In 1984, Rockwell introduced his debut single on Motown records—”Somebody’s Watching Me.”  The well-known lyrics of the chorus are apropos to today’s small and medium-sized businesses (SMBs).  Like it or not, somebody is always watching your business’ every move as closely as through a microscope.  Here is why SMBs are key targets for criminal hackers:

Complacency:  Most leaders in smaller organizations are under the false assumption that they are not a target for cyber criminals.  Sadly, the truth is the exact opposite.

Smaller budgets:  Smaller enterprises typically don’t have enough funds and personnel to allocate to security protocols, so cyber criminals exploit that.  Strong encryption technology can get expensive, so you find that more in the bigger firms.

Limited knowledge:  IT Staff in smaller firms are not exposed to the breadth of experience that others are so that increases the risk.  Workers in bigger organizations see more just by virtue of their size.

You are the gateway:  Since larger establishments are well guarded, hackers focus their penetration efforts on the SMBs that are the inroads to the valuable data of their bigger clients, vendors and partners.  In some ways, you are the lure to the big fish.

Fewer layers:  Smaller companies are not top-heavy organizationally.  All sorts of staff interact with the CEO or other leaders daily.  Intruders take advantage of that familiarity through social engineering tactics that can result in a staff member inadvertently falling for a spear phishing attack that results in the loss of data and/or funds.

Hacking is easy:  Frankly, it is easy to become a hacker.  There are wide number of apps available to them and the Tor browser that enables anonymous communication is easy for them to navigate.  The Dark Web is a marketplace of stolen goods that no law enforcement can shut down.

Here is what you need to do to get out from under the microscope:

Create, implement and enforce policies:  Every organization of more than five employees must have at least a basic policy regarding strong passwords, data security, access to personal or corporate mobile devices etc.  These policies should reflect the latest thinking so they must be updated and enforced regularly.

Train your front line:  Your weakest link is also your best line of defense and that is your workforce.  Train them on the security policies and how to avoid phishing attacks and other possible intrusions.  Test them, reward good behavior and retrain those who need to be realigned.

Layer readily available hardware and software:  No SMB should be without a professional-grade firewall, continually updated anti-virus software, local and cloud backup of all critical data, and fully-patched operating systems.  Encrypt all email of any significance.

Heighten awareness:  Be cognizant and suspicious of anything that appears in any way out of the ordinary.  Keep an eye out for anything extraordinary when it comes to your key database, your CRM system and user access.

Be compliant:  Each industry has regulations and/or guidelines to meet security standards.  Take them seriously.

We see all of this every day!  Need protection from unwanted prying eyes? Contact IT Radix today!

First published in our June 2020 IT Radix Resource newsletter