AllBusiness.com

AllBusiness.com

How to Protect Your Small Business From Today’s Cybersecurity Threats

Posted: 19 Aug 2020 08:34 AM PDT

By Akshay Bhargava

A data breach can be immobilizing, especially for small to mid-sized businesses (SMBs). Not only can the cost be crippling, the long-term impact on a company’s viability may be impossible to reverse. Especially now, during a time where SMBs are already under tremendous financial, staff, and resource strain, a data breach is the last crisis any business wants to face.

The 2019 Ponemon Cost of a Data Breach Report notes the global average cost of a data breach is $3.92 million, a 12% hike from 2014 to 2019. When you combine this with the ongoing security skills shortage and fierce competition for IT staffing—as well as an environment where larger companies can offer more trendy perks—it's evident SMBs have to be more efficient in developing a cybersecurity infrastructure. Faced with less staff and leaner budgets, they also need to engage all stakeholders in their organization to ensure data protection becomes an “all hands” endeavor.

SMB executives and IT teams, if a company is lucky enough to have an IT team, have very limited resources for hiring new IT security staff. At the same time, they are faced with the constant fear that a successful cyberattack could bring extreme financial stress, which could bring devastation to a smaller organization.

Executives also know that not every employee, contractor, or partner is fully briefed on the latest threats affecting a business in real time. Strengthening security entails building an infrastructure that, to some extent, continuously adapts to new and changing threats.

Here are two cybersecurity trends organizations should be aware of:

  • Ransomware attacks on organizations will continue at a more rapid pace, thanks to a diversification in attack vectors. While in the past, ransomware was typically delivered via exploit, organizations now face everything from exploit kits to botnets, hacking tools, and manual infection. The development and prevalence of easy to deploy malicious hacking tools that are designed to more effectively attack networks will allow ransomware authors and affiliates to more effectively penetrate and decimate business infrastructures.
  • Hybrid attacks with multi-stage payloads will escalate. A multi-stage attack allows for an attacker to infiltrate a network more efficiently. This year more types of malware will be developed where the dwell time may be days, or even weeks, before an attacker decides what to do next. This is an interesting type of monetization where attackers alternate payloads and conduct proper victim triage. One scenario we've seen is the sale of the infection to someone who wants to mine for cryptocurrency or spread more malware, for example.

Anti-threat machine mechanics

Against this landscape of varied threats and creative cybercriminals, organizations need to think holistically in terms of cyber defense—engaging all stakeholders and looking at threat entry points from multiple perspectives and with greater scrutiny. Some practices to consider:

Diligent patching and updates. One popular attack vector is the manual infection of business networks through misconfigured ports or unpatched vulnerabilities. This is one example of why real-time patching and updates are a critical must for any IT team. Consider automating patching and updating practices when new software updates are required.

Universal education. Since the actions of every employee or contractor can easily contribute to successful malware, companies should provide ongoing education where cybersecurity becomes a guiding principle for everyone. For example, while spear phishing is popular with criminals who target executives and are looking for a big score, in reality, any employee is a target for phishing. A single attack could cost a mid-sized company an average of $1.6 million.

Dedicated, ongoing training and reminders are important for all levels of a business. It's also critical to avoid blaming employees or third parties when things go wrong. Executives need to make it clear employees won't get in trouble if they report incidents.

Other Articles From AllBusiness.com:

Modernized endpoint security. Only 47% of initial vectors of cyberattacks are detected by antivirus tools, according to the SANS Institute, so security teams must assemble multiple security products to combat this gap in their security posture.

One critical component is endpoint detection and response (EDR) software, which can help software security teams investigate and respond to threats that have bypassed other defenses. An EDR solution should provide automated analysis of data to identify suspicious activity and help IT and security staff  successfully navigate the threat hunting process.

Standardized BYOD controls. Securing the endpoint in today's remote worker environment means a virtual extension of all access controls, updates, and restrictions. In the SMB world, it's even more critical to implement employee awareness training so BYOD (bring your own device) users understand the importance of personal diligence and modify their behavior accordingly.

In addition to executing automated application controls and limiting access per user and work responsibility, ensuring BYOD devices do not infect a corporate network needs to be a top priority. This means IT must have a complete picture of all assets in use and be able to quickly discover any rogue devices before they can cause damage.

Cloud security segmentation. Today's growing BYOD and remote workforce is using cloud-based tools to improve their everyday productivity and data access efficiency. But this convenience comes at a cost. This data free-for-all approach offers another avenue for threats to enter the corporate infrastructure.

One way to reduce the risk from cloud networks and head off any trouble is to segment cloud and on-prem to more efficiently monitor for traffic or data-flow anomalies. For example, IT can segment the critical infrastructure network so that routine workflow—done remotely—moves to the cloud via a regular corporate network.

Consider outsourcing. Many SMBs simply don't have the bandwidth to do security justice, and that's okay. There are a number of managed security service providers (MSSPs) that can handle security for companies through security operations centers that provide 24/7 services.

While limiting the need for internal security personnel, these MSSPs can help you manage everything from firewalls and intrusion detection to virtual private networks, vulnerability scanning, and anti-viral and anti-malware services. Be sure to select a provider that has an understanding of your business and the security metrics you require to maintain an acceptable security posture.

A well-oiled machine

It has never been harder for a small business to stay in business than it is today. To be successful requires that everyone in an organization becomes cyber aware, no matter where they work or what devices they use. Implementing modern, adaptable, and agile security practices; intensifying training; and increasing communication is essential to countering attacks.

A good actionable cybersecurity game plan, along with an “all hands” concerted effort from every employee, can help a small business fulfill a goal of long-term growth and success.

About the Author

Post by: Akshay Bhargava

Akshay Bhargava is Chief Product Officer for Malwarebytes. A security and privacy expert with nearly 20 years of experience leading product management, engineering, and marketing, he has also delivered industry-leading products and defined business strategy for cloud/SaaS, cybersecurity, and systems management solutions for Oracle, FireEye, and McKinsey & Company.

Company: Malwarebytes
Website: www.malwarebytes.com
Connect with me on Twitter and LinkedIn.

The post How to Protect Your Small Business From Today's Cybersecurity Threats appeared first on AllBusiness.com. Click for more information about Guest Post. Copyright 2020 by AllBusiness.com. All rights reserved. The content and images contained in this RSS feed may only be used through an RSS reader and may not be reproduced on another website without the express written permission of the owner of AllBusiness.com.

Is Now the Time to Revisit Your Company’s Mission and Unique Selling Proposition?

Posted: 19 Aug 2020 08:26 AM PDT

Remember startup? Filled with boundless optimism and endless energy, startup entrepreneurs lay out a vision for their companies and what they hope to accomplish. And then, too often, they file it away, never to look at it again.

With all the tumult going on, now is a good time to reexamine your mission statement and your unique selling proposition (USP) to see if you're delivering on your promises. If not, can you get back on track?

If you've outgrown your original mission statement and USP, create new ones that reflect your new goals. Once you're done, review these documents annually to make sure they continue to reflect your operating philosophy and that your actions still support your mission.

Purpose of a mission statement

Your mission statement encapsulates your goals, philosophies, objectives, and how you intend to serve your customers and employees, all in about three or four paragraphs. While your mission statement was initially created by and for you, it's vitally important your employees understand your company's mission and the part they play in it.

When you originally created your mission statement, you should have asked yourself these questions:

  • Why did you start/buy this business?
  • Who are your customers?
  • What do you stand for?
  • What perception do you want others to have of your company?
  • What are you selling?
  • What kind of work environment have you created?
  • What sets you apart from your competition?
  • What value do we bring to our customers, community and employees?

Now that you've been in business a while, does the reality match up? Get input from your staff to make sure your mission statement is honest, relevant, and real to them. Also get input from your trusted advisors, like your accountant. This is important because many business owners are so close to their ideas they truly "can't see the forest for the trees,"  and it's so easy to overlook the obvious.

You will better be able to see if you're on track with your mission statement if you have people challenge you on it—and try to defend your assertions. Once you're done, make sure your employees understand your company's mission.

Then promote your mission statement to the public, so your customers, both existing and prospective, can see it. Put it on your company website, and in your store or office. Occasionally share it with your social followers.

To help keep you on track, it's important to hire to your mission. Bring it up in job interviews. Ask candidates how your mission statement resonates with them. One part of the hiring criteria should be what can this person bring to your company that will help you achieve your mission?

Other Articles From AllBusiness.com:

Evaluating your unique selling proposition

Much like your mission statement, don't make the mistake of thinking you only need to worry about your USP at startup. As your business, your target market, your industry, and the economy evolve, you need to reassess your USP to make sure it still reflects your reality.

To review what a USP does—it is exactly what it sounds like. Your unique selling proposition is what makes your business different in general and specifically, what makes it stand out among your competitors.

Every small business needs to define, understand and live its USP. In challenging times, you might need to review your USP more than once a year, particularly if you've had to pivot to survive.

How can you best determine your USP?

  1. USPs are about benefits, not features. How does your business help your customers and clients? What's the benefit to them of doing business with you?
  2. Think about the four Ps of marketing: product, price, placement (distribution channels), and promotional methods, and how they can help you define what's special about your small business. Do you sell hard-to-find products? Are your products organic? Is your service green? Do you donate a portion of profits to charity?
  3. Do you know why your customers do business with you? Understanding this will help you craft an effective USP. To find out—ask them. Conduct a survey or poll (this is easy and cheap to do online) or ask them in person. When things return to normal, you can have an informal focus group, or just take some of your loyal customers out to lunch to get their insights. Monitor social media and ratings and review sites to see what people are saying about your business online. Are your clients and customers looking to reaffirm their values, to get a good deal, to protect their loved ones, etc.?
  4. Once you discover why your customers buy from you, use that information. Add some emotion to your USP—it's more authentic and helps your audience connect to you and forge customer loyalty.
  5. What are your competitors' USPs? If you're trying to stand out from the crowd, you need to know how competitors define themselves. You should always monitor your prime competition. Check their physical locations, websites, social platforms, and marketing messages to help you determine what they stand for and how you can differentiate your business.

Specificity counts. Obviously, a USP that is "shared" by others is not unique. For instance, think about Domino's Pizza. Its original USP, the factor that got them noticed and helped them become a multi-billion dollar company, was not that they delivered pizza. Pizza delivery was neither new nor unique when Domino's was created. It was the guarantee to consumers that they'd get their pizza in 30 minutes or less or get their money back. That USP was truly unique at the time.

Once you create your USP, you need to make sure you and your staff live it. Think of your USP as a promise you're making to your customers—and nothing will drive business away faster than broken promises.

Again, think of both your mission statement and your USP as living, breathing documents. Don't file them away. Reviewing them will help keep your small business focused and on the path for success.

RELATED: 5 Smart Marketing Tactics You Can Borrow From Big Businesses

The post Is Now the Time to Revisit Your Company's Mission and Unique Selling Proposition? appeared first on AllBusiness.com. Click for more information about Rieva Lesonsky. Copyright 2020 by AllBusiness.com. All rights reserved. The content and images contained in this RSS feed may only be used through an RSS reader and may not be reproduced on another website without the express written permission of the owner of AllBusiness.com.
Posted by: at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)