These tech breaches, phishing schemes and robo calls seem more frequent than ever, putting smaller companies even more at risk. In fact, according to the most recent FBI Internet Crime Report, financial losses from internet scams have increased significantly every year since 2017, with more than $4.2 billion lost to cyber attacks in 2020 alone.
Common Network Attacks:
| Injection | Information sent thru a web form is manipulated |
| Credential Hijacking | An employee’s username and password are used to gain access to network resources |
| Internal | An employee or contractor is the network attacker |
So, what can you do to protect your business? We at Mayfield Consulting are fortunate to have as a client one of the leading experts on IT security who has sound advice for smaller companies to ensure their business is safe from these cyberattacks. Denny Cherry, who has worked in information technology for more than two decades, recently published the book Enterprise-Grade IT Security for Small and Medium Businesses: Building Security Systems, in Plain English. The beauty of Denny’s book is that he really does explain technology in plain English. So, if your eyes glaze over when you hear about SQL, AWS, VMware, Microsoft Azure, cloud platforms or firewalls, have no fear, Denny breaks it down in layman’s terms.
In this book, Denny clearly explains: 
-
- What causes the breaches to security
- Why it is so critical to put certain security measures in place
- How you can protect your business from serious, potentially permanent damage
It’s a short book, just under 150 pages, that you can read from cover to cover to gain a full understanding, or you can use it as your go-to IT security bible, checking on certain topics that pertain to your unique issues. Denny provides an easy-to-follow chapter by chapter breakdown in the introduction which makes it convenient if you already have a little bit of knowledge to jump directly to the section where you need the most guidance.
Why You Should Care
Wondering if you should spend the money on an extensive tech security system? Not sure what the risks are with your particular operating system or how to mitigate those risks? Don’t want to bother with the nuisance of multi-factor authentication (Ugh, do we really need to put all these steps in place to secure our data? It takes so long!) Read this book because it breaks it all down very clearly. Denny outlines all the major operating systems – Windows, Apple, Linux - so no matter which you have, he's done the problem solving for you. He also shines a light on the reality of just how easy it is for attackers to gain access to sensitive information and just how much damage that could entail.
“While a phoned-in bomb threat will affect a company for a few hours while the building is evacuated and searched, a distributed denial of service attack can take the internet connection for the company offline for days or weeks.” (p. 52)
How to Protect Your Data
So, what exactly is a distributed denial of service attack? Most people today are familiar with the need for a tech firewall. As Denny explains, this is your primary protection against hackers and critical for small companies that are often not securely protected by their consumer-grade cable modem. A distributed denial of service attack is a coordinated attack against your company’s infrastructure from thousands of computers across the internet. Where the firewall protects computers from outsiders on the internet hacking into your computer, the Distributed Denial of Service Appliance is designed to actually look for the illegitimate network traffic, so in effect stopping the invader before they even reach the firewall. Do you need a firewall? According to Denny that’s an absolute YES. What about a Distributed Denial of Service Appliance? You probably need that too because as a small or mid-size company, you cannot always rely on your internet provider or cable company to do that for you. And yes, multi-factor authentication is just one of the essential rules in ensuring your data is safe. (Another one is long complicated passwords – yup, that’s a must too.)
Primary Protections Against Hackers:
- Firewall
- Distributed Denial of Service Appliance
- Multi-factor Authentication
Denny suggests that once you have these systems in place, you still need another piece of armor. To protect your company and your employees from malicious tech invaders, you need to protect your employees from themselves. Denny states that 66% of data breaches that impact companies are performed by employees. That’s not necessarily done intentionally. For example, someone may find a USB drive on the ground, which could have been inadvertently left behind or purposefully placed by someone else with malintent. Say that drive has a virus and that worker inserts the drive into his or her work computer. Now that virus has spread to the work computer. In the book Denny offers ways to prevent that spread from infecting the company’s entire infrastructure, and he also suggests providing regular security training for the entire company, not just the IT team, to fight cyberattacks because the more employees are aware of what to look for, the more your entire company will avoid inadvertent breaches.
If you’re still wondering whether your small company needs to invest in long-term technology security or your employees need to slog through long passwords and multiple codes just to gain access to their computers, according to the Denny, the bottom line is, would you rather spend a little more now, or a lot more later?
Read Denny Cherry’s latest article on Inc., Don't Fall for the Lure of Technical Debt - Southwest Airlines is the perfect example of what not to do.
