Ask the Experts: Have a Question on Managing VMware Workloads on Azure?

Small Business Guide to Cybersecurity and Risks

Protect Your Small Business

Small Business Guide to Cyberattack Risks and Security
When cyberattacks get attention, it’s typically when large corporations fall victim to a large-scale data breach that inevitably reaches the news. However, small businesses are also at high risk, with 43% of cyberattacks targeting small businesses. In addition, remote small businesses may be particularly at risk for cyberattacks as they have less control of what their employees do to compromise their online network.

Cyberattacks are also a much larger burden for small businesses, as they often have less capital to put towards cybersecurity. However, by simply being aware of potential threats and taking some basic precautionary measures, you can significantly reduce your business’s exposure to threats.

Identifying Valuable Business Assets

Before you can develop an effective cybersecurity strategy, you will need to identify assets that could be at risk in the event of a cyberattack. The following are common assets that may be at risk:
  • Employees’ personal information
  • Customers’ personal information
  • Intellectual property
  • Hardware
  • Software
You will then need to prioritize these assets based on the level of risk posed, the financial losses at stake, and the cost and difficulty of the cybersecurity measures needed. Of course, these measures will vary depending on the cybersecurity threat that is being addressed by a business.
Identifying Valuable Business Assets
Common Cyber Threats to Small Businesses

Common Cyber Threats to Small Businesses

Know the types of common cyber threats. The most common cyber threats include:
  • Malware: Malware is any type of software that is used to damage, disrupt, or steal cyber assets. Some common examples of malware include ransomware, trojans, spyware, and adware.
  • Phishing: Phishing is a strategy where the email sender pretends to be a reputable individual in their emails as a way to “fish” for information. For example, they may ask you for a password while pretending to be your manager.
  • Man in the Middle (MitM) Attacks: A man in the middle attack refers to the practice of intercepting communications between two parties.
  • Zero-day Exploit: A zero-day exploit refers to the practice of exploiting a vulnerability before the targeted party is aware that it exists.
  • Distributed Denial of Service (DDoS): DDoS is a type of attack that is meant to overwhelm and disrupt a network by flooding the bandwidth with requests.
  • SQL Injection Attacks: An SQL injection attack seeks to insert malicious SQL code into a target database.
It is important to note, however, that there are many different types of cyberattacks, and they are evolving constantly. As such, you must stay aware of new cyber risks and which types of cyber threats may pose the most risk to your business.
Common Cyber Vulnerabilities

Common Cyber Vulnerabilities

Know the types of common cyber vulnerabilities. The most common cyber vulnerabilities include:
  • Unauthorized or unsecured access to sensitive information
  • Unauthorized or unsecured access to company devices and networks
  • Insufficient employee training regarding cyber threats and security
  • Poor password choice and management
  • Lack of cloud-based backups
  • Infrequent password updates
  • Infrequent software updates
  • Lack of anti-virus software
  • Lack of monitoring software and services
Many other vulnerabilities may be unique to your industry, organization, or work culture. For example, companies that use remote work devices like laptops may encounter unique cybersecurity risks, and therefore will need to choose their devices and create rules for their use with care.
Risk Assessment and Prevention Best Practices

Risk Assessment and Prevention Best Practices

To conduct an effective, holistic cybersecurity risk assessment, you should take the following steps:
  • Identify your assets
  • Determine the value of your assets
  • Prioritize your assets
  • Identify vulnerabilities
  • Evaluate the likelihood of each scenario
  • Evaluate the potential impact of each scenario
  • Determine the cost of cybersecurity measures
  • Document your findings
  • Review and reassess on an annual basis
Although you may be able to assess risks within your business yourself, it will also be beneficial to consult a cybersecurity professional for a comprehensive assessment.

What to Do in the Event of a Cyberattack

All businesses should prepare a response plan to fall back on in the event of a cyberattack. Common elements of a response plan include:
  • Assess the cybersecurity breach
  • Disconnect the Internet and remote access
  • Install any available software updates
  • Determine what parties are impacted by the breach
  • Notify managers and employees about the breach
  • Notify relevant insurance carriers
  • Notify affected parties
  • Document the breach, the parties affected, and steps taken to contain the breach
In addition, you should also notify your cybersecurity service provider if you have one.
What to Do in the Event of a Cyberattack
Response and Recovery After a Cyberattack

Response and Recovery After a Cyberattack

Even if a cyberattack never occurs to your business, it is also important to prepare a recovery plan for any scenario. The following are common elements of recovery plans related to cyberattacks:
  • Change your passwords
  • Update your firewall
  • Investigate the incident
  • Enlist an IT professional to conduct a cybersecurity audit
  • Create a comprehensive report of the incident, affected assets, and measures taken to improve security
  • Release a statement to affected individuals
Depending on the nature of the cyberattack, you may also need to consult an attorney.
Cybersecurity Resources for Remote Businesses and Employees

Cybersecurity Resources for Remote Businesses and Employees

Remote and hybrid workplaces are becoming increasingly common, and as previously mentioned, these business models pose unique cybersecurity risks. The following resources provide information and tools to help businesses meet their cybersecurity goals: As remote work expands, best practices related to cybersecurity for remote workforces will likely evolve.
Cybersecurity Resources for Small Businesses

Cybersecurity Resources for Small Businesses

Further informational resources and tools for small businesses that are interested in improving their cybersecurity strategy include:
  • CyberSecure My Business: This program overseen by The National Cybersecurity Alliance provides programs and informational resources that are meant to help small and medium-sized businesses improve their cybersecurity.
  • Small Business Technology Coalition: This platform provided by the U.S. Small Business Administration (SBA) offers a comprehensive resource of SBA-approved learning and development programs for small business owners.
  • Cyberplanner: This tool published by the Federal Communications Commission (FCC) can help small businesses create a customized cybersecurity plan.
  • Cyber Resilience Review (CRR): This resource published by the Cybersecurity and Infrastructure Security Agency (CISA) provides information and tools that can help small businesses assess their operational resilience as it relates to cybersecurity practices.
  • Stop Ransomware: This resource from the CISA provides information and tools for helping your business understand, minimize, and address ransomware attacks.

For more information about Cybersecurity Services, contact an Account Manager today!

13