Cybersecurity is all over the news thanks to WannaCry’s high-profile attack on NHS (National Health Service) and more than 200,000 systems in over 150 countries. Yet, many companies were unaffected because they fortified themselves against such cyber-attacks. How does a small to mid-sized company prevent a cyber-attack such as one with the reach of WannaCry?
6 Ways SMBs Can Protect Themselves from a Cyber-Attack
- Backups – A good, verified backup is essential for cybersecurity (and disaster recovery) because if ransomware does hit your system, you can delete it and pull your data from your backup. However, some viruses specifically target your backups, so you need systems in place to block them and we suggest backing up your data in three locations – onsite for quick retrieval, offsite in case of fire/theft/water damage, and a read-only copy onsite that viruses cannot write to in case your backups also get attacked.
- Consistent Patching – You need to update your computers and servers frequently to close any vulnerabilities. By the time an update is released, the security risk is known to the IT community for a few weeks and to the hacker community for months already. Hackers try to exploit these vulnerabilities before the updates are made.
- Require Logins & Passcodes – Every company-owned device and mobile device with company data should require a unique login or passcode. Best yet, requiring a login is a free setting and a requirement for nearly every compliance (HIPAA, PCI, etc.). Companies can strengthen their login security with Two-Factor Authentication (2FA).
- Strong Firewall – A network firewall is your first line of defense in protecting your network and a good firewall will block attacks like WannaCry. We suggest doing a Firewall-as-a-Service (FWaaS) subscription instead of investing capital into a firewall because you can get a second unit inexpensively and it provides cloud-based management to continually update to improve security.
- Email with ATD – Most ransomware viruses enter a network via a malicious email attachment or link. Adding Advanced Threat Detection (ATD) scans all links and attachments to make sure they are safe, which prevents users from accidentally activating a virus. For most SMB, ATD costs just $2-3 a user per month.
- Training – Regardless of the company’s size, the company needs to train the employees how to protect themselves. You can take training a step further by using a service that simulates phishing and spoof emails to build awareness about cyber-threats.
A good IT firm should provide you each of these methods and services offerings. If an IT firm can’t help you with these six methods, then they can only reactively help you after you’ve been attacked instead of preventing the cyber-attack in the first place.