While recent ransomware incidents at a major U.S. fuel pipeline and the world’s largest meat supplier made national headlines, cyberattacks aren’t strictly a problem for large corporations.
Whether you own a small business, run a nonprofit or work for a public entity, tightening cybersecurity should be a priority.
“I think everybody would be shocked by the number of these same types of incidents happening day after day, but on a smaller scale,” said Kevin Eisenberg, president of KeyNet Technologies, adding the majority of attacks at the local level never make the news.
And many of the precautions Eisenberg recommends cost little to no extra money.
“Immediately when you say ‘cybersecurity,’ you hear, ‘I’m already spending X and was assured this product will make me secure,’ or, ‘We’re not a target,'” Eisenberg said.
“If you have a computer, you’re a target in today’s threat landscape.”
KeyNet — a Lancaster-based IT firm with its infrastructure housed at DirectLTx in Bern Township — does offer 24/7 threat monitoring and protection among its suite of comprehensive cybersecurity solutions.
Without proactive steps taken by the user to mitigate threats, however, even the most elaborate defenses are vulnerable.
“When we start looking at Colonial Pipeline or JBS, some of those were Security 101 types of things that they could’ve done that would’ve stopped the whole thing,” Eisenberg said.
“If you come to me and say, ‘I went on your website and saw this high-end security center, give me that,’ the conversation has to be, ‘Thanks, but let’s talk about the other things that go hand-in-hand with what we do.'”
- Create a password policy. It may sound simplistic — that is until you realize an old, hacked password was partially to blame for the Colonial attack.
If passwords are too easy or rotate predictably, your systems are at risk. “Standardizing across the organization increases security like crazy,” Eisenberg said, recommending passwords are at least 12 characters and contain an upper case and lower case letter, a number and a special character.
- Educate workers about scams. “An aware end user will do more for you than any security widget,” Eisenberg said, noting attacks are often aimed at people, not computers.
There are free lessons available online, so no need to send employees to a class. Eisenberg also suggests harping on one concern, such as phishing links in emails, so as not to inundate people with information.
- Enable multi-step authentication. Some widely used computer software such as Office 365 has two-step authentication built in. It just needs to be switched on.
“Now, as soon as you try to log in, it challenges you like your bank does,” Eisenberg said, referring to the six-digit codes sometimes used to complete sign-ins. “Let’s say someone gets phished and gives up their password — an MSA will prompt them and immediately shut that threat down.”
- Keep software up-to-date. Whether it’s Windows or any other program, making sure all updates are downloaded and installed is vital.
So far, none of this advice costs a dime, though maintaining devices may be part of a specific team member’s function or role in the company. “You’re starting to drift into IT responsibilities,” Eisenberg said. “But somebody needs to be responsible for it.”
- Buy insurance. Even though it’s way down the list, purchasing cybersecurity insurance is actually the first thing Eisenberg tells clients to do.
“Everyone needs a backstop,” Eisenberg said, arguing it’s a small price compared to a scenario where financial losses from a cyber attack force a company out of business.
- Hire a specialist. Depending on the size of the entity and what’s at stake, 24/7 monitoring may be the way to go. A firm like KeyNet Technologies can, for example, warn you in real-time when it detects 50,000 failed sign-ins from the CEO.
Still, your position in cybersecurity will not end there.
“If you think there’s one product that will make you safe, it just doesn’t exist,” Eisenberg said. “When you’re not doing any of this other stuff, you’re throwing money out the window.”