Many of the cyber threats that small businesses and larger organizations face are the same. Researchers ranked the incidents most likely to cause more than 24 hours of downtime and found ransomware and targeted attacks consistent across all organizations. However, Small to Medium sized Businesses (SMBs) are most likely to be taken down with ransomware, stolen credentials, phishing, spyware, and mobile malware.
Ransomware attacks are inevitable for SMBs because the operators behind these attacks are continually looking for new targets and taking advantage of unpatched or poorly secured networks. In a recent survey conducted on 500 C-suite executives of SMBs, nearly half have been victimized by ransomware and almost 75% of those victimized have paid the ransom. These threats are on the rise as organizations continue to work remotely. Because of this, large corporations, like NASA, have asked their employees to keep their personal digital services separate from those they use for work to ensure protection of their remote workers as best as in office. Most SMBs don’t have the luxury of taking these same actions.
Pandemic-themed cyber threats will continue to threaten SMBs. For example, the $2 trillion CARES act, passed by Congress in March, set aside $349 billion worth of loans for small businesses. Under the program, small businesses may apply for loans through the Small Business Administration (SBA). The SBA did not initiate loans, nor did it require information already provided in the application. The feds are warning that anyone asking for money is “not legitimate, nor are emails that end in anything but ‘.gov’.”
So how can SMBs counteract these threats at the same level as large corporations without the same resources? While there is no possible way to stop these threats from occurring, there are updates SMBs can take to establish a cybersecurity focused remote work environment.
Incident Response and Disaster Recovery
If an organization is compromised, immediate remediation is top priority, but it should never be in the form of paying a ransom. With appropriate backup and disaster recovery in place prior to a compromising event, an organization can quickly restore its data or spin up its operations to restore services. In addition to appropriate technological updates, it is also important to consider updating Incident Response and Disaster Recovery Plans to accommodate a remote work environment. Incident response planning is an essential part of any company’s cybersecurity plan, and is even more important when employees are dispersed among different networks, locations, and devices. We recommend making the following four updates:
- Include both work and personal contact information for primary and secondary team members.
- Schedule a Lessons Learned meeting to discuss changes that need to be made internally and remotely to address cyber threat weaknesses.
- Add employee remote locations to your current test sites and security assessments.
- Individually review each remote location to ensure that proper technological and security requirements in compliance with your policies and procedures. Check out our guide for assistance.
Cybersecurity Employee Awareness Training
Or as we like to call it “CEAT”, is especially crucial when your work force is remote. When designing and building an effective security awareness and training program, the people element is inherently the focus. A shift to remote working demands security awareness and training programs quickly pinpoint an active people-centric strategy to address the needs of changing environments and user populations with different objectives, triggers and learning styles.
The change from in-office to remote working means organizations are opening up or extending their traditional corporate boundaries to home networks. To threat actors, this means their attack surface area is significantly increased, and is now easier to influence insiders to make mistakes. To help combat this risk, organizations should remind employees that they are not in a secure shell where all the necessary protections are in place for them. Awareness and adherence to good cyber-hygiene practices declines over time, making it vital that training is delivered and maintained regularly.