Various studies have shown that the small businesses in general are not prepared to ward off cyber-attacks. In fact, a recent nationwide study showed that a full 78% were unprepared even though 60% of them had already suffered an attack. You don’t have to be Equifax, Uber or Home Depot to be a target. Today, almost 50% of attacks are against small to mid-sized businesses (which lost an average of $32,000 each) simply because cyber-criminals realize that they are easier targets than the big companies that have spent millions of dollars to protect themselves. That study also showed that it took these small businesses more than a month on average to recover. Other studies have shown that as many as 60% of attacked businesses that suffer a shutdown eventually go under.
Because of the growing public concern over the unauthorized release of personal identifiable information (PII), all companies should be concerned that their customers will begin to choose retailers, vendors, suppliers, service contractors, etc., based on how comfortable they feel about these companies’ IT security.
So how do you spread confidence instead of worry? Begin with an in-depth IT and Cyber Security Assessment, then get the word out. Of course, before you get the word out, you need to take the time to follow the security recommendations, if any, that may be presented to you. (If there are none, that’s great! Let the world know how up-to-date you are.)
In addition to providing great public relations fodder, a comprehensive IT and cyber-security assessment will benefit your company in another way…right away. The managed IT support company you bring in to run the assessment process will alert you to vulnerabilities in your IT network and patch them, because a properly done assessment is a lot more than just a scan of your network, and will alert you to more than just viruses and malware.
Older technologies that you are still using may be ill-equipped to deal with new threats. That includes hardware and software that you may be updating. It will also show you hard drives, firewalls, servers and other equipment that are at or near end-of-life and are at risk of failure. It can also make you aware of software and equipment that is no longer supported by the manufacturer, meaning that updates to protect your system from cyber-attacks will no longer be available.
An assessment can also show you where you need to be concerned about lack of password security, such as multi-factor authentication, or need for encryption. It will show you where your firewall(s), although in perfect working order, may be consumer grade equipment where business-grade is required. Backups: The single most important component of a secure IT network is your backup process. The assessment will help you determine if your Recovery Time Objective (RTO), how long it will take to bring your system back to 100%, and your Recovery Point Objective (RPO), how many minutes, hours, or days of data you are comfortable losing, is appropriate for your business. It will also show you if your backups are actually as secure as you think they are. (Note: we have been called in to try and rescue data when data files AND backups have been locked down by ransomware. This can and must be avoided.)
At DynaSis, we have been providing assessments and network protection to the small to mid-sized business community in Atlanta, including advanced business continuity protocols since 1992. We would be happy to begin a conversation with you, so call us at 678-373-0716.