Home / Blogs

Proactive Cybersecurity: What Small Businesses Can Actually Do

Jonathan Zhang

In the business world, there are two main paths a company can take with cybersecurity — the reactive and the proactive approach. The problem with a purely reactive attitude is that it can easily put companies in constant firefighting mode. And for small companies with limited resources, this can turn out to be an increasingly uncomfortable place to be in.

With that in mind, experts today suggest proactive cybersecurity by monitoring suspicious activity and identifying risks before they turn into full-blown attacks. In this post, we are going to discuss several recommendations that small businesses can follow to isolate and combat cyber threats proactively at their level.

Look Inward for Weak Practices

For years, cybersecurity strategies for small businesses would typically involve protection from outside risks. However, sometimes the biggest threat may reside within your own organization.

How so? Well, the absence of use policy, as well as overlooked system misconfigurations, can be as dangerous as viruses and other means of cyberattacks. In small companies, such gaps are often unaddressed due to overwhelming task flows and the lack of cybersecurity expertise.

Thankfully, there are a few ways to tackle these risks. First of all, pay attention to usage controls and policies. Data protection regulations and data access limitations need to be clearly documented and consistently enforced to avoid accidental data breaches.

You also need to identify your critical assets — i.e., customer data, a proprietary technology, etc. — and then deploy security software to monitor your networks for possible flaws that can result in the leakage of sensitive data. For instance, a small business can use threat intelligence data feeds to automatically assess their own websites' configurations and detect vulnerabilities that can potentially be exploited by criminals.

Outsource Your Threat Hunting Needs

Threat hunting, the practice of proactively finding and identifying online threats as early as possible, is another way for small companies to stay ahead of cybercriminals.

One of its main aspects is the creation of actionable hypotheses about potential threats and those that may have already bypassed existing defenses. It involves combining and analyzing current intelligence and developing effective responses against cyber attacks before they happen.

Even though the approach is usually associated with large enterprises due to its complexity, small businesses can incorporate it too. The most practical way of doing so is by outsourcing this expertise to an experienced and equipped threat hunting agency. Doing so will provide even minor players in the industry with the capability to analyze threat data and discover upcoming dangers before they cause damage.

Employing Threat Hunting Tools

But outsourcing is not the sole alternative. Many small businesses that lack the budget or the opportunity to hire professional cybersecurity agents to help study their intelligence and look for threats can still take the matter into their own hands.

The option here is to work with software that could facilitate and somewhat automate the process. However, in order for it to be a reasonable and affordable choice, small organizations should first determine which risks they are most prone to — domain infringement, brand abuse, or others — and from there find an application or databases that focus on the corresponding area.

Such tools and sources can permit carrying out the identification, analysis, and even the decision-making often tasked to security professionals ultimately transforming huge amounts of log data and other threat indicators into a list of priorities a company needs to resolve.

Stay on Top of Domain Threats

Threat actors are never short of ideas as they are constantly working on creative ways to strike organizations. But one thing that hasn't really changed is their exploitation of domains — for years they've been impersonating them, populating them with malware, and more.

This means that websites need to be carefully examined before a company starts making contact with them. But the problem is that small businesses don't have enough specialists that could analyze and approve every page the organization needs to interact with.

One way small teams can protect themselves from these threats without hiring an army of cybersecurity professionals is through software that automatically analyses domain infrastructure and gauges its safety — a process also known as domain scoring — and can run unknown sites through prominent malware databases to confirm their legitimacy and verify if they are infected with harmful code.

Educate Employees on Present Dangers

Employees continue to succumb to social engineering scams. In fact, Verizon mentions that phishing and pretexting account for 98% of social incidents and 93% of breaches. Note that 58% of the data breach victims were small companies.

One of the main reasons why such threats have been quite effective is because criminals bank on the lack of cybersecurity knowledge as well as using psychological manipulation to deceive users. And since small teams hardly consist of specialists with deep cybersecurity background, they are easy prey for perpetrators.

This means that it is crucial for such organizations to pay attention to cybersecurity awareness — e.g., educating employees during the onboarding process, teaching everyone proper password handling, and sticking to the cybersecurity house rules in place. Another cost-effective approach is having frequent huddles led by an IT specialist to advise everyone on board how to stay safe from online threats.

Store Data Effectively

Businesses store all kinds of data that range from the information of their customers to the records of their employees and important financial transactions. Losing access to it can be deadly for small business — paralyzing their operations and leading to costly downtime. This is one of the reasons why they need to put thought on backing up their data.

Thankfully, being a small company means that you don't have as much data as big enterprises, which, in turn, makes performing backups a lot easier. A simple concept we recommend to follow is the 3-2-1 backup rule, which implies:

  1. Having at least three backups of your company data
  2. Storing it in two different formats
  3. Keeping at least one copy offsite

In practice, this could be a combination of cloud data backup, together with an external hard drive and local desktop storage. For added safety, you should encrypt the stored data and even have passwords installed on the hard drives you use.

Managing Passwords

As the owner of a small business, handling multiple online accounts is already a part of your day-to-day operations. And to be efficient, you might be tempted to use the same usernames and passwords so they can be easily remembered. Unfortunately, this facilitates the job of a hacker since there is just one password to figure out before taking control of various channels and processes.

One easy-to-implement tip to overcome this dilemma is signing up for a password management application that can securely store and maintain passwords. With this kind of capability, you can begin using long, nonsensical passwords that can be very difficult to break, especially via brute force attacks.

* * *

These are just some of the best practices that small businesses can follow to develop a proactive cybersecurity strategy that works for them in 2019. From performing assessments internally to the active monitoring of a network, business owners can employ a range of techniques to safeguard their organization actively in nowadays' ever-dangerous cyber landscape.

By Jonathan Zhang, Founder and CEO of WhoisXMLAPI & ThreatIntelligencePlatform.com
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

Whois

Sponsored byWhoisXML API