In the time it takes you to read this article, an estimated 30 companies will fall victim to some type of cyber-attack. And this number is growing every year. The reason is simple: cyber-attacks are more profitable than other crimes, including the drug trade.
It takes a concerted effort to thwart hackers, but many businesses incorrectly assume they are too small and insignificant to draw the attention of hackers. Nothing could be further from the truth. More than half of cyberattacks are committed against small to mid-size businesses. According to Mastercard, 66% of small to mid-size businesses had at least one cyber incident in the last 2 years. Every business, large and small, should implement the following tactics that can persuade hackers to look elsewhere for their next victim.
1. Continuous Monitoring
Many hackers will infiltrate your systems and networks, and then lay low for months, sometimes even years. This allows them to quietly monitor your activities undetected, watch your every action, and then pounce when the time is right.
By implementing a continuous monitoring system, you’ll know the exact moment hackers find their way into your environment. In addition, you’ll understand exactly how a hacker sees your network—every gap and open doorway inviting them in.
Continuous monitoring systems work by continually analyzing your Internet-facing assets, cross-checking against known threats, and flagging any changes. You’ll receive alerts whenever there’s a breach, either in your own environment or in your vendor’s. Do not settle for simple scores or grades in your monitoring system, focus on getting actionable insight to improve your own environments and those of your critical vendors.
2. Turn on Two-Factor Authentication
According to Windows Central, 99.9% of accounts get hacked because the owner failed to turn on two-factor authentication. For example, in January 2021, 1.2 million Microsoft accounts where hacked. The common denominator? None of them turned on two-factor authentication.
While it’s critical to do this for your personal and business accounts, it’s also critical to hire vendors and purchase software that employ this method of deterrent against cyber-attacks. Software without two-factor authentication invites password spraying—a high-volume attack on passwords using common combinations. Single Sign-On and cloud-based applications are particularly vulnerable to password spraying if they don’t include two-factor authentication.
3. Assess Your Vendors
With the changing business environment over the last year, it’s more critical than ever to monitor your third- and fourth-party vendors. As the popularity of working from home continues, along with BYOD (Bring Your Own Device), and ease of access to the cloud, the number of gaps in your environment increases, and can feel like you put out the welcome mat for hackers.
Data encryption, employee education and training, and the use of VPNs can help, but it’s up to you as the business owner to do your due diligence and assess your vendors’ security practices. Risk assessments combined with continuous monitoring can give hackers the 1-2 punch and notify you of any risky practices or insecure environments.
Don’t Be the Next Victim
It’s time you saw your business as hackers see it—as a target. Complete this form to receive a personalized walk-through of ProcessBolt and learn how we can enhance your organization’s third-party risk management program.