We Don’t Have A Huge Cyber Security Need
This was the answer I heard on the other end of the line from a prospective client that had just engaged our services. The Chief Operations Officer that I was speaking with was fairly tech-savvy and felt like the discussion we were having was most likely leading to a “sales pitch”. I assured him that I was not pitching anything in particular but rather going through the essentials that every business owner/manager needed to ask themselves regardless of whether or not they ended up doing business with us.
Ironically prior to this call, I had actually been on a conference with another company that had also just engaged our services a week earlier due to a cyber security breach. The conversation with this company was much much different. Unfortunately they had fallen victim to an email hijack of their Office 365 services and over the course of a few weeks, wired several hundred thousand dollars to a fraudulent actor thinking it was one of their legitimate vendors. YES HUNDREDS OF THOUSANDS! In the initial call with this organization, the owner who was also pretty tech-savvy was devastated and understandably. Once these type of transactions occur, it is very rare to ever get the money back. He was a fairly small business with a dozen or so employees. Ultimately he was going to have to make up the loss out of his pocket. The comment he made that that stuck out in my mind was “We are a small shop with fairly technical staff and try to manage most of this ourselves… we don’t have that big of a cyber security need. But I never though this could happen or that anyone would target us”.
The disparity and similarity between the two organizations were striking no matter how you looked at it. Both felt like they weren’t a major corporation with complex security needs and because of that could handle most of it in-house. One organization was on the safe side of a cyber issue, the other was on the devastation side of a cyber issue.
Why is it that so many small business owners and manager fool themselves into thinking they don’t have to worry about cyber security? It’s our experience that most of the time, small business owners wrongly believe that in order to have a cyber security breach, you have to be “on the radar” of the bad guys and a high financial target. The reality is that most of the bad guys dont target a specific business until the software they use automatically identifies a weak target. They setup software to continually scan for vulnerabilities and more importantly – credentials that are reused between sites and have been breached in the past. Once they have one of those items, NOW you are on the bad guys radar.
So What Do You Need To Do To Protect Yourself?
- Immediately make sure you are not re-using passwords between different sites. Each and every service/site you use should have a unique and complex password associated.
- Make sure you are not using a global administrator account as your personal email/account
- Immediately enable MFA (multi-factor authentication)
- Make sure forwarding is turned off at the global configuration level for your Office 365 account
- Implement a verbal authorization policy for any banking or wire transfers to make doubly sure that any transfers are legitimate
- Make sure you have proper cyber liability insurance coverage!! Can’t stress this enough. If you don’t have coverage or your carrier does not offer this – contact our partners at Connell Insurance. They have a dedicated cyber liability specialist that can make sure you have the proper coverage.
Do You Really Have A Huge Cyber Security Need?
That is technically the wrong question to ask. You should assume that any organization regardless of the size, location, or industry has a need to protect themselves from cyber security threats because they are real and you will face threats on a daily basis. The question you need to ask is – do you have the attention and resources to address these needs on your own or should you engage with a Managed Security Services Provider to assist you with the enormous task.
Get Our Weekly Cyber Security Tips In Your Inbox To Stay Up To Speed On The Latest Threats
Our Past Posts
A year ago, no one could have predicted that countless businesses would shift to a remote work model. The pandemic hit hard and fast, and small businesses had to think