Understanding Business Cyber Risk is No Longer an Option
When we tell you that your network security is important – it is because business cyber risk and your fiduciary responsibility has exponentially become greater in even the last few years. At Network Medics, we deploy a layered security solution with all of our clients on all devices. From encryption to comprehensive disaster recovery plans, Network Medics business network solutions provide our clients best-in- class protection. But enough with the commercial.
Unfortunately, no company is fully secure, no matter how sophisticated its cyber risk defense mechanisms. Although there are a tremendous amount of cyber risks, I have chosen to review the following as they are common vulnerabilities that can be easily mitigated with good processes in place:
Cyber Risk 1: Social Engineering
Whether it’s a spoofed email, phone call, or download link, social engineering is a researched and effective tactic to get you to give up confidential information. Social engineering not only can affect you, but can affect your business if proper permissions, network monitoring, and processes are not put into action. Read More about Social Engineering…
Cyber Risk 2: Poor Password Policy
Even with all the technology advances in recent years, a bad password policy is still the main culprit when it comes to network security breaches. Passwords like lefsa, donjuanthedog, and Password1 are just not going to cut it anymore as they can get hacked in a matter of minutes. Read more about password policy…
Cyber Risk 3: Poor Folder Permission Policies
Similar to a poor password policy, many small businesses do not know who has what access to what folder on their network. It is a cyber risk – esp. if you find everyone has access to a human resources folder that they shouldn’t have as well as they can get to company data from anywhere.
Cyber Risk 4: Disgruntled Employees
If things didn’t end well with an employee – do you have a process in place for an employee exit? Without that, not only can they hijack services like domain registration or email, but they could copy and sell company data, email all of your customers at once, or long after they have exited do damage once you feel you have forgotten about them. It is a cyber risk most often overlooked in our experience.
Cyber Risk 5: Devices and Flash Drives
It is very common for a small business to not have any security in regards to USB flash drives, laptop hard drives, or external hard drives. Even the military was hacked due to this once. Whether its an infected drive they have brought to work or their hacked phone – devices without any security protocol can allow malware and hackers to get onto your network.
What do you do?
An effective cyber risk management strategy starts with a complete mind shift change. As I stated, ignorance to your network risk is no longer an excuse. A strategy includes a sound understanding of the range of persistent cyber threats, a thorough assessment of their potential impact, plans for both cyber risk prevention and response, as well as a management approach that reﬂects the role of all employees – from the boardroom to the backroom – in implementing a strong cyber defense.
To combat cyber risk and threats, you need a mindset that every business owner is in this together in an urgent fight against a common enemy. Find a strong business IT partner (like us), make sure this topic is always on the docket, and verify your responsibilities are covered. Cyber criminals are the hidden enemy, operating behind the scenes, inside our organizations, our beloved devices – and very difficult to stay away from.
As my grandmother used to say – “doing nothing is doing nothing.” When I heard that it meant to get off my rear as I’m just waiting for failure. If you just sit there, your cyber risk is running unchecked and is potentially catastrophic. Give it the attention it requires.
As always, if you need help with your cyber risk assessment and consulting, never hesitate to reach out to see if we are a good fit.
Partner of Network Medics
Minnesota Business IT Consultant