2014 saw more companies victimized by data breaches than any year before. Of all those hacks, over 70% were detected by third party organizations, not the actual businesses themselves due to poor security practices. While you may think your company is small enough to fly under the radar of hackers and other malicious parties, the fact is that a majority of investigations of data breaches were conducted with companies that had less than 100 employees. Small size means less resources to prevent a hack, which often makes smaller businesses the first choice in targets for hacks. The first step to ensuring your business’ digital security is to know what you’re dealing with.
The 5 Stages of a Data Breach
Hackers begin by gathering as much information on your company as possible through a variety of methods. Spam emails and phishing scams sent to your employees’ accounts, purchased intelligence from third party sources, security search engines like Shodan, and even Google provide them with basic necessary information. There’s more information about your company on the web than you might think, and hackers want it all.
Then, a recon program will infiltrate your system to gather information on different devices in the network. This will determine identification for the separate devices, where the valuable information likely is, and if there are any other networks connected to this one. Any low-priority computers will be compromised to serve the hackers purposes
High value targets will then be leveraged for greater mobility within your network. The hacker will escalate their privileges by guessing passwords, as many users tend to leave theirs as the default, which only makes the hacker’s job easier. Once they have an administrator account, they can access the server to target the most valuable information: client and employee financial information, social security numbers and health records, all of which can be monetized for sale on the black market.
If the hacker believes your business could yield further valuable information in the future, they will set up back door access that will allow them to return and steal more data without tripping an alarm.
In the last stage the hacker will export all valuable information, which tends to be surprisingly easy given that most small businesses don’t monitor what leaves their network. The data can be sent to any server through a website, such as Dropbox or Google Drive, where the hacker access it with ease for sale at a later date.
What Can We Do About It?
There are resources available to companies to help them determine what their digital vulnerabilities are:
The Department of Homeland Security provides a framework for self-assessment
The Council on Cyber Security provides the Critical Security Control:20 (CSC20), a checklist for business evaluation, however, it is meant specifically for use by security teams. If you already have service with an IT security vendor, inquire about the CSC20 with them.
This list covers a variety of ways in which security teams can help ensure their clients’ digital security, including:
Know your system by keeping track of authorizations, legitimate accounts and be sure to prevent connection from outside wireless devices. Furthermore, be sure that your system is robust for your needs; improper configuration often leads to critical vulnerabilities. Also, properly train your employees so they know what they’re dealing with, what the security procedures are, and how to identify a security concern when it arises.
Be sure to prevent remote access from any service that doesn’t seem legitimate, and those that you do grant remote access to should be filtered appropriately. To prevent exports to external servers, be sure to control the flow of data both in and out. Also, keep your critical networks separate to prevent hackers from accessing all networks by hacking just one of them.
Ensure that your business has a dependable automatic backup system in place, and test it regularly to guarantee its feasibility if your company suffers a disaster.
Keep your anti-virus software up to date and your firewalls properly configured to ensure against malicious digital threats.
Maintain all your hardware and software to keep them up to date with patches and known vulnerabilities. Keep track of your activity by reviewing audit logs and responding to incidents in systematic way. Conduct regular internal and external penetration tests that mimic attacks and identify vulnerabilities that you may not have foreseen. Overall, develop an effective plan and stick to it.
What Can You Do About It?
This is a lot for any small company to keep track of. If your IT department is limited, or you are without a security vendor, there are still measures you can take to help supplement your business’ digital security against data breaches. The keys to your basic security are:
Keep your systems up to date.
Educate employees in correct procedures and how to identify phishing schemes.
Enact an effective backup and disaster recovery plan.
Consider employing an application whitelist for critical systems to prevent unauthorized programs from operating within your network.
Stuart Crawford serves as Creative Director and CEO with Sebring, FL and Fort Erie, ON-based Ulistic, a specialty MSP Marketing firm focused on information technology marketing and business development. He brings a wealth of knowledge and experience pertaining to how technology business owners and IT firms can use marketing as a vehicle to obtain success.
I want to start MARKETING my managed services business and creating a steady stream of new business opportunities.
Start With Ulistic. Enter Your Details Here.
Satisfied With Your Lead Generation Efforts?
MSP Lead Generating Website
Get Found On Google
Share Great Information
Create Strong Social Networks
BOOK YOUR COMPLIMENTARY 60-MINUTE, NO OBLIGATION MSP WEBSITE REVIEW WITH THE ULISTIC TEAM.
We've been working with Ulistic for a couple years now and can't be more happy with the relationship. They are not only a great marketing company that specializes in MSP's but a true partner to help us grow our business.
We are an Australian based MSP and have been working with Ulistic for the last 4 years. The team there have been instrumental in our growth and a valued partner of our business.
Great Company to work with, very much enjoyed working with Stuart and his team. Thank you for all you do. Thanks
Ulistic is amazing to work with, they go the extra mile to make sure their clients are completely satisfied! Highly recommended!
The event in Covington, KY was informative and interactive. It gave a platform for shared success stories from Ulistic clients as well as opportunities for constructive criticism. A great event for relationship building with other MSP's and Ulistic's top decision makers.
Great company to work with. Always exceeds expectations and keeps us heavily involved with our marketing strategy.
Ulistic has taken over a HUGE part of our marketing department and therefore taking the burden off us. Ulistic replaced a vendor that just did email marketing for us. They are fast, efficient and always awesome to work with. Between building a new website, new branding and all-over presence, we could not be happier with the results! Big thank you to the Ulistic Team!
At the beginning of this year we hired Ulistic to take care of our website, SEO , and digital marketing. As expected it took a little while to gain traction but now we are going on 9 months and our phone is ringing with solid leads every week. Ulistic is very responsive to any requests we have and their team is outstanding. If you are an MSP and looking to increase your business then Ulistic is in my opinion the only choice.
In a conversation with Stuart last week, we figured out that we'd been doing business together of eight years. Over the course of those years, as with any business relationship that long, there's been an ebb and flow. In the overall, however, Ulistic has provided good value for the expenditure I could afford. We've just increased our budget and commitment to Stu and his team, and I'm expecting great things moving forward! Thanks Ulistic!
Been working with Ulistic for many years. Not only do they come up with creative ways to get us new opportunities and leads, but they're also there for us when we need special projects in a pinch. Stuart and his team definitely have a good thing going for us.
Fantastic people. They have been great for our business.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.