Cybersecurity and Your Small Business
Posted on 10/16/2018 by Fred Kenney
Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks. In a computing context, security comprises cybersecurity and physical security -- both are used by enterprises to protect against unauthorized access to data centers and other computerized systems.
Ransomware, spear-phishing, malware, drive-by attacks, DDoS attacks – the list goes on and on. All businesses are vulnerable to cyberattacks. According to a 2018 report by Hiscox Insurance, 47% of U.S. small businesses had at least one cyberattack in the past year and44% of those had two to four attacks.
Small businesses are less likely to have strategies in place to ward off attacks, detect them early if they do occur, and reduce the damage. And, they are less likely to be able to withstand the financial impact of a hack or breach. Small businesses can take steps to counter the ever-evolving threat of cyberattacks and become cyber ready. These steps are not overly complex or costly, and small businesses can significantly protect themselves by taking action.
Hiscox suggests a three-step process:
- Involve and educate all levels of the organization about cyber threats.
- Have a formal budgeting process and ensure cyber is a part of all decision making
- Institute cyber training during the on-boarding process and in an ongoing manner.
- Include intrusion detection and ongoing monitoring on all critical networks.
- Track violations (both successful and thwarted) and generate alerts using both automated monitoring and a manual log.
- Record all incident response efforts and all relevant events.
- Create a plan for all incidents, from detection and containment to notification and assessment, with specific roles and responsibilities defined.
- Review response plans regularly for emerging threats and new best practices.
- Insure against financial risks with a stand-alone cyber policy or endorsement.
There are some upcoming opportunities to address the first step- Prevention- through education on this topic.
On Friday, October 19, at 10:15 am, as part of TechJam, experts will present “Anatomy of a Data Breach,” a panel moderated by Attorney General T.J. Donovan. If your company has been compromised by a spear phishing attack, or by ransomware, what do you do next? In this workshop, organized by Vermont’s Office of the Attorney General, experts go step-by-step through a data breach scenario at a mid-size Vermont company and explain how to respond. The panelists will be:
- Jennifer Vander Veer, Cyber Crime Expert, Federal Bureau of Investigation
- Jerry Tarrant, Co-founder and Chief Operating Officer of MyWebGrocer
- Heather Roszkowski, Chief Information SecurityOfficer, UVM Health Network
- Jonathan Rajewski, Director, Leahy Center for Digital Investigation at Champlain College
- Matthew Borick, Attorney, Downs Rachlin & Martin
- Nick Sherman, Partner, Leonine Public Affairs
- Mindy Higgins Bero, Insurance Agent, Hickok & Boardman
- Ryan Kriger, Assistant Attorney General, Vermont Attorney General's Office
Tickets are free but you have to register. Find location details and sign up online: https://sevendaystickets.com/events/vermont-tech-jam-2018-data-breach
Then on Wednesday October 24, ACEDC, the Chamber and the National Bank of Middlebury are co-sponsoring “Is your data safe?”, a workshop to improve your cyber security. Gary Soucy, of Sage Data Security, will help you catch up on the latest threats to your organization’s cyber security and the steps you can take to protect yourself and your organization.
Some of the topics that will be covered include:
- Data Breaches
- Social engineering
- Internet of Things (IoT)
- How to defend yourself
Wednesday, October 24, 8:00 – 10:00 a.m.
The NBM Community Room
Breakfast snacks will be included
The workshop is free, but you must register: https://nbmvt.com/cyber-security-seminar/