It’s tough to find high-quality, independent data on cybersecurity breaches in the SMB market. Every year, Verizon releases their Data Breach Investigations Report (DBIR) and it usually contains some useful takeaways about how SMBs can protect themselves from cybercriminals.
At TechMD, we realize you probably have not read this 119-page report and won’t have time to get to it any time soon (if at all). So we did the reading for you, and here’s our breakdown of the Top 3 most relevant takeaways for your business.
1) 85% of breaches involved a human element
When it comes to improving your cybersecurity, training and educating your staff is a critical component of any good strategy. Cybersecurity is not something that your IT can put together in isolation just by installing security products and defining technical configurations. On the contrary, cybersecurity defense is a team sport and requires all members in the organization to participate.
The best approach is to develop relevant cybersecurity policies and procedures, and then train and educate all staff on following those policies and procedures. To be most effective, this process must be customized to your specific IT infrastructure and done under the guidance of a cybersecurity professional.
2) Privilege misuse is a significant factor in cybersecurity breaches
Cybercriminals are very good at creating schemes to gain access to your staff’s credentials. They also know that small businesses are typically sloppy with their management of administrative rights, permissions, and identity management. In other words, a hacker can crack a single user’s password and very easily promote their access to an administrative level in a small business. This method ensures that ransomware encrypts more devices on an organization’s network, which leads to a higher probability of receiving a ransom payment.
You should be asking yourself: how confident are you in the security of your IT policies and permissions? Odds are that you have not hardened your IT assets according to a known benchmark or standardized framework. Talk to a cybersecurity professional or schedule a cybersecurity assessment to better understand where you are vulnerable.
3) Web application platforms are the clear top target
During the pandemic, many employees were forced to work from home and rely more on web applications, and consequently the use of web application platforms like Microsoft 365 and Google Workspace have increased exponentially over the past two years. Many organizations had to migrate to these cloud platforms quickly, and hackers know that small and mid-size businesses tend to overlook basic cloud security configurations. At a minimum, these web applications must be protected by Two-Factor Authentication. If your business does not have an experienced administrator for your web application platform of choice, find a company to work with and do an evaluation.
2022 is the year to invest in your cybersecurity
We hope this article generates some productive discussion within your organization and helps your business move towards a more secure future. If for some reason your organization has not yet invested in a cybersecurity assessment, 2022 is the year to get that done. To hear more about TechMD’s standardized approach to cybersecurity assessments or managed cybersecurity services, contact us here.