John Ambrose Fleming was about to unveil a wireless technology before the public that was sure to change their lives. After investing weeks of effort into his demo, the day finally came. He was just about to send a transmission before an eager crowd of onlookers when suddenly the device came to life.
It had been hacked: “there was a young fellow of Italy, who diddled the public quite prettily.” Lines from a Shakespeare poem mocked John in front of his audience via Morse code.
When Guglielmo Marconi invented wireless technology, he had advertised it as “completely secure.” Turns out it was a false sense of security, and a certain whimsical saboteur was eager to prove the point. By the way, did I mention this all happened in 1903?
A false sense of cybersecurity
It has been nearly 120 years since the wireless telegraph’s memorable debut, but today’s small businesses still fall into the same sense of false security that plagued its inventor: “it can’t happen to me.”
We read about cyberattacks on massive scales each week – Microsoft, Meta and American Airlines. Media coverage can create the impression that small businesses are immune to cyberattacks: unfortunately, nothing could be further from the truth.
According to a recent study, small businesses are actually 350% more likely to be targeted by cyber actors than large organizations. Between 2020 and 2021, over 60% of all small-to-medium sized businesses (SMBs) experienced a cyberattack, from ransomware to data breaches and phishing attacks. Today, that number is only rising.
How to harden your business against cyberattacks
So how can you harden your business against cyberattacks and avoid becoming yet another statistic? Ultimately, the first step is to understand you are at risk, and to understand why. That’s why our list begins with:
1. “Know the enemy”
Sun Tzu’s immortal advice is highly relevant in the field of cybersecurity – understanding what motivates cyber actors can help businesses understand why they are in danger. Most cyber actors are looking for sensitive data (or ransom payments) they can profit from easily. Large businesses may have the most data, but they also have the largest cybersecurity budgets – so cybercriminals go for the small targets first.
2. Avoid cutting corners
In a recent blog post, we talk about the hidden cost of cutting corners. Today, nearly 80% of businesses are behind on IT transformation: despite that, they are spending more on IT than ever before. That’s because cutting corners on IT creates new costs, and expensive data breaches are just one of them.
In 2022, the average cost of a data breach has reached $4.35 million U.S dollars – but according to a recent study, only 50% of SMBs have a cybersecurity plan in place. Weigh the costs carefully – sometimes you have to spend money to save money in the long term.
3. Regularly backup your data
Schofield’s Second Law of Computing states, “data isn’t real unless it exists in two places.” To build resilience against ransomware and other forms of cyberattacks, organizations should have a data backup system in place, and those backups should be easily accessible/restorable within a rapid time frame.
While there are many backup options – including traditional forms of on-site and off-site storage – cloud is by far the most popular choice today. As long as it is configured with the right security controls (two-factor authentication, secure machine images and no exposed buckets), cloud is very safe. And since a public cloud instance resides off your network, it will create an air gap between attackers and your backed up files.
4. Get a cybersecurity assessment
In order to develop a roadmap for future cybersecurity spending, it’s essential to understand the gaps in your IT infrastructure and rank them by importance. Start by getting a professional assessment based on federal cybersecurity standards like NIST 800-171.
Cybersecurity assessments can vary in cost and intensity – a thorough vulnerability assessment will reveal easily missed weaknesses. But even a short and informal assessment by qualified experts will provide crucial insights that could save your business from a data breach or ransomware attack.
5. Train your employees
Are your employees aware of the way their actions can compromise your business? While some might know better than to click on a suspicious link in their inbox, cyber actors are growing more sophisticated every today. Today, 91% of all cyberattacks begin with a phishing email – and that doesn’t count all the other ways your employees can be targeted.
Storing sensitive data on an unauthorized device and misplacing it – friending a “colleague” on social media and sharing information with them – accepting a USB drive from a stranger and connecting it to a workplace computer. These are all simple mistakes that can have catastrophic consequences.
Ensure that your employees understand these and many other dangers by providing them with thorough cyber training – this creates a human firewall of knowledge that malicious actors will struggle to penetrate.
6. Rely on experts
Today the cyber landscape is changing at a breakneck speed. Cyber actors are constantly innovating, and as businesses become more dependent on IT, vulnerabilities are multiplying. Knowing which ones to prioritize in the present has become a difficult task and knowing how to plan for the future has become impossible without IT and cyber expertise.
Going it alone is not an option for businesses who want to harden their IT infrastructure in the short term while building long-term resilience. Now more than ever, organizations need the input of unbiased, third-party experts like virtual chief information officers (vCIOs) who understand the evolving world of cyber threats from both a technical and business perspective.
Build cyber resilience with MainSpring
Security threats have been around for more than 100 years, and with the rate at which they are accelerating, it’s safe to bet they’ll be around for another 100 years as well. The key to surviving in today’s evolving cyber landscape is to adopt a proactive mindset, preparing your employees for social engineering attacks, and continually improving your IT systems with better security controls.
It’s hard to put a price on long-term resilience and safety from threats that can bankrupt your business. Ultimately, good cybersecurity is worth the investment, and with a world-class managed service provider (MSP) in your corner, the efforts you make today will pay dividends tomorrow.
MainSpring is your go-to for IT strategy and support. Our award-winning managed services are handled by a diverse team of experts on the cutting edge of business technology, with decades of combined experience serving small-to-medium sized businesses. We adopt a proactive mindset to every customer, taking ownership of your results and working diligently to exceed your business needs. To learn more, contact us today.