Dresner Group Blog
Maryland’s Top 3 Cybersecurity Misconceptions
With everything else going on, it’s easy to let your guard down. Business owners have more to worry about than ever before—the health and safety of their staff and customers, making payroll, keeping the lights on. Granted, some businesses have it harder than others, but the general consensus right now is that things are less stable than they were.
This, in turn, is causing many organizations to ignore their cybersecurity, and this is an extremely dangerous gamble right now.
With much of the workforce working remotely, and many businesses scrambling to be as efficient as possible, general common sense can sometimes fall through the cracks. I should mention though, it’s not just common sense. It’s also the extra time and effort it takes to simply be vigilant.
“I’ll Be Fine Ignoring My Security for a While.”
It’s easy to put something off that doesn’t feel like an immediate need. Take Windows Updates, for example. How many times has a Windows Update made a significant impact on your life? How many times have you felt like you benefited from a Windows Update?
My guess is that most of my readers will be pretty hard-pressed to come up with a particular update that made their jobs easier.
But Windows Updates are often important, and when ignored, could lead to major issues down the road. Sometimes, putting them off for a day or two isn’t the end of the world, but it depends on what the update fixes.
A perfectly good example is an update that came out in August 2020 for Windows Server operating systems. This update fixed a major vulnerability found across Microsoft’s server operating systems that would allow malicious hackers to easily exploit a flaw and gain full access to your network. This flaw was so serious that the Department of Homeland Security issued an emergency directive (something they don’t do very often) instructing all federal agencies to apply the patch within three days of the warning being published.
You see, when Microsoft releases a fix to a vulnerability they find, it means that vulnerability is immediately made public. Cybercriminals can easily look at what a Windows update is fixing to figure out how to exploit what’s being fixed (knowing that not everyone will run their updates right away). This is called a Zero Day attack.
Sure, you can usually ignore a security update for a little while—we tend to schedule them so they happen after hours to not affect our clients and their work—but you need to be very cautious when the updates fix critical vulnerabilities.
The same goes for updating your network equipment, your security software, your antivirus, and everything else you have protecting your data.
“Hackers Don’t Care About My Small Business”
This one is huge. We hear it pretty often: “Why would a hacker target me? What do they have to gain?”
This is compounded with headlines talking about major cybersecurity attacks and data breaches for brands like Disney, Marriott, and eBay. We don’t read about the smaller, local businesses that get targeted in data breaches.
A recent study done by Symantec shows that 36 percent of all recent targeted attacks were focused on businesses with fewer than 250 employees. When you take into consideration that most smaller businesses don’t have contingency plans in place for cybersecurity attacks, and the fact that they usually aren’t as well equipped to protect themselves from modern attacks, you start to see some pretty alarming problems.
While targeted attacks are one thing, there are still untargeted attacks where a cybercriminal or group unleashes a blanketed threat. It might target an exploit in some popular software you use, or a vulnerability in a common operating system. It could just come in as everyday spam with a malicious payload in an attachment. It doesn’t matter how big or small your business is—if you are susceptible, you are at risk.
“I’ve Got a Firewall/Antivirus/Security Appliance, so I Should be Covered”
While there are a wide variety of security solutions on the market that do a great job in limiting threats, no singular solution is perfect. The closest thing would be a UTM or a Unified Threat Management device. On top of that, if you aren’t keeping that device or software updated, it’s not going to perform as well.
With that, cybercriminals are clever and efficient. They won’t try to break into the vault at Fort Knox when the credit union across the street just uses a padlock. If you have the latest and greatest array of cybersecurity infrastructure, and a bad actor definitely wants to get into your business, they’ll flip to another page of their playbook and try targeting your end users.
Maryland small businesses are being targeted by phishing, smishing, whaling, pharming, vishing, and other social exploits used by cybercriminals more and more these days.
Because it works. These social engineering tactics are effective and easy and produce the same reward.
While modern cybersecurity solutions can help defend against some of these attacks, right now there are no 100 percent surefire solutions that will prevent an employee from getting tricked by a crafty hacker. Phishing attacks can look so legitimate that they don’t get caught by spam filters or other email protection. Sometimes, a phishing attack doesn’t even need to deliver a payload of malware, it will usually just try to trick a user into giving the hacker access to something they shouldn’t have. The best way to prevent escalation is by spotting phishing attacks before they have a chance to gain a foothold.
No, entrusting 100 percent of your security on your hardware and software isn’t a good idea. You need to provide training for your staff and audit your network regularly to ensure that there are no gaps.
This is where we come in. At Dresner Group, we can help establish the cybersecurity infrastructure you need, manage it to keep it updated, and regularly audit your network as needed so you can meet industry-level compliance standards. On top of that, we’re here to help educate your employees to ensure that everyone in your company is mindful of the threats that are targeting them.
Give us a call at 410-531-6727 to get started!