The news we see and the stories we read make internet bad guys look like criminal masterminds. That concept is reinforced by the movies and television shows we see with the super-slick bank of computers used to break into the casino, traffic light cameras, security systems etc. whether it's being done by the good guy or the bad guy.

We tend to see cyber threats as focused attacks that target specific goals and use magic technology to accomplish big scores against the attacked party.

We hear about 500 million customer accounts being stolen from Marriott. https://www.forbes.com/sites/kateoflahertyuk/2018/11/30/marriott-breach-what-happened-how-serious-is-it-and-who-is-impacted/

or Equifax losing 143 million files, https://www.cnet.com/news/equifaxs-hack-one-year-later-a-look-back-at-how-it-happened-and-whats-changed/

or Facebook storing between 200 million and 600 million passwords in plaintext. https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/

As a result, as small business owners, we take a sanguine view of the actual danger to our small business... We don't have 100, 200 or 500 million customers; why would a cybercriminal attack my business?

The actual internet threat is more like a mugger than a bank robber. Muggers look for 'targets of convenience'. When a mugger accosts you, they are hoping you have a Rolex. If you have a Timex they'll take it. When an internet vulnerability surfaces, script kiddies, botnets, state actors, and the guy in mom's basement start scanning the internet for vulnerable systems. The latest vulnerability that's concerning security folks is called BlueKeep. Microsoft sent out a patch in mid-May but, according to researchers, there are still about 1 million computers that remain vulnerable. (Patch your old Windows machines: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708)

The point is that the muggers of the internet will be looking for targets of opportunity. They'll be scanning and trying to find vulnerable pre-Windows 8 systems to exploit. They are hoping to find the Federal Reserve but if they find your small business, they'll take it.

The FCC put out a pretty good guide for small business cyber-security: https://www.fcc.gov/general/cybersecurity-small-business

The takeaways are:

  1. Train employees on security principles.
  2. Protect information, computers and networks from cyber attacks. (Duh!)
  3. Provide firewall security for your internet connection.
  4. Create a mobile device action plan
  5. Make backup copies of important business data and information
  6. Control physical access to your computer and create user accounts for each employee
  7. Secure your WiFi networks
  8. Employ best practices on payment cards
  9. Limit employee access to data and information, limit authority to install software
  10. Use care with passwords and authentication

The internet is somewhat analogous to a dark street. Let's be careful out there.

#computersecurity #smallbusiness #itsupport #nerdstogomckinney