Did you know that…
51% of small to mid-size businesses have NO cybersecurity measures in place? (Digital.com)
61% of small businesses state they were the target of a cybersecurity attack in 2023? (Digital.com)
And yet…68% of the companies with no cybersecurity measures in place state that it’s because they believe they’re “too small to be a target for cyberattacks.”
These stats are highly indicative of the need for a new mindset when it comes to cybersecurity for small businesses!
As an IT Security Architect at MIS Solutions, it’s no secret that I often engage with clients who seek our services after falling victim to a cyberattack. (In the disaster recovery phase.) In most cases, these attacks could have been prevented by a straightforward, dual-faceted strategy that, when implemented together, significantly lowers the risk of organizational breaches.
These facets are:
Technical Safeguards: These are software tools designed to identify and limit phishing, malware, and various cybersecurity threats.
Educational Safeguards: This involves cultivating a culture of cybersecurity awareness and providing effective training and informational platforms.
Let’s delve into technical safeguards.
75% of security breaches come through email. (Trend Micro)
Therefore, it’s crucial to integrate tools that scrutinize incoming emails, which is a primary concern.
I strongly advise the deployment of Microsoft Defender for Office 365 Plan 2 features, such as Safe Links and Safe Attachments as a fundamental measure. As an enhancement to your Microsoft 365 tenant space, Defender offers comprehensive protection, including sophisticated malware detection, attachment scanning to verify authenticity, and a refined algorithm for identifying phishing schemes.
Will Defender mitigate some risk of a cybersecurity attack? Absolutely.
Will it mitigate all risk? Regrettably, the answer is no.
Experience has taught me that as we bolster our defenses, cybercriminals intensify their tactics. This results in a constant battle to remain one step ahead. But what’s the best approach to achieve this?
One of the most effective cybersecurity training platforms I’ve encountered is Microsoft Attack Simulation Training. (Also included with Defender for Office 365, Plan 2.)
At MIS, part of my role involves using Microsoft Attack Simulation to create fake phishing and malware campaigns, which are then sent to our clients’ employees to test their awareness. If the employee clicks on a link they shouldn’t, the system immediately records this. I then utilize this data to automatically generate a message informing them that the email was a cybersecurity drill and provide them with links to necessary training to enhance their awareness on the identified issues.
The system remains current with templates that mirror the latest cyberattack strategies and methods, ensuring that your organization can remain proactive. It also offers detailed analytics on how employee cybersecurity awareness evolves, identifies knowledge gaps, and suggests targeted information delivery.
Technical safeguards. Educational safeguards. Implementing either one of these two approaches to cybersecurity is a move in the right direction. But together, these two serve as a “one-two punch” to cybercriminals looking to take advantage of the organization you worked so hard to build.
Visit me next time as I tackle “Zero Trust”; exploring what it means, how it works, and why leveraging zero trust is the next best step in the evolution of your cybersecurity efforts.
Until then,
Austin Doans, IT Security Architect, MIS Solutions