Interview with Capstone IT’s Chief Technology Officer Matt Topper on why small- and medium-sized businesses are more susceptible to online threats
Mention drug lords and the names that come to mind are Joaquín Archivaldo “El Chapo” Guzmán Loera, Pablo “The King of Cocaine” Escobar, and Griselda “The Black Widow” Blanco, among others. All three were powerful drug traffickers who murdered a lot of people and amassed billions of dollars while in business. Except for El Chapo who is awaiting sentence, these personalities met brutal deaths.
However, the billions that drug cartels made are nothing compared to the earnings of today’s cybercriminals. By 2021, cybercrime is expected to cost the world $6 trillion yearly, making it more profitable than the global illegal drug trade, according to data provider Cybersecurity Ventures.
The FBI says the cybercrime epidemic has grown out of proportion and it’s not so far-fetched to think that the personally identifiable information of every American has been stolen and is now on the dark web. One reason for this is that the rate of internet connection is far outpacing our ability to make it safe.
As we enter the world of smart TVs, wearables, and appliances, cybersecurity firm BeyondTrust says the damage that cybercriminals make is expected to go higher since those devices are not protected and can easily be exploited.
Knowing this, how can small- and medium-sized businesses (SMBs) protect themselves from this growing threat? What can they do to avoid losing important data? For answers to these and other questions, we turned to Matt Topper, Capstone IT’s CTO.
Here are excerpts from that interview:
Why are SMBs vulnerable to cyberattacks?
“SMBs are especially vulnerable to cyberattacks because the need for security doesn’t necessarily scale with the size of a business. Small businesses are vulnerable to the same threats as larger ones, but often lack the resources to fully implement network security. Additionally, SMBs may lack the expertise to make informed policy and configuration changes in response to emerging threats.”
What data are most cybercriminals after and why?
“The most valuable information is anything that a criminal can sell or sell back to you.
Criminals steal personally identifiable information, such as a person’s birth date, social security number, and address, to illegally access credit cards or other accounts. From businesses, trade secrets or customer lists may be sold to competitors or released outright. If a criminal accesses personal photos or correspondence, that data might even be used for blackmail.”
What factors hinder an SMB’s ability to mitigate cybersecurity vulnerabilities?
“SMBs often lack both the resources and expertise to properly mitigate vulnerabilities — or to even enumerate them. Internal resources are so busy with day-to-day activities that there isn’t time to focus on security. Important security tools for vulnerability management, log aggregation, and auditing may not fit into an SMB’s budget. But the necessity of those tools doesn’t decrease to match the budget.”
What is an SMB’s most vulnerable area of concern when it comes to cybersecurity?
“The most vulnerable area of concern for cybersecurity is the internal threat. That doesn’t necessarily mean that employees are actively trying to compromise an employer’s network (though they might), but that these people are susceptible to assisting a cybercriminal accidentally. From clicking on malicious links, plugging in infected USB drives, to divulging configuration details over the phone, a trusted employee can be a cybercriminal's best assistant.”
How can SMBs protect against internal threats?
“Train employees to recognize threats and limit access to data. Not everyone is able to recognize how to identify an email that looks like it comes from their bank or from eBay, but everyone should know to forward the message to IT if unsure. Training also helps employees recognize signs of social engineering and explains the dangers of plugging in an unknown USB drive or connecting to an unknown network.”
How can companies limit the potential damage?
“Capstone suggest implementing least-privilege access policies. That means securing data such that only employees with a legitimate business reason to access data have access to it. Aside from the confidentiality benefits, least-privilege serves as a way to limit damage. If someone in the marketing department accidentally clicks on an email link and becomes infected with ransomware, the files in the Finance department are safe from infection.”
What else should SMBs do to protect themselves and their data?
“One of the most important security measures for SMBs to take is properly securing remote access to their networks. While convenient, remote access mechanisms often lack adequate security to defend against attackers scanning the Internet. If you connect to a terminal server or office PC, protect that connection with a VPN. Make sure that multi-factor authentication is enabled on web portals.”
What about the data itself? Do I need to encrypt everything?
“We recommend encrypting mobile devices that store company data, such as laptops, even if not required by regulatory compliance obligations. Knowing that a machine is encrypted means that the cost of a lost or stolen laptop is just replacing the laptop, rather than a potential release of corporate data.”
To protect SMBs from cybercriminals, Topper recommends the following:
- Train your employees — Employee training isn't just understanding how to identify forged emails. It includes policies, handling security incidents, and encouraging safe online behavior and password best practices.
- Set up and implement stringent security policies — Develop and enforce policies that meet a client’s security goals and regulatory compliance requirements. Organizations covered by the Health Insurance Portability and Accountability Act (HIPAA), for example, are required to ensure the security of private records with a combination of advanced encryption systems, threat prevention tools, and backups.
- Monitor the network — Do this regularly to check for abnormal behavior, access pasterns, and vulnerabilities that may result in a breach.
- Ensure perimeter security and access restrictions — Firewalls and intrusion prevention systems must inspect all traffic for viruses and intrusion patterns. It's also important to give each user the bare minimum access privileges necessary to perform their jobs to prevent unauthorized access and use of key systems.
Beat cybercriminals at their own game by partnering with a trusted company like Capstone IT. We specialize in managed IT services, employee security training, IT support, cloud services, and backup and recovery solutions. Our right-fit technology has helped many small-business owners in the Rochester-Buffalo and West Palm Beach-Treasure Coast areas. Call us today for a safe and secure online experience!