February 7, 2022

In Part 1 of “The Basics” article series, we covered the proactive steps a small business should take to harden cyber defenses.  In this Part 2, we’ll discuss what happens to your digital systems and data in a cyber-attack and the steps to take if your organization is breached.

What happens to digital systems and data in a cyber-attack? 

Your business might have a disaster recovery plan, but does it cover your digital systems and valuable data? In a cyber-attack, you could lose your business’s network access and data. A basic recovery plan should detail the steps to get you running:

1. Stay calm and assess damage. What was stolen, lost, or held ransom?  

There are few things that can cause more panic than the realization the enterprise has been compromised.

Reacting impulsively in the face of internal panic could do more harm than good. Focus instead on minimizing the consequences by taking a measured, thoughtful response to the problem at hand.

Keep in mind also that just as you wouldn’t want anyone to disturb the crime scene in a television drama, the evidence of a breach should also remain intact. The team investigating the compromise shouldn’t erase or alter any logs in a hurried attempt to “do something.” This forensic evidence may be needed later by investigators or in a court of law.

2. Respond immediately

The sooner you respond, the more money you can save and quicker your business can recover. According to an IBM & Ponemon Institute study, “leveraging an incident response team was the single biggest factor associated with reducing the cost of a data breach – saving companies nearly $400,000 on average (or $16 per record).”

Audit your systems to figure out what happened. A professional security analyst can help determine the scope of the attack and recommend actions to plug security gaps.  Verifying the attack involves:

• Identifying which systems and data have been compromised. Is it just names and addresses or more serious data such as passwords or credit card numbers?
• Determining which IP addresses were used in the attack.
• Confirming the type of attack (Virus? Malware? Unauthorized remote access? Something else?).

3. Quarantine the Offender and Restore/Recover

Much like you keep a sick child away from siblings, isolate infected computers. By acting quickly to take the source computer or impacted applications off the network, you can better contain the cyber-attack by preventing any virus or malware from spreading.

While the initial reaction may be to take down your entire network, this could actually hurt you more than the hacker even dreamed by disrupting your operations and causing reputation damage with customers and in the marketplace.

Your cybersecurity specialist should identify the damage done and check for backdoors which hackers may have set up to enable future access to your system. It may also be that a trusted supplier was hacked, and the compromise originated there. In that case, be sure to block connected accounts until they resolve the issue on their end.

It’s not enough to quarantine the offender and then restore/recover.  There should be vulnerability scans, patching, hardening, etc. before systems come back online (assuming a good backup).  The idea is to stop the attack, harden against further attacks, and then restore/recover. Otherwise, it’s just a repetitive cycle.

“The average time to identify a breach was estimated at 201 days, and the average time to contain a breach was estimated at 70 days.” — Ponemon Institute

4. Allow Recovery Time

The attacked computers or servers will need some recovery time, just like a sick child does. Prioritize the order for cleaning and restoring based on how critical each component is to the business. You’ll want to install your most recent clean backup and change logins and passwords for all impacted systems.  Use completely different random passwords. Take this opportunity to confirm that there aren’t any systems still using default passwords or something obvious like “admin or password.”

This step requires you to actually have a backup of your important files. We hope you’ve been following our regular advice to consistently back up and verify sensitive and critical information to an offsite device that is not connected to the network.

5.  Disclose the Breach to Necessary Parties

Stemming the internal damage from cyber-attack is only part of the process. Once a threat or vulnerability is detected, have a protocol in place for immediately informing users on the network. For instance, warning other users on the network or customers to discard rather than download an email ostensibly from someone in your company can help stop the spread of a well-crafted social engineering attack.  If the cybercriminal discovered your banking information, call your bank and ask to cancel cards and issue new ones.  If financial information is compromised, you should regularly monitor/audit transactions to ensure validity.

Companies must also share their information with law enforcement and/or regulatory officials. There may be regulatory mandates to follow and even fines to pay but resolving these quickly can help alleviate industry concerns on hearing of the attack.

Plus, your company may need to go public with the information to customers and stakeholders. In weighing the public relations cost of admitting a breach, consider how much worse things are for the company that tries to keep the attack secret and is later discovered to have withheld information. Remember: from a PR standpoint, it’s always better to be in control of the message rather than have a journalist break the story for you.

6. Plan Against the Next Attack

It’s a tough pill to swallow, but this could happen again. It’s the last thing you want to hear when your company is already dealing with an attack, but it’s true.

Try to learn as much as possible about how the attack came about in the first place and why you may have been a target. Was the attacker trying to gain access to certain information, disrupt business, or take over systems to enact a larger attack? Better understanding the motivation for the breach can help you in formulating the updated, and improved security plan.

If you didn’t already have an incident response plan in place, consider this experience as the wakeup call you needed. Further, a cyber security review to determine the gaps in your cyber posture and a disaster recovery plan should also be established.  Given the average cost of a cyber-attack highlighted above, it should be easier to justify the expenditure to establish a response team and plan proactively.

Conclusion

Your company is not too small to worry about a cyber-attack and having cybersecurity processes in place can save your business money and time and potentially save your business.

It is critical for your IT staff to develop and maintain strategies, enforce policies, and remain vigilant with essential cyber protocols. For those companies without the internal expertise, we recommend finding a trusted partner to help with your security posture.

If you want to protect your business or think it’s already been compromised, reach out to our team at Guard Street to learn more about how we can help protect all that you’ve built.

About Guard Street

Guard Street, headquartered in Wheaton, IL is a high-tech cybersecurity and protection company arming businesses and consumers with world-class products built to protect what matters most.  Guard Street products, Cyber Attack Protection Plan and Remote Workforce Cybersecurity, provide a full range of vulnerability alerts, incident response, email security and cyber liability insurance that empower our customers to be less vulnerable to cyber risk and help ensure that organizations recover when they are a victim of a cyber-attack.

Learn more at www.guardstreet.com or engage with us on our social media pages below.

© 2022 Guard Street Partners, LLC.

November 17, 2021

Too many businesses think they are too small to worry about a cyber-attack, and many small businesses don’t even think about cybersecurity until after a cyber-attack. Not having cybersecurity can cost your business money and time and can result in lost or exposed sensitive information. The damage to your business’ reputation can be just as detrimental as well.

However, there are essential proactive steps you can take.

Why do you need cybersecurity?  

If you’re connected to the internet, you’re at risk.  Just like protecting your home, you must protect your digital assets.

Cyber-attacks are the new normal for small businesses. While most media reports have focused on corporate mega breaches, small businesses are now the new frontier for cyber criminals. In fact, a Ponemon report said 58% of small businesses experienced a data breach in the last 12 months.

The average cost per attack averages $200,000 based on a recent Hiscox study.  Even worse, one report suggests that 60% of small businesses fold within six months of a cyber-attack.

Why are small businesses so vulnerable? 

There are major reasons small businesses are particularly vulnerable to cyber-attacks:

• They think they’re too small to be attacked.
• They don’t allocate enough of their budget to IT or Cybersecurity.
• They can’t afford dedicated IT staff. And if they can, training and budgets are often inadequate. There are affordable IT, dedicated cybersecurity companies and packages that can work for you on a turnkey basis to protect and inform your company.
• Inadequate or non-existent computer and network security. Small businesses can’t respond to threats quickly enough or can’t detect them at all.  Here again, there are affordable approaches most small businesses aren’t aware of.
• Lack of a backup plan. Many small businesses don’t back up their data offsite. Many of those that do don’t test and validate that data was backed up to ensure accessibility in an emergency.
• Employees unknowingly help cyber criminals attack businesses. Employees need to be more aware of attack methods as varied as social engineering calls and email scams.  Policies also need to be put in place and enforced to mitigate the risks caused by employees.
• Small businesses are easier to attack. Hackers can find entry points to access valuable data more readily because of the absence of protection. Criminals can also use the business’ credentials to attack larger targets like suppliers and clients.

Common cybersecurity threats for small businesses

There are many cybersecurity threats for businesses. Here are a few common ones:

• Email and phishing scams use email and text messages to hook victims. Fake, official-looking information asks victims to click on a link to a web page and then enter sensitive financial and personal data. Cybercriminals use the data for identity theft, further attacks, or resale.
• Passwords. Cyber criminals can get access to passwords by tapping into databases, looking at servers to find unencrypted passwords, and using email, text messages or social engineering.
• Server attacks. DOS (Denial of service), SQL injection, and drive-by attacks target websites and servers. DOS attacks overload system resources so they can’t handle the volume of service requests. SQL attacks read and modify sensitive data in databases. Drive-by attacks plant malicious code that will infect a visitor’s system to capture and transmit their sensitive data.
• Man-in-the-middle attacks involve hackers intercepting data from a victim on a fake page. These attacks may also use phishing.
• Social engineering attacks involve human interactions to acquire sensitive information. This can include attacks like phishing and physical activities. For example, a bad actor could leave a USB key loaded with malware in your business, then an unknowing employee could plug it into a company computer and now be open to malware or other malicious programs.

Tips for securing your business from cybersecurity threats 

The first step is to assess your risk.  From there, it’s important to address any vulnerabilities and mitigate potential risk to your business and your customers.

• Assess risks and vulnerabilities. Hire a cybersecurity specialist to test all systems that have external access, such as websites, file shares, and other services. You should set up a simple, external vulnerability scan for your business at a regular cadence for maximum protection. Creating procedures to follow in case of a breach and making network and computer security top priorities (on par with other key business priorities) is equally important.
• Have a plan for all devices. You and your employees are likely accessing business data from multiple devices. While it’s very convenient to check work emails on your phone, that also opens a potential vulnerability. Be sure you’re incorporating mobile device security into your cybersecurity plans.
• Employee training is key. Make sure your employees are aware of cybersecurity threats and security policies. Educate employees that the impulse to trust others is one of the social engineering hacker’s key tools. Reiterate the importance of following protocol and questioning credibility before acting. Be sure to update your training procedures as you roll out new policies continually.
• Follow best practices for passwords. It’s prudent to make all passwords strong and unique. Additionally, use different passwords for different accounts. Make using strong random passwords containing letters, numbers, symbols, and special characters mandatory. Good passwords shouldn’t be easy to remember. Also, prompt your staff to change all passwords every few months.
• Use two-factor authentication to login to apps and systems. An increasing number of apps and e-commerce websites use two-factor authentication to verify a user’s identity. Users receive a numerical code via an authenticator app and enter it along with their password to gain access. For sites that don’t support an authentication app, you can also receive codes via email or text.
• Update your software and systems continuously. Make sure you’re running the latest versions and security patches. Properly configure network security and use antivirus software.  Monthly vulnerability scans can assist you here.
• Backup all your data as protection against ransomware attacks. Use an offsite cloud provider in addition to on-site backup.

Make sure your digital tools are secure  

You can take all the right steps to secure your business and still be vulnerable to cyberattacks if your digital tools aren’t secure.

There is no such thing as a 100% secure tool.  That’s why you need to use products and services with a track record of success in the security and privacy space.  We also suggest layering tools.  In other words, use an appropriate tool for an appropriate activity.  For example, use both a password manager and a virtual private network.

What’s an incident response and recovery plan? Do I need one? 

A basic incident response and recovery plan should identify steps to assess damages and restart operations in the event of a cyber-attack. It should also determine who’s responsible for which tasks and how often to update the plan.  It should involve a cybersecurity specialist to help you through the steps and take immediate action to help your business recover quickly.

In Part 2 of our Small Business Cybersecurity article, we’ll discuss what happens to your digital systems and data in a cyber-attack and the steps to take if you are breached.

Conclusion

Your company is not too small to worry about a cyber-attack and having cybersecurity processes in place can save your business money and time and potentially save your business.

It is critical for your IT staff to develop and maintain strategies, enforce policies, and remain vigilant with essential cyber protocols. For those companies without the internal expertise, we recommend finding a trusted partner to help with your security posture.

If you want to protect your business or think it’s already been compromised, reach out to our team at Guard Street to learn more about how we can help protect all that you’ve built.

About Guard Street

Guard Street, headquartered in Wheaton, IL is a high-tech cybersecurity and protection company arming businesses and consumers with world-class products built to protect what matters most.  Guard Street products, Cyber Attack Protection Plan and Remote Workforce Cybersecurity, provide a full range of vulnerability alerts, incident response, email security and cyber liability insurance that empower our customers to be less vulnerable to cyber risk and help ensure that organizations recover when they are a victim of a cyber-attack.

Learn more at www.guardstreet.com or engage with us on our social media pages below.

© 2021 Guard Street Partners, LLC.