You take pride in your company and have spent years building up your products, services, and reputation. However, one of the weak spots that occur in many small to medium businesses is the “it won’t happen to us” syndrome. When it comes to security breaches and cyberattacks, many smaller companies assume that the criminals are looking for the ‘big fish’ and that they won’t come after you. This assumption is incorrect, as the attacks on smaller businesses are on the increase and these wily and crafty people look to any access method, including and unknowingly through your own partner vendors.
In a 2014 Sans Whitepaper, sponsored by the security company, Symantec, they pointed out the importance of Know What You Have:
Being prepared to detect and respond to attacks and attempted attacks starts with knowing your environment, no matter how complex, as described in the first two Critical Security Controls. Getting full visibility into your environment is not as easy as it sounds. Automated tools such as Nmap provide some visibility into devices, systems and users on the network, but they may fail to recognize other entry points such as: Wi-Fi networks, virtual server instances, rogue web applications with access to the data center, printers or other devices with network access.”
While this may sound a bit like paranoia, in today’s business world, the top security companies advise you and your company to be paranoid, suspect everything and be diligent in having the right security in place. One of the critical elements that small and medium-sized organizations take for granted is the trust that they place in their partner vendors. Even when both of your IT staff members have talked things out and may be convinced that you are both safe in sharing or transmitting data, there is always a possibility for error.
A typical data exchange through an API may seem like it is safe enough. After all, there is a level of encryption in place and the proprietary or even customer data should be secure. However, if a cyber hacker has inserted malware and your partner is infected, the malware can be hidden and then transmitted to your company and potentially into your server. The ‘infection’ can happen so quickly and with very few symptoms that even trained IT professionals don’t discover the damage for long periods of time.
The more recent types of attacks in the last few years have been ‘ransomware’ that appears as though it is arriving from a valid email address and could be emulating one of your business partners. Once opened, there is an attachment that immediately takes over the computer, seeks out access to the network and encrypts all of the important files. The user then sees a display on their screen that alerts them to the fact that they cannot have access or the de-encryption ‘key’ until a specified amount of money is paid. (Usually Bitcoin, but some are now choosing PayPal cards).
Small to medium companies don’t have the budget to devote to the high-end requirements of top IT staff or to the type of monitoring and protection that is crucial in protecting your information as well as your reputation. But in this changing world of cybercrime, the answer is in aligning yourself with a professional company that can come in, work with your existing staff, accomplish a system analysis, makes recommendations to assist in the protection that you need and educates everyone on what to look out for. This is a company that stays on top of the constantly evolving requirements that are needed to keep your business safe. Choosing a professional security organization will allow you to focus on your success without the need for hiring additional IT employees.