While we’ve all heard about cyber security, many small companies still assume that this really only applies to personal identity theft and mega-corps. Sadly, that is far from the truth. While the recent attempt to bribe a Tesla employee with $1m made the news, small business continues to be a major target for a variety of cyber attacks. 70 % of cyber attacks target SME’s, and the average cost of a breach is almost $400K. Of those small companies breached, 50% will become unprofitable within a month.

That’s scary. PQA has been doing a LOT of reading and networking on this topic recently. Here are a few good places to start: NIST 800171, NISTR 8183, CMMC, Sans.org/security, CrowdStrike.com.

Basics we should all know:

• Malware-free attacks have increased to over 75% of cyber attacks in the US. (A malware attack is a malicious file that is written to disk, and should be caught by your virus protection. The more sophisticated malware-free attack uses a code which executes from memory or where stolen credentials are leveraged from remote logins.)

• Breakout time is measured in hours. (This is time from entry into your device to achieving the actual goal of the attack)

• Manufacturing is now in the top 7 sectors affected by ransomware. And data leaks if ransoms are not paid have affected small business to Fortune 500 conglomerates. This is why the government encouraged NIST 800171 adherence and is now launching CMMC certification.

What should we ALL be doing?

• Review current remote access points, and make sure access is monitored and restricted. (For instance, email, remote worker and vendor logins, phones, tablets, etc.) Protect identities: Use multi-factor authentication for all passwords business and personal, to limit unauthorized use of remote access, external applications, and sensitive internal applications.

• Do regular scans and quickly patch vulnerabilities.

• Implement user awareness programs around phishing, and social engineering scams. Teach staff to verify not just the sender but also to verify an attachment’s source by hovering over attachments before they click on them. Email thread hijacking and macro-enabled documents are easy transporters for malware.

• Have a set of emergency procedures that helps your tech security team quickly stop attacks from gaining hold (host containment, firewall change requests, and revocation of account privileges).

• Leverage the protection you already have. Insist that tech support has configured and deployed the controls available within your system. Automated monitoring allows security teams to quickly pursue the 1-10-60 rule. (Detect intrusions in < 1 minute, investigate threats in < 10 mins, and contain/eliminate the attack in <60 mins.).

• If you outsource your IT support, you should be receiving regular updates on security status and monitoring effectiveness. Ask your IT lead what the compliance plan is for CO HB1128 and NSTIR-8183, and CMMC. The speed and thoroughness of their response will help assess where your company stands.

Final thought: Not addressed this yet? Start NOW.