Paragons of the cybersecurity industry discuss what they think is putting small businesses at risk of cyberthreats, what to watch out for and more.
Gill Langston
Senior Product Manager, SMB, Avast
What are the best practices/tools that business owners can implement to make sure they are protected from an attack?
From a tools standpoint, it is critical to protect all entry points from attackers with multiple layers. This means protecting email flow from phishing and malware, having a good endpoint protection solution, reviewing web traffic for malicious websites and downloads, performing regular security audits of your passwords and making sure you are applying patches to software. And of course, training your employees on what to look out for in emails and other communications that might seem out of place are components for a strong defensive posture. Contracting a third party to do an assessment from time to time can also alert you to additional items to address in your security posture.
Without being an expert in cybersecurity, is there anything that business owners can look out for in their day-to-day operations that may be red flags to potentially fraudulent activity?
No central security function can be all-knowing, even in the most sophisticated enterprises. It is paramount for business owners to develop a strong security program for all employees to help identify threats and fraudulent activities. It will be only through a joint effort that business can thwart attacks and defend themselves against bad actors. Security is a team sport.
Jack Koziol
CEO and Founder, InfoSec Institute
From your experience, what would you say is the most common reason small businesses fall victim to cybersecurity fraud?
There is a common misconception among many small businesses that they are not large or valuable enough to be cyberattack-worthy. It’s easy to think as a smaller organization that you can safely fly under hackers’ radar. Unfortunately, this mindset is the biggest contributor to the rapid growth in Server Message Block (SMB) cyberattacks. Today’s hackers readily take advantage of an SMB’s constrained investment in security controls, or they exploit a false sense of security that in-place protection, detection and response systems will catch all malicious activity — ultimately exposing a vulnerable second line of defense: employees.
Gerry Beuchelt
Chief Information Security Officer, LastPast
Without being an expert in cybersecurity, is there anything that business owners can look out for in their day-to-day operations that may be red flags to potentially fraudulent activity?
From a tools standpoint, it is critical to protect all entry points from attackers with multiple layers. This means protecting email flow from phishing and malware, having a good endpoint protection solution, reviewing web traffic for malicious websites and downloads, performing regular security audits of your passwords and making sure you are applying patches to software. And of course, training your employees on what to look out for in emails and other communications that might seem out of place are components for a strong defensive posture. Contracting a third party to do an assessment from time to time can also alert you to additional items to address in your security posture.