Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

December 21, 2020

How to beef up cybersecurity at your business

Rob Simopoulos of Defendify, with a person at a laptop in the background. Photo / Tim Greenway Rob Simopoulos is co-founder of the Portland-based cybersecurity firm Defendify.

When I started in security over 20 years ago it was rare that any company would bring up the idea of protecting itself from a cyberattack. Any investment made in security was mainly focused on protecting an organization's physical property and products from theft and destruction. Even today, it is rare to enter a building that does not have an alarm system with 24/7 monitoring, cameras and card access control.

Yet, security needs have shifted, and today companies must not only protect their physical assets but also their digital ones. Recent research has shown that the average loss in a business burglary is around $10,000 compared to a cyberattack, which comes in at a staggering $200,000.

There’s been a notable shift in cyberattacks with cyber criminals now focusing on non-enterprise businesses, or smaller businesses. This is forcing small and midsize organizations to invest in cybersecurity protection to protect digital assets — much like they have with their buildings.

There are some cost-effective strategies that can be put in place that aren’t all that far from what most businesses are doing to protect their buildings.

Here are three ways to get started with cybersecurity:

Check the entrances and exits regularly

When you close your business up for the day you make sure the doors are locked and that there is no way for someone to get in. With your digital systems you need to do the same thing. Companies today can check for holes in their digital systems by activating a tool called a vulnerability scanner. It scours inside networks and also from the internet side looking for any gaps and vulnerabilities that cyber-attackers might try to take advantage of. These tools will report weaknesses discovered in your systems and provide detailed recommendations for repair.

Beyond these scanners, organizations can also conduct ethical hacking, also known as penetration testing. Ethical hacking is when a good hacker is hired to try and break into a company’s systems just like cyber criminals might. Their reports include recommended ways to tighten things up and upon completion you will understand if you have left the front entrance or back door open. 

Turn on your alarm and 24/7 monitoring 

Break-in specialists don’t work 9 to 5, they operate around the clock and across time zones. Their intrusion attempts are often well thought out and orchestrated with precision. To protect against a building break-in, businesses install alarm systems that send signals to a monitoring station so that officers will respond, even when the business owner is asleep. Small and midsize companies can now have breach-detection and response systems installed that are watched 24 hours a day by a monitoring station staffed with cybersecurity experts. If a cyber intrusion is detected, these experts respond, contain the break-in and remove the intruder from your systems. Previously these types of solutions were only available to enterprise organizations, but now they are cost effective for non-enterprise companies. Knowing that there are professionals there to respond to a cyber intrusion can help a business operator sleep better at night.

Run your fire drills 

When the fire alarm goes off at your building, your company is ready and knows how to escape the facility because they have been through numerous fire drills and training. You should do the same digitally and train your employees on how to identify and respond to a cyber-attack. There are a number of employee cybersecurity awareness training tools, including educational videos that can educate your team about the types of scams attackers use. An estimated 90% of cyber-attacks involve a phishing email being sent to an employee. To train employees, organizations can use a phishing simulator that sends emails that look like real ones. If the employee interacts with the email incorrectly it will spot train them on what to do next. 

Traditional security for your company’s office is important, but with most organizations running remote teams and work from home models, an investment in protecting your digital systems and assets is a key place to focus now. Cybercrime is not going away, so it is no better time than now to invest in protecting your extremely valuable digital systems.


Sign up for Enews


Order a PDF