Despite the widely reported fact that 43 percent of cyber attacks target small businesses, most SMBs remain far too likely to skimp on cyber security essentials. Meanwhile, hackers increasingly target low-hanging fruit, leaving small businesses vulnerable to malicious exploits.
“It’s always the easiest target,” says Brian Maletsky, the Director of IT Operations at Capital Network Solutions. “Why climb to the top of the tree, when you have a nice apple right there?”
Before joining CNS in June 2019, Maletsky worked as a Systems Administrator at Schools Financial Credit Union. As a giant target for international hackers, financial institutions need to meet the highest standards of cyber security. Maletsky now brings his cyber security expertise to Sacramento small businesses through our managed IT services and support plans.
However, there are a few security vulnerabilities that small business owners can fix right now, even without the 24/7 support of a managed services provider. Maletsky walked us through a few of the most common cyber security mistakes made by small businesses.
1) Ignoring the Basics
Hard to believe in this age of data breaches and ransomware attacks, but some small businesses still skimp on the cyber security basics. Not every business needs to spend big on cyber security. However, every organization, no matter their size or industry, should institute these essential cyber security measures:
-
Firewall and antivirus
-
Software patch management
-
Data backup protection
As a managed IT services provider, these are the kinds of services that we provide and monitor for Sacramento area businesses.
2) Uneducated Employees
Maletsky warns that even if you institute basic cyber security measures, most cyber attacks still get caused by human error. “If you have the most basic things in place and your employees are educated, you’re in a better place than a company that has tons of security and people are totally uneducated,” he says. “The hackers need somebody to click on something, to open an email, to run the program.
According to Maletsky, common user errors include:
-
Clicking on too many things
-
Saying yes to things that they don’t understand
-
Not asking questions
The remedy is cyber security awareness training, a program that simulates phishing attacks and tracks cyber security mistakes in real time.
3) Too Much Trust
Of course, cyber security weaknesses go deeper than a lack of funding and up-to-date technology. A healthy lack of distrust can destroy a small business.
“They trust each other so much within their organization,” he says. “They’ll give someone administrative access to things that they should protect.”
Maletsky’s advice for small businesses looking to clean up their cyber security mistakes:
Trust not to trust.
4) Unsecured Wi-Fi Network
According to Maletsky, small businesses usually overlook security vulnerabilities on their wi-fi networks. “They don’t think about it,” he says. “They never change passwords, and then they fire people.”
Maletsky advises segmenting the wi-fi from your internal network. “My honest opinion about wi-fi networks is, in a business environment, it should never touch anything except for internet,” he says.
5) Bad or Nonexistent Password Policies
Password sharing still happens, especially in small businesses that trust too much and lack clear and enforceable security policies. “The trend needs to go away, to the point where people don’t even know their passwords, where it’s all biometrics,” Maletsky says.
In the meantime, there are a few ways that Sacramento small businesses can improve their password protection.
Make all passwords at least 16 characters long. Longer-string passwords, even if they are repetitive, make it much harder for hackers to successfully execute brute-force attacks.
Institute multi-factor authentication. Numerous apps on the market are available to add an extra layer to your password security.
Don’t use the same password twice. Hackers know that people use the same passwords over and over. If they get one of your passwords, they will try it on every website they can find.
6) No Plan for Mobile Devices
Our decentralized age of remote workers and BYOD adds another security problem into the mix.
“Every different piece of equipment has a different operating system,” Maletsky says. “Therefore, whenever a new device gets added, you need to blanket your network to try to block these things.”
If you’re concerned about network security and data protection at your Sacramento small business, CNS can help. Call us at (916) 366-6566 to talk about how we can improve your business security.