By Andy Kriege, YSN
This week’s cyberattack on the largest fuel pipeline in the U.S. has shown that ransomware can pose a critical risk to national infrastructure.
But many owners of small- to medium-sized businesses like yours often falsely believe that their company is too small for hackers to target. Nothing could be further from the truth, as approximately 28 percent of all cyberattacks involve a small business.
The pipeline is now just getting back online but has affected the lives of millions of people on the East Coast and caused the rest of the country to sit up and take note of this ever increasing and menacing threat. Cases like Colonial Pipeline demonstrate how important it is for all businesses in all sectors, including yours, to focus on not only preventing attacks but also ensuring that you are able to recover from one should your best efforts to protect yourself fail.
Cyber criminals encrypt the contents of the victim’s computers, making them unusable until a payment is made, at which point the hackers promise to give the victims a decryption key to regain access. Victims often pay all or part of the ransom because they have no backup copies of the infected systems or because the cost and effort required to restore their systems is prohibitive.
While precise data on cyberattacks are often difficult to come by, security experts and cybersecurity officials have estimated the overall toll on the U.S. economy registers in the billions annually. Plus, the relatively recent invention of cryptocurrency has made ransom demands easier to facilitate and nearly impossible to track.
And independent appliance dealers are clearly not immune. Two years ago, The New England Appliance & Electronics Group (NEAEG), a BrandSource affiliate, suffered the ravages of a cyberattack. The group’s servers were breached via a phishing attack that nearly crippled the movement of millions of dollars in consumer goods through their warehouse. The cascading effect could have had a devastating impact on the group’s members had NEAEG not reacted quickly. The group was forced to conduct business entirely via manual systems, and afterward had to go back and re-input massive volumes of data. It took a full three months to return the operation to normal.
NEAEG’s COO, Brian Bowen, could not emphasize enough the importance of education and preparedness. “I thought we were doing everything we needed to do, and it still wasn’t enough,” he recounted. “We now do a ton of education with our employees and also have enlisted the services of a company that probes our systems and staff constantly.”
In addition, “We have adopted a number of procedures including multiple backups, and software that monitors network traffic to help protect us in the future,” Bowen said. “This attack cost us an untold amount of time, money and grief. Don’t be the next victim if you can help it.”
One of the first things you must do to protect your business is to educate yourself on the ways attacks most commonly occur. While there are many methods and means of attack, the two most common forms small businesses are vulnerable to are malware and phishing.
Malware, or hacking, is extremely common and something that every business needs to be aware of. It includes all types of malicious software, such as worms, viruses, ransomware and spyware.
Like malware, a phishing attack may target you or your employees. It consists of fraudulent communication that looks like it was sent by a reputable source. These types of attacks are usually orchestrated via email.
Implement a Training Program for Employees
Employees are one of the most exploited vulnerabilities of your business. The right cyber defenses are dependent on ensuring your workforce is vigilant and fully trained on what to do to prevent an attack, and now is a good time to implement a program that teaches them how to protect their devices.
Consider the following when setting up your defenses and training your staff:
• Determine all your vulnerabilities
• Install a firewall for network protection
• Use strong passwords
• Protect and regularly back-up all data
• Use a VPN (virtual private network)
• Increase e-mail security
• Activate spam filters
• Keep your software up to date
• Secure your business Wi-Fi network
• Protect payment processors and keep them up to date
Protect Your Data as if Your Livelihood Depends on It. Because it Does.
Protecting your business’s data is an absolute necessity. Remember, all data is valuable, which means it is up to you to take steps to protect all the data you have. Do whatever is within your means to put the proper safeguards in place to best ensure your company data is never compromised.
While it’s easier said than done, reducing your risk from an attack is a responsibility that must be shared by everyone who has access to your company. It calls for increased general awareness by all users; beefing up security measures; and, most critically, having the right response plan in place.
The pipeline attack is a stark reminder of how connected our world is now, and how vulnerable all of us are. It is crucial to have a plan to educate yourself about your vulnerabilities, maintain proper backups, and be able to quickly take your systems offline and restore them later should you unfortunately become the next victim.
BrandSource, a unit of YSN publisher AVB Inc., is a nationwide buying group for independent appliance, furniture, mattress and CE dealers.