The WannaCry ransomware made the headlines not just because of its scale, but because of the high-profile nature of its victims. Yet, more often than not, it is small- and medium-sized businesses (SMBs) which are often targeted with ransomware.  Cybercriminals target SMBs because it’s not a fair fight.  SMBs rarely have the resources or manpower to stay ahead of the threat. Furthermore, the downtime experienced after an attack can be crippling. Large enterprises have the resources to endure the cost of not being operational for a few hours or longer, small businesses don’t have the same ability.  According to Canadian Security Firm, CGI, "(Victims) tend to be small-to-medium-size companies — folks who don't have access to security resources, folks who don't have a security provider, and therefore they're generally not aware. For the vast majority of small-to-medium businesses that is the case".  

 

Digital Integrity Critical for Small and Medium Businesses

“Cyber criminals don’t discriminate,” warns Gary S. Miliefsky, founder of SnoopWall Inc., a counter-intelligence technology company. “In fact, cyber criminals find SMBs easier targets because their defenses are often not as advanced as those of larger businesses.  Miliefsky says there are several “must-do” best practices, on top of employee education and practices, for increasing cyber security in your small business:

  • Create corporate-security policies and make sure all employees commit to them.

  • Train employees in key areas – acceptable use, password policies, defenses against social engineering, and avoiding phishing attacks.

  • Encrypt all records and confidential data to be more secure from cyber attack.

  • Perform frequent backups and keep a copy of recent backup data off premises.

  • Test backups by restoring your system to make sure the process works.

  • Carefully screen potential employees to reduce the risk of a malicious newcomer.

  • Defend your network behind your firewall – and make sure you can block rogue access. You don’t want the cleaning company plugging in a laptop at midnight!

  • Deal with the bring-your-own-device dilemma by standardizing security protocols

© 2017 Asia Center for Digital Integrity