Data or access to another organization’s data is what makes a target attractive, not the size of the organization. We hear it over and over – “why would a hacker target me? I don’t have any valuable data, plus my organization is small compared to X, Y, Z.” We are seeing more and more smaller organizations being attacked for a few reasons:

Less sophisticated security. Typically, small and midsized organizations often have less sophisticated cybersecurity; therefore, they are easier to breach and subsequently their client’s are too – depending on their level of access, which brings me to my next point.

Access to larger organizations. Often times, the best way to the information an attacker is targeting is through their vendors.

Automation. Cyber criminals now use automated attacks with little investment making it easy to target small to mid-sized organizations.

 

While not all small to mid-sized organizations have the security budget needed, we do have a few recommendations to improve the security posture of companies that won’t break the bank:

  1. Keep all software and applications up-to-date. Among the first things a hacker will do is evaluate any known vulnerabilities in your system. Out of date software, plug-ins, and applications are easily identifiable and a simple way to gain access to your network.
  2. Limit access to sensitive information. Evaluate your sensitive information. Who all has access to it and why? How many ways can it be accessed? Consider these questions and make the proper changes to limit the access to sensitive information.
  3. Educate employees. We cannot over emphasize this. Someone will always click. Hackers prey on the oversight and vulnerabilities of your employees.  Make sure to adequately train your employees. Encourage your employees to take caution and be more aware of malicious attacks. Train them in the common types of phishing scams and cyber attacks that are likely to occur on their devices. Conduct ’fire drills‘ by having your team push out unexpected phishing attacks to see if your training has worked. The key is to impress upon them the importance of their participation in being aware and cautious.
  4. Practice good password management. As cyber criminals become more sophisticated, it is important to practice good password management. Why give them the “keys to the kingdom” and make it easy for them to access you or your client’s sensitive information? Here’s my best tips for password management: http://blog.hornecyber.com/4-tips-for-password-management
  5. Know what’s on your network and the security implications of growing your attack surface. Although the growing mobility of employees, the growing number of connected devices, and the evolving Internet of Things can create improved productivity and increased operational efficiency, they can also decrease your level of security. Check out our latest blogs on securely integrating the Internet of Things and securing a mobile work force for our insights on these topics.

Be prepared. It's no longer a question of "if" but "when". It's no longer just about your data, but also about who else's data you have access to. Be sure you are taking the proper steps to secure yourself and your organization today. 

 

Subscribe to HORNE Cyber Blog

COMMENTS

THIS POST WAS WRITTEN BY Mike Skinner

Mike is the partner in charge for HORNE Cyber. His primary focus is to enable clients to fully leverage technology innovations by providing the insights critical to safeguarding their business, customers’ critical data and brand reputation. He is responsible for information technology audit, regulatory compliance, information security consulting, internal control consulting and business solution implementation.

Find me on: