As a small- or medium-sized business (SMB) owner, you must have read countless tips on how to protect your IT systems. You may have been told the same pieces of advice above — these may all sound cliché, but they’re actually good advice.
At Online Computers, we tell a version of these tips to our clients in Hanover, Morristown, and Madison who consult us about designing or improving their IT security systems. But whenever we do, we also give them considerable advice on the following security issues, which are often easily overlooked.
The best defense is a good defense: Threats exist in the technology you use daily
They may be referred to as Living off the Land (LotL) attacks. These attacks use tools and applications that are installed on the target’s computers instead of conventional malware tools, which most anti-malware solutions can easily detect.
What makes LotL attacks particularly dangerous is that solutions like firewalls aren’t enough to stop them. They’re essentially file-less malware that can “live off” your systems for long periods, undetected. They also create very few or zero files to infect an entire system, making them tough to remove.
Such attacks can be launched via systems like Microsoft’s PowerShell, a framework that gives users a way to automate a range of tedious tasks done through its scripting interface. For example, an attacker may utilize PowerShell to change access privileges, move files across different locations, and perform other malicious activities.
The best defense against LotL attacks is — you guessed it — a good defense. Here’s how to build stronger defenses:
- Regularly patch software – Update or patch any software or system as soon as updates become available. Any unpatched software or system opens your entire IT network to a range of vulnerabilities that can cause system-wide damage.
- Inventory all applications – Businesses of all sizes use 26–124 applications on average. Whether you’re using 10 or 100 apps, it’s imperative to keep track of all of them so you can ensure they’re patched and updated on time.
- Update your security awareness training program – Your staff may already be well-versed in spotting phishing scams, so you need to educate them on more sophisticated attacks. Enhance your organization’s security awareness programs by integrating more complex topics into your curriculum. Train employees to identify anomalies running in the background of their computers’ operating systems (e.g., Windows) so that they’ll be better able to detect malicious actors.
Leave nothing to chance: Crimeware-as-a-Service (CaaS) is a bane to SMBs
By 2021, cybercrimes are predicted to cost businesses worldwide $3 trillion. The rapid growth of this industry can be attributed to the fact that both expert and novice criminals utilize Crimeware-as-a-Service (CaaS).
For one, amateur cybercriminals with access to the dark web can now obtain tools to launch their own cybercrime business with ease. There’s no need to do everything themselves, as there’s a wide range of tools that they can purchase. And compared to robbing a bank, the risks of getting caught are smaller.
Scammers can leverage CaaS by hacking into small businesses’ websites and offering translation services to other scammers to hack into foreign victims’ systems. They may also look into CaaS providers to gather data to be used in determining when to exploit zero-day vulnerabilities or rent out platforms to host botnet and distribute malware.
And with CaaS, scammers are unburdened by geography, i.e., they can attack any business anywhere in the world. Considering the far-reaching scope of cybercriminal operations today, you would be well served to tighten your security policies.
Expect the unexpected: Internal threats can be disastrous
There are two types of internal threats that may harm your business: 1) malicious employees who deliberately compromise your systems; and 2) employees who accidentally leak data, click on a link on a phishing email, and commit other errors that could jeopardize the company.
One way to prevent succumbing to internal errors is to restrict access rights and privileges. An employee who clicks on malware-infected spam does not damage one but potentially all computers connected to a single network. Implement a network segmentation policy in which traffic coming from one network is controlled to help curb the spread of malware in the event of an actual breach.
Better safe than sorry: Outside help is widely available
Threats will continue to grow in number and complexity. As a small business owner, there’s only so much you can do to fight them all. Don’t forget that outside IT expertise is available.
Regardless of whether you have an IT team that oversees IT security or simply rely on employees to observe security measures, it’s best to augment your existing capabilities with IT security experts who can fortify your company’s security against numerous threats.
Our tech specialists at Online Computers will give you not just well-worn advice but expert IT security recommendations, robust backup solutions, and proactive technology monitoring. In the fight against cybercrime, your small business doesn’t have to go it alone. Get in touch with our IT solutions provider today — call us at 862-206-7355.