Home » OPINION » Columns » MIKE SKINNER: Hackers don’t care about size

MIKE SKINNER: Hackers don’t care about size

 

MIKE SKINNER

Data or access to another organization’s data is what makes a target attractive, not the size of the organization. We hear it over and over – “why would a hacker target me? I don’t have any valuable data, plus my organization is small compared to X, Y, Z.” We are seeing more and more smaller organizations being attacked for a few reasons:

Less sophisticated security. Typically, small and midsized organizations often have less sophisticated cybersecurity; therefore, they are easier to breach and subsequently their client’s are too – depending on their level of access, which brings me to my next point.

Access to larger organizations. Often, the best way to the target information is through a company’s vendors.

Automation. Cyber criminals now use automated attacks with little investment making it easy to target small to mid-sized organizations.

While not all small to mid-sized organizations have the security budget needed, we do have a few recommendations to improve the security posture of companies that won’t break the bank:

» Keep all software and applications up-to-date. Among the first things a hacker will do is evaluate any known vulnerabilities in your system. Out of date software, plug-ins, and applications are easily identifiable and a simple way to gain access to your network.

» Limit access to sensitive information. Evaluate your sensitive information. Who all has access to it and why? How many ways can it be accessed? Consider these questions and make the proper changes to limit the access to sensitive information.

» Educate employees. We cannot over emphasize this. Someone will always click. Hackers prey on the oversight and vulnerabilities of your employees.  Make sure to adequately train your employees. Encourage your employees to take caution and be more aware of malicious attacks. Train them in the common types of phishing scams and cyber attacks that are likely to occur on their devices. Conduct ’fire drills‘ by having your team push out unexpected phishing attacks to see if your training has worked. The key is to impress upon them the importance of their participation in being aware and cautious.

» Practice good password management. As cyber criminals become more sophisticated, it is important to practice good password management. Why give them the “keys to the kingdom” and make it easy for them to access you or your client’s sensitive information? Here’s my best tips for password management: blog.hornecyber.com/4-tips-for-password-management

» Know what’s on your network and the security implications of growing your attack surface. Although the growing mobility of employees, the growing number of connected devices, and the evolving Internet of Things can create improved productivity and increased operational efficiency, they can also decrease your level of security. Check out our latest blogs on securely integrating the Internet of Things and securing a mobile work force for our insights on these topics.

» Be prepared. It’s no longer a question of “if” but “when.” It’s no longer just about your data, but also about other data you have access to. Be sure you are taking the proper steps to secure yourself and your organization today.

» Mike Skinner is the partner in charge for HORNE Cyber. His focus is to enable clients to fully leverage technology innovations by providing the insights critical to safeguarding their business, customers’ critical data and brand reputation. He is responsible for information technology audit, regulatory compliance, information security consulting, internal control consulting and business solution implementation.

BEFORE YOU GO…

… we’d like to ask for your support. More people are reading the Mississippi Business Journal than ever before, but advertising revenues for all conventional media are falling fast. Unlike many, we do not use a pay wall, because we want to continue providing Mississippi’s most comprehensive business news each and every day. But that takes time, money and hard work. We do it because it is important to us … and equally important to you, if you value the flow of trustworthy news and information which have always kept America strong and free for more than 200 years.

If those who read our content will help fund it, we can continue to bring you the very best in news and information. Please consider joining us as a valued member, or if you prefer, make a one-time contribution.

Click for more info

About For the MBJ

One comment

  1. Uneducated Mississippian With Ged

    Good article.
    I see many many security vulnerabilities especially in the realm of small business here in the south. Even in big corporate style environments our assets are in plain site. Nmap | grep and iptables are powerful tools and they are free so there is no excuse not to learn them. And sacrificing security and efficiency for pretty pictures and a slick interface is also no excuse. Also lazy system admins who avoid new technology for job security. Its also a shame that exploits and tools are knowingly shipped off to regular consumers en masse. The sms system, Samba,Telnet, Java, Upnp, ssh, http and on and on.

    ~uneducated Mississippian with Ged

Leave a Reply

Your email address will not be published. Required fields are marked *

*