Skylink’s Jacob Ackerman Reveals:
Biggest Cyber Risk to Small Businesses
Recently, Skylink Chief Technology Officer Jacob Ackerman led a discussion at the Greater Fort Myers Chamber of Commerce Executive Roundtable on Technology Security. The information he imparted is crucial to business owners. In today’s digital age, we all should be concerned about keeping our systems, data, and programs safe. After all, 80% of small businesses experience a data breach within 2 years.
What most individuals don’t know is that the biggest threat to businesses’ cybersecurity today is their own employees. Below are a few of the points Ackerman made, as well as how businesses like yours can mitigate your risks.
Why the Biggest Risk to Cybersecurity is People
When it comes to cybersecurity, people are the biggest risk and its biggest target. Because there are many digital defenses available, such as firewalls, people have become the easiest source of entry. Most of the time, we don’t think about how our actions can harm our digital security, but what some consider every day habits may very well be the thing that puts your company at risk.
For example, hackers can obtain sensitive security information by:
- Employees leaving sensitive passwords or login information on post-it notes stuck upon the desk, PC, or work area
- Hearing or recording sensitive information divulged in casual conversation
- Capturing keystrokes, logins, or information via subtly angled cameras
- Employees “going rogue” by using cloud based solutions on their own
- Employees accidentally downloading malware onto a company device
- Individuals accessing sensitive information on open networks
- E-mails leaking with sensitive information enclosed
- Spearfishing: the act of a hacker impersonating an individual or posing as an IT professional to glean sensitive information out of a targeted individual
- Storing information on a cloud service that has insufficient protection against hacking
How to Protect You and Your Business from Cyberattacks
The good news is that there are several ways you can go about protecting your business from cyberattacks caused by information leaked through internal sources. Here are a few of the tips Ackerman imparted:
- Have common sense password polices. Forcing employees to reset their passwords too often only decreases security. A good practice is to force password resets a minimum of every 90 days. Forcing employees to frequently change passwords will lead to what I call “the sequential password”, which is the same password followed by the number 1, then followed by a 2 on the next password change, then 3, 4, etc.
- Don’t let employees write down passwords. Whenever passwords are left on paper, even if they are stored in a drawer or under a keyboard, you leave it available to be accessed by unwanted individuals. Just like you shouldn’t leave your credit card out or unprotected, neither should passwords be left in a place that makes it easy for it to end up in the wrong hands.
- Implement dual factor authentication. Dual factor authentication requires something you know (a password) and something you have (cell phone, security token, thumb print, etc.). If you use online banking, chances are you’ve already seen this in action. It can effectively shut down multiple avenues of attack and if offered by your providers, use it.
- Survey your surroundings. Do a walk-around to see what individuals can see from outside windows or through doorways. Make sure that sensitive information or screens aren’t left visible and vulnerable. If you’re a business open to the public, enter your facility and interact with employees as a customer would. Can a customer see sensitive information such as usernames and passwords, patient information, credit cards, social security numbers or other protected information?
- Protect sensitive emails with encryption. If you must send sensitive information via email, consider using an encryption tool. For example, Microsoft 365 has an encryption tool that ensures after an email is viewed once, it cannot be viewed again.
- Always have a solid backup plan. Follow the 3-2-1 rule. You should have 3 copies of every piece of data, on at least 2 different sources of media, 1 of which is offsite. Having solid backups can protect you from a fast growing form of attack called Ransomware, which is a malicious program designed to block access to your data until money is paid.
These are just a few ways that you can protect your business and its cybersecurity. Skylink Data Centers specializes in data center and cloud services that are dedicated to keeping your data safe and your business up-and-running.
To learn more about our services, give our business a call at 239-403-2950.
To read more about Jacob Ackerman’s advice on cybersecurity, check out this online article by Rasmussen College.