These words represent a common mindset we hear from owners and IT professionals in small to medium sized business. It is troublesome, to say the least. It is easy to fall into a false sense of security with all of the high-profile news about big companies being compromised. But we at Alpine Cyber Solutions want to remind everyone that there are very important reasons to be vigilant in the defense of your network, no matter your size.
A primary attack vector for intrusion into a larger company is to take advantage of smaller partner companies that may not have the same standards as one would expect from a larger modern company. The “Little Guy” is an easy target for even the least talented script kiddies and Metasploit tinkerers. Once the smaller company has been breached, the attacker can take advantage of the company’s trusted relationship and connection with its larger partners to gain access. For the larger company, this means the possible loss of public trust, money, proprietary information, and more. They could be held liable by their customers and face potential lawsuits. While damaging, the large company has an advantage over the Little Guy – the resources to absorb a hit and move on. For the smaller company, these resources often do not exist. This could mean loss of business from a major money generator, high-cost lawsuits, and eventual bankruptcy.
Another reason for the SMBs of the world to be concerned is that fact that many of them also are custodians of casual or explicit sensitive information. If they have employees, they likely have personally identifiable information (PII) about their employees. Those same employees likely have healthcare. The employer may have protected health information (PHI) regarding their employees. If the company accepts credit cards and doesn’t have a fully outsourced solution, there may be some payment card industry (PCI) data sitting around. All of these are juicy nuggets from which the bad guys can make a few bucks.
So what’s the little guy to do?
It doesn’t have to be expensive. But it is an expense. And it must be treated as a requirement rather than a “nice to have”. Alpine recommends taking some necessary steps to making sure that you can stay ahead of the bad guys without breaking the bank. Security and vulnerability assessments are invaluable when it comes to giving you information about your environment. A good cyber security assessment will find the holes in your defenses, including how your employees view applications on your network, poor firewall rules, loose content filtering, lack of spam filtering, and more. (Editorial note: Don’t fall for a slick vendor pitch that ends up just being an automated vulnerability scan of your network. They’re good, but that is only one component of a complete assessment. Demand more for your money.) Going deeper, you can order social engineering and penetration testing to simulate an attack. Not only will you learn how you can be infiltrated but also what type of data is vulnerable.
There are also some easy architectural steps you can take. Activate the advanced security features of your firewall (even if it costs a few dollars per year). Enable a password on your wireless router. Change the password on your wireless network regularly. Don’t write the password on a white board. (It’s need-to-know information!) Consider filtering your network by MAC address. Consider moving your computing to a cloud provider. Properly configured, a VPC at Amazon Web Services will be more secure and cost less than a comparable environment on your premises. Talk with a credentialed Security or Solutions Architect. They can help you find the best value for your money and get you into a better defensive position.
In the end, there’s always residual risk. Cyber insurance is one way to ensure that you address the remaining bits. Even the most secure network can be penetrated. Even the most secure company is vulnerable. You can pay down that remaining risk by getting a good comprehensive insurance policy to help deal with the financial implications should they arise.
Attackers will take the path of least resistance to their end goal. If you make it hard for them to get in the door, they’ll move on to the next target. Strive for hard enough, and you will likely stay out of trouble.