A 2021 survey of businesses from eight different countries revealed that being hit with a cyberattack forced one in six to almost close their doors. The question you have to ask yourself is if you’re willing to take this risk.
If your answer is no, the next step is learning how to protect your business from a cybersecurity attack. This doesn’t have to be difficult or time-consuming either. Eric Sackowitz, CTO and Co-Founder of SecureCo, Inc. breaks it down for us.
Why Should Solopreneurs Worry About Cybersecurity?
“The consequences of an attack for solo practitioners can be dire,” says Sackowitz. “Ransomware, for example, will cripple your operation and can command large payoffs in Bitcoin to restore. Damage to brand reputation and credibility is difficult to claw back from if your customers’ personally identifiable information (PII) is leaked to brokers on the Dark Web.”
Plus, no business is immune from an attack, says Sackowitz, calling information “the new oil.” That said, businesses in certain industries may be more appealing to cyber criminals and adversaries.
If their goal is to make money, for instance, businesses involved in finances and insurance offer the best payoffs. If it’s personal data they want, a healthcare business is a good choice to hit, as is a social media business with high credit card transactions.
But small businesses, such as one-person businesses, are especially prone to attack says Sackowitz, “because they are under-resourced and easy targets.”
How Big Is a Small Business’s Risk of Being Hit?
“The key word in this question is ‘risk,’” Sackowitz says. “Quantifying risk for a business, no matter the size is the foundation of a good cybersecurity strategy beyond the standard implementation of good IT hygiene.”
Determining your risk requires looking at numerous factors, such as whether you use:
- password management tools or passwordless solutions
- multi-factor authentication (MFA)
- virus protection
- data backups
- email scanning and safe web surfing tools
- a well-known and reputable VPN provider for remote access
All of these can impact your level of vulnerability to a cyberattack.
What Does a Secure System Look Like?
Good IT hygiene is important for greater security, such as by using the tools mentioned above. But Sackowitz also suggests instituting several layers of protection:
- Secure “Data at Rest” and Physical Devices. This includes your computers, tablets, and smartphone. It also includes your storage devices.
- Secure “Data in Motion” and Your Networks. This layer includes appliance firewalls and basic intrusion detection. It also includes network transport security across the internet that provides “encryption, stealth, and obfuscation.”
- Zero Trust Network Access (ZTNA). This involves having a “never trust, always verify” approach to privileged access, says Sackowitz, reducing your exposure to lateral attacks.
- Threat Monitoring. This layer consists of behavior monitoring within your network. It also includes detect and respond solutions (XDR) when there is a breach.
Is Encryption Enough for Protecting Private Data?
In short, the answer is no. “Encryption protects the cargo,” explains Sackowitz, “not the discovery of those sending or receiving that cargo, ergo, the journey is just as critical.”
To help better understand this, Sackowitz recommends thinking of encryption as a lock and key mechanism. “If the lock is easy to find, adversaries can try brute force to open or reverse engineer it through exploitation of the source or destination participants—typically people,” says Sackowitz.
That’s where SecureCo comes into play. “SecureCo hides the lock, first and foremost, making it more expensive and difficult to attack,” says Sackowitz. “But we also hide traceability back to those involved in the communication, thereby further reducing the risk of success.”
SecureCo also uses methods that leverage stealth, obfuscation, and anonymity. This enables them to achieve better results. “Previously these capabilities were only available to government agencies,” says Sackowitz.
What Are a Few Simple Things Solopreneurs Can Do to Better Protect Their Businesses Online?
If you’re ready to protect your business against a cyber attack, Sackowitz recommends using an IT provider that can monitor your system and provide support. Also, have an outside party perform a cyber risk assessment. This can help identify how secure you are, as well as potential gaps. “This will help establish a mitigation plan,” Sackowitz explains, “and a repeatable process to sustain your cybersecurity posture.”
Other advice offered by Sackowitz includes keeping your guard up, using common sense, and taking an active role in better understanding your technical environment. “To minimize exposure, maintain a ‘trust nothing absolutely’ mentality,” suggests Sackowitz. This means not placing 100% trust in your ISP, phone company, the network at the hotel—not even your own household.
And don’t be lazy when it comes to your online security. “Unfortunately, the addition of cyber security measures introduces a certain degree of friction,” Sackowitz shares. “I have seen many users get frustrated and abandon those practices simply because it would be ‘easier.’” Yet, making this decision increases your risk of being hit with an attack. Additionally, it’s important to stay up-to-date on security patches for all operating systems and applications, both for cloud and server environments.
Sackowitz’s final suggestion is to “stay abreast of new attack vectors and exploits that relate to your specific operating environment.” You can do so by subscribing and searching for Common Vulnerabilities and Exploits (CVEs) through CVE, which is jointly sponsored by the U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency. “Cybersecurity is all about mitigation,” stresses Sackowitz, “essentially making exploitation more difficult.”short url: