5 Critical Cyber Risks a Small Business Owner Must Remedy in 2022

cyber attacks to africa @ruralict.com
screenshot of cyber attacks (checkpoint live cyber threat map)

Gone are the days of set-it-up-and-forget. For whatever device or software that you setup to create, process and store your business data, you continue to monitor to ensure it is configured properly and operating optimally, and ensure that critical updates are applied when they become available.

As a business owner, it is important you have your eye on the these five critical cyber risks related with business data, privileged access, phishing awareness, company policy and vulnerable business systems. 

When attackers target your business, they look for vulnerable systems or practices due to lax company policy, as a way to get inside your business. And when inside, attackers seek privileged access (administrator accounts) that grant them permissions to steal, manipulate and destroy critical business data, and afterwhich activate ransomware locking you out of your own business. 

Five critical cyber risks

  1. Loss of critical business data. Identify and locate wherever critical business data is used in your business. This is data that your business needs to survive, without which you will go bankrupt. This is data is among the crown jewels of your business. Think about and put up measures on who is allowed to access it (admin/manager), how its accessed (process) and how its stored (plaintext/encrypted/vault). Critical business data is a particularly what an attacker is seeking when they gain access to a business network, whose loss makes many businesses decide to pay huge ransoms to cyber criminals just to get it back. 

  2. Privileged access. These are the keys to confidential business data, systems or facilities. They are physical/digital login credentials such as root, superuser and administrator accounts that grant exclusive access to do as user wishes including deactivating the logging function which tracks every user activity within a system/network. And as such, its very much sought-after by every attacker. 

  3. Vulnerable business systems and practices. Often critical business systems are left unpatched with critical updates when they become available from supplier, due to the business desire to have the system working non-stop 24/7/365. Particularly for business systems connected directly on the Internet, leaving it unpatched is like leaving your jewelery on the sidewalk.

    Similarly, lax or non-existent business guidelines is a threat. I have encountered situations where the cleaning staff, not directly hired by the firm, have several keys to the server-room that they move around with everyday with none knowing how many copies of such a key there are. Keys to critical business systems should be monitored and given out under a defined procedure.

  4. Phishing awareness. You got to be continually aware of phishing and get-rich-quick scams. 90 percent of cyber attacks start with a phishing email. Phishing is an attempt by an attacker to trick you into giving out confidential information by pretending to be someone you know. Spotting fake versus legitimate email messages is a skill that you can develop by practicing it using several phishing quizzes. Phishing is a particularly rampant on social media where fake job profiles exist.

  5. Organizational Policy. Setup a few policies to guide your staff in handling company information (acceptable use policy), cleaning the work desk of confidential information before leaving office (clean-desk), malware and website policies. Ensure staff is periodically trained and understand company policy to reduce on human errors that can be costly to the business. Here are sample policy templates to customize based on your company situation. 

In conclusion, keeping attackers away from ruining your business is increasingly becoming difficult due to an ever increasing number and complexity of systems businesses rely on. Though identifying and defining controls dealing with critical business data, priviledged access, patching, phishing awareness and company policy goes a long way in mitigating the majority of cyber attacks. Do not be like the 60 percent small businesses that went bankrupt after a cyber attack, become proactive in safeguarding and growing your business.  

Leave us a comment and share with your network.

Read more: