We've grown accustomed to hearing about cyber security failures at large enterprises like Target. But security threats and breaches are not just limited to the Fortune 500s of the world. Businesses of all shapes and sizes are vulnerable to cyber security threats and data breaches. In fact, one could argue that small and mid sized businesses (SMBs) have emerged as the preferred target for malicious hackers.
While SMBs don't necessarily generate lucrative payouts individually, attackers can leverage automated attack techniques and take a "spray and pray" approach to target SMBs by the thousands with little investment. In addition to allowing for mass produced attacks, SMBs serve as easy targets for hackers. Most IT teams protecting SMB corporate networks lack the resources to combat cyber security threats and data breaches, and often, those teams lack any specific security expertise.
Despite these realities, there's often a false sense of security amongst SMB IT teams. They think a breach will never happen to their company, or that they're too small to be noticed or targeted by harmful hackers. However in its recent Internet Security Threat Report, Symantec found that a staggering 60% of all targeted cyber attacks last year struck SMBs.
SMB IT teams must take cyber security seriously and work diligently to keep their corporate networks safe and secure. Thankfully, it's possible for SMBs to defend themselves without making major changes to their IT teams or investing significant resources. Consider the following three best practices for maintaining SMB IT security.
1. Run Penetration Tests
Properly run penetration testing can demonstrate the real-world effectiveness of your existing security controls when facing an active attack by a legitimate hacker. Penetration testing doesn't just find vulnerabilities; it can tell you how big your security holes are. It can also determine the feasibility of certain attack vectors, assess the magnitude of operational impacts by successful attacks, and test your IT team's ability to detect and defend against agile attackers.
At a minimum, perform penetration tests regularly, especially if you incur any system or end-user policy changes, or if a new office goes online or new security patches are installed.
2. Monitor Your Network
Consider monitoring your network to get end-to-end visibility into your IT security and analyze network flow or traffic patterns. Such technology can alert IT teams to any major deviations from their network traffic baseline, which can help identify potential attack profiles such as user datagram protocol (UDP) spikes.
Network monitoring solutions can help IT teams spot potential data theft while it's occurring by monitoring for suspicious use of unusual protocols for a specific device or to an unusual URL. The technology can also be used to document instances of unauthorized or unwanted usage of company or public assets, and identify when large files containing sensitive data are being transmitted.
3. Log it Down
Monitor the logs of your critical systems by using a simple log management tool that can automatically analyze logs for any suspicious activities and for commonly audited access and permission changes. Be sure to track, alert and report on events like access and permission changes to files, folders and objects, and collect the most common log types such as Syslog, Microsoft event or W3C/IIS log to help identify potential threats to your network. Set specific alerts for key phrases, and protect access to key log information like employee records, patient or financial information.
Related Article: Event Log Management for Security and Compliancet
SMBs have evolved significantly over the past several years, and so too have their cyber security risks. Instead of having just a simple website or email server, the majority of SMBs today boast fairly complex infrastructures that include various combinations of on-premises, cloud and/or mobile networks. The massive amount of data being generated from those networks presents a treasure trove for hackers, and a breach of that data can cause serious harm to any SMB, regardless of its size, location or industry.
Until an affordable, turn-key security analytics solution for SMBs is unveiled, leverage existing technology like network monitoring and automated log management to keep your SMB network secure. Regularly run penetration tests to pinpoint where your vulnerabilities are and determine how you can best repair them. These practices can be implemented immediately by your existing IT team, and better yet, they don't have to cost a fortune.