as that. This level of protection can be critical when using cloud services. These systems are accessible from anywhere on the internet and can be more prone to password guessing or just trying passwords until they get it right.
Protecting your business, your employees, and your livelihood can be challenging. With simple changes, your risks can be reduced. Don’t let your business be the next victim of cybercriminals.
About the author: Bill Heather is the founder of Evolve Cyber Solutions in Lexington Park. Evolve’s mission is to let local businesses go to bed at night knowing their business is protected, even though their competitors might not. Contact us today for a cybersecurity risk assessment to help St. Mary’s County businesses get protected in 2022. Schedule a risk assessment at 301-579-3213 in the first three months of 2022 and mention this article to get 50% off while time slots are available.