A Layered Cyber Defense That Works For Small Business

According to CNBC, 43% of cyberattacks target small businesses, and the average victim of these attacks will end up paying $200,000 to clean up after a successful attack. When you have 10-30 employees, and some months it’s hard to make payroll, that’s money you cannot afford. But the damage doesn’t end there. Regulatory fines, public relations nightmares, opportunistic competitors, hindered productivity, and lost revenues all add insult to injury.

You might think a successful breach is rare. But over 50% of small businesses say that they have experienced a breach in the past year. Those aren’t odds any business leader would take lightly. Cybercriminals are getting sophisticated. They’re connected to major criminal organizations and each other. Given the increasingly complex nature of this threat, even the smallest of businesses must have a layered cyber defense set up around their business. And because small businesses naturally have fewer resources, that layered system must be streamlined, practical, and cost-effective.

What does this kind of layered cyber defense look like? It has these ten components.

#1 - Dark Web Monitoring

Nearly 50% of the internet is hidden in the shadows and can only be accessed through specialized and well-guarded software and other safeguards. Here criminals do business on the Dark Web, a credit card number can be bought for as little as $9. Access to someone’s payment account with Venmo or Paypal, that’s just $270.

And yes, they also sell employee credentials here. Email passwords, server logins ins, cloud computing credentials for both small businesses and ones everyone knows. All someone with some know-how has to do is pay the price and then use that information to target your business. It happens all the time.

To make matters worse, when a password is compromised, it rarely gives access to only one account. Despite security precautions that advise against using a password on multiple accounts, many people do. So a password for your employee’s Pinterest account could also be the gateway into some of your most critical systems. 

With this information, criminals can now do things like this:

  • Pretend to be you or someone else in power and make a request that an employee wire money
  • Ask a client to redirect payment to a new account.
  • Work their way up your tiers of security to get credentials belonging to more critical people within your organization.

Real-time Dark Web monitoring scours the shadows of the Internet where criminals do business with each other online. We can then automatically alert you when credentials associated with your company are found here, giving you or the employee time to change credentials, block access, or take other steps with your IT team to secure systems and data.

If the criminal element has already tried to use those credentials, other layers of your cyber defense are in place to reduce that damage.

#2 - Managed 2FA 

This is two-factor authentication managed through the cloud. Have you ever seen those top-secret research facilities in a movie where two people have a key, button, or scanner they must activate at the same time for a door to open? Managed 2FA is a lot like that.

A one-factor security system such as a single password, pin, key, or scan is no longer enough. It’s too easy for a criminal to get that one password and get into your system. 

Not only is the average password too easy to crack with just a little investigative work. We already mentioned that employees often use the same password for other accounts, including websites that have meager security.

Now, all a criminal has to do is break into a low-security site, steal the password, and use it on your system. But since you have layered cybersecurity defense, they are stopped in their tracks.

And layered security doesn’t have to be time-consuming or cumbersome. Employees can quickly verify their identity through a message sent to their phone–no tokens to manage or extra employee security information to install.

#3 - End User Privilege Management

Let’s face it! You wouldn’t give every single employee or contractor a key to your business’ front door. So why would every person who works for you have the same level of access or ability when it comes to servers, systems, cloud computing?

Only give employees and contractors as much privilege with workstations, servers, and software as they actually need to do their job. That’s a layered defense in action.

Endpoint Privilege Management allows for the remote and secure management of privileges for every employee and contractor without making those users jump through unnecessary hoops to get the access they need. As roles change or employees need new access, it can be easily updated, and you can see who has access to what all in one place. 

  • Give only certain employees the ability to approve downloads to prevent an end-user from downloading a virus or malware or put all downloads through an approval process before they take place
  • Limit an employee's ability to mess with more advanced settings on their local workstation
  • Reduce the chances that employees have the ability to do something that could compromise your data or give criminals access

#4 - Endpoint Protection 

Also called endpoint security, this layer describes those areas that the end-user (employees) or malicious entity could access, upload, and download data, including:

  • Phones
  • Laptops
  • Desktops
  • Internet of Things IoT Devices
  • Tablets
  • Servers
  • Virtual environments

Endpoint protection includes security solutions such as anti-virus, ransomware protection, spam filters, and various cyberattack prevention tools. It also includes real-time monitoring of these endpoints to identify a possible breach and neutralize it quickly.

Criminals know that the endpoint is the most vulnerable link in your security chain because you rely on your employees to follow safety protocols like reporting phishing emails and using strong passwords. As much as you may trust your employees, they’re people. And people make mistakes, fail to act mindfully, and sometimes completely disregard security rules you’ve put in place. Many fail to realize the risks of their actions.
You need additional safeguards to account for this. That’s what endpoint security delivers. Endpoint security helps businesses avoid compromised data, damaged customer relationships, regulatory fines, and lost productivity that would happen if that cyberattack were successful.
Because of the complexity of the modern cyberattack, endpoint protection must be able to:
  • Identify and stop sophisticated attacks
  • Contextually understand the subtle nuances that attackers exploit to gain access
  • Streamline security so that you're not killing productivity to stay safe. That's never a good solution.

#5 - DNS Protection

DNS or Domain Network System is the technology that translates a website address that a person can remember, like ebay.com, into the string of numbers that represent that website address but would be harder for the average person to remember. Malicious criminal enterprises often attack small businesses by tampering with, circumventing, or altering this process. So you need commercial DNS protection as yet another layer fortified between your business and those who wish to do you harm for their own profit.

Commerial DNS filtering provides:
  • Secure and available connection to the Internet for your website
  • A filter of all requests through a tamperproof checkpoint that security systems can control and monitor
  • An environment that keeps your organization's traffic private so that criminals can't hijack the process or use that information against your company or customers.
  • Transparency, so you know who is trying to access various locations to compromise protected data or overload the system
  • Flexible tools to manage guest/public WiFI networks with less risk to your company, employees, and customers
  • Protection for company devices and access regardless of where employees connect when using your secure VPN (Virtual Private Network) or a local DNS agent
  • Integration with other security technology so that everything works together

#6 - Security Awareness Training

70% of breaches come from an outside entity. But around 93% of the time, that criminal tricks your employee into helping them get what they want.

In these phishing attacks, Criminal A tries to get Employee B to click on something that either starts a download or prompts the clicker to share their credentials with who they think to be a trusted source like Microsoft. Downloads can typically be stopped. See Layer #1. But if an employee genuinely thinks they’re logging into your company’s cloud, but they’re really on a spoof site, you now have a serious problem.
And Criminal A doesn’t just target Employee B. They target all of your employees using various tactics until someone falls for it.
So your people are your first line of defense against cyberattacks. A well-informed and trained workforce that feels invested in your organization’s security will ward-off numerous would-be breaches simply because employees are equipped to spot and address risks.
A well-constructed security awareness training:
  • Is proven effective. A strong training program can reduce your risk by 90%.
  • Provides ongoing training. Threats are constantly evolving, so security awareness training must keep employees aware of techniques and tools criminals use today.
  • Meets regulatory compliance with HIPAA, SEC, PCI, FINRA, GDPR, and other regulatory acts and bodies
  • Provides real-world testing so you can see how employees respond to simulated phishing scams
  • Participation tracking so you always know who has completed training and how they are performing when it comes to protecting your company.

#7 - Internal Threat Hunting and Remediation

You understand the value of strategic planning. So do criminals. They employ their vast knowledge of security products and detection methods. This allows them to sail underneath the radar, so you won’t always get a convenient popup “you have a virus” when they’re in.

They may use malicious code inserted into third-party software, as appears to be the case when the recent 2020 SolarWinds Hack that infiltrated government agencies and Fortune 500 companies alike. They know all the backdoors and how to disguise what they’re doing. Once a criminal has a foothold, they can access and manipulate systems for years undetected.

Those who hunt these evasive predators must be just as clever and vigilant. They need to recognize even the most subtle signs of infiltration. These hunters combine machine learning technology with good, old human detective work to quickly identify and reveal these bad actors so that you can take steps to eliminate their access.

When building a layered cyber defense, it’s critical to have this level of monitoring.

#8 - Office Protect

Before tools like Office 365, having employees working remotely meant delayed communication and isolation. The anywhere accessibility these tools make possible brings people together. They can log in from multiple devices to access projects, tools, and data. But it also increases the risk that someone else could access information through an employee’s account. 

Given the importance of Office 365 to your business, you need an additional layer of protection here. Office Protect offers that. Key features include:

  • Real-time monitoring with 24/7 alerts - suspicious devices, strange mailbox activity, administrator accessing things they shouldn't, etc.)
  • Threat Protection - Activity tracking on documents and inboxes, multi-factor authentication tracking, spam notifications
  • Reporting - Dashboards, logs, and customizable reports

Human error happens. Security gets compromised. Tools like these keep your most valuable resources protected. 

#9 - Backups

Deploying layers 1 through 3 will significantly reduce your risk of a successful cyberattack. But cybercriminals are a sophisticated network with ample resources to orchestrate these attacks. 86% of attacks are financially-motivated. So like any business with a plan, a percentage of the money these criminals “earn” is invested back into the “business”.

That way, they can continually build a better mousetrap.

That’s where #4 comes in. A well-planned backup allows you to recover data that may be held for ransom, lost, tampered with, or stolen. Maintain business continuity and avoid the temptation to pay a criminal organization a ransom that will then be used to enhance their cyberattack capabilities to hurt more small businesses like yours.

#10 - Regular Backups & Recovery Testing

Like all of these layers of cyberdefense, #5 is critical to a robust security plan. You need the resources, tools, and schedule to ensure backups are completed. Recovery from must backup fast, accurate, and seamless so that business operations can continue despite a known breach. In the best scenarios employees and customers don’t even realize anything happened.

Recovery can be that seamless. Recovery testing involves testing how well your applications can recover from not only a cyberattack but also crashes, server failure, natural disasters, and similar inevitabilities when running a business. Recovery testing forces the recovery and backup systems you have in place to show you, not tell you, that they can restore data and operations quickly and efficiently, so you’re ready when disaster strikes.

This requires you to both dedicate the resources for recovery testing and put this testing on a schedule, so you’re never caught off-guard.

Layered Cyber Defense for Small Business

Cyber attacks are getting sophisticated. And small businesses are not immune to these damaging criminal activities. A layered cyber defense is the best way to outsmart criminals and keep your company safe. If you’re looking for a stronger cyber defense, we offer an affordable cybersecurity bundle that can be quickly deployed to increase your business’s protection against cyber attacks. Want to find out how secure your network is? Reach out to schedule a free cybersecurity assessment for you business.

Shane Lewis

Shane Lewis is founder/owner of Southeastern Technical. He is passionate about providing excellent IT service to small and medium organizations, and helping businesses develop and grow.

About Southeastern Technical

We help leaders discover how they can have stable, reliable information technology (IT), so their organizations can experience fewer IT problems and security threats.

Categories

Recent posts

solutions for real-world problems

We’ll send technology tips to help you resolve existing problems, information about underlying problems in your IT environment and how to solve them, and how to reduce digital security risk for your business.

Stay Connected

Facebook Twitter Linkedin