The SolarWinds hack that hit government agencies and private companies alike is astonishingly extensive, but as a business owner you should think twice about how it got as big as it did. The lessons already learned from this event should prove instructive and help prevent future ideas.
As a small business with limited resources, you will likely look to standards in your industry or market leaders to find best practices – including choosing technologies that will help keep your business safe. When purchasing software to protect your small business, you might be impressed with a customer list that includes large, well-known, and successful companies. And who could blame you Huge companies have entire departments set up to evaluate a product or service. This is how SolarWinds, big and small businesses, got involved in the recent hack, which is considered possibly the most significant cyber attack in modern history.
You might think none of these apply to you, but you would be wrong. In our increasingly interdependent digital world, hackers often waste no time breaking through a fortified global company when there are easily hacked vulnerabilities in their supply chain. And that can happen anywhere – whether it is Target, which has been breached by its HVAC provider, an oil company, or by malware taken from the Chinese restaurant menu downloaded by its IT department for evening takeaway injured an IT software provider like SolarWinds in order to gain access to the digital infrastructure and the operation of our nation – all examples from practice.
If large, sophisticated companies with large budgets and large IT departments are struggling to keep their global operations safe, how can small businesses keep their operations safe? Here are four things you can do:
1. Evaluate and act.
Prioritize your assets and determine how you can protect your data. You cannot protect all assets equally. By prioritizing them, you’ll know where to invest resources. In addition, you should know which functions make economic sense and for security reasons, what needs to be stored or built internally and which functions should be outsourced. A common step in small business security is often moving data storage to the cloud. When determining what to outsource, it is important to note that outsourcing a role does not outsource your responsibility.
2. Manage your risk.
You should have a list of requirements based on your own security and risk management profile that you need from all of your suppliers and third parties. For example, you should ask how you protect your data and what protocol you use to protect your data. The basic idea of cybersecurity is risk management. As a small business, you need to determine which risks you can and cannot tolerate.
3. Focus on employees.
With limited resources, small businesses should focus on the resources they have – especially the employees. The foundation of good cybersecurity is human behavior, not just technology. People, your employees, can be your greatest vulnerability or they can be a force multiplier for the security of your company. A trained, trained and informed workforce can be a strong and resilient asset in any company. First, inform each employee about their responsibility and responsibility for the safety in your company. In particular, train your employees in strong authentication. Strong authentication uses a passphrase of at least 15 characters to log into your network and ensure that you use different passphrases for personal and business use. Almost all major cyber violations occur through a compromised password. One of the access points to SolarWinds had the password solarwinds123 – amazingly simple and extremely easy to hack. In addition to strong passphrases, make sure that your employees use multi-factor authentication whenever possible.
4. Save your data.
During the pandemic, we saw a dramatic increase in ransomware. Ransomware holds your critical data hostage for a ransom. Once ransomware has invaded your system, it can be extremely difficult to remedy quickly and effectively. Paying a ransom can be expensive and you are not guaranteed to get your data back if you pay. The first step you should take to prevent ransomware is to ensure strong authentication on all of your networks so that the hackers cannot gain access. The second important step any business – large or small – should take to preventing ransomware is keeping your critical data safe on a separate network. Then test this backup regularly so that you know that it is up to date and that the backup is working.
Neither of these steps is a silver bullet in combating cyber threats. Together, however, they improve your cybersecurity, harden your business through resilience, and make your networks difficult for potential hackers to access. Whenever we invest significantly in resources or employees, we orientate ourselves on standards and recommendations. However, we should use these references and standards as guidelines and not as scripts of action. Remember, you are responsible for the security of your organization. You will be held accountable for all the decisions you make. After the SolarWinds attack, every company needs to assess its priorities and appetite for risk management and take fundamental measures to establish a foundation and safety culture for its company, large or small.
The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.
Comments are closed.