While most mid-market company executives believe that they will make it through a cybersecurity incident without significant harm to their business, the facts show that 60% of all mid-market companies hit by cyber-attacks are out of business within six months.
So we're not talking about something that is going to be a hassle for a few weeks, we're talking about a "bet your company" issue. So, are you willing to bet your company on your current state of cyber protection? (Learn more in "The Biggest IT Trends Impacting Business Owners.")
Hacking-for-profit is a big business. Just like your business, the hacker's time is worth money. They will focus on hacking easier targets all day long in order to maximize their return on investment.
In terms of making your surface area harder to penetrate, there are a number of very simple, straightforward steps that you can take. Start with a high quality Next Generation Firewall. It is the most important single step you can take to improve security. The key functions that you need to implement include antivirus and malware, SPAM filtering, intrusion prevention and web content filtering. These security measures will go a long way to making your business harder to hack. And it will assist in reducing the number of malicious infections you get from unauthorized website visits and email.
Next, ensure that all of your servers, network devices and endpoints are at current patch and antivirus levels. Maintaining security patches and security signatures are fundamental to a good "security hygiene." Your next level of security investment should target the 1–2% of malware that is going to get through the basic measures. There a few different approaches to detecting malware as it moves vertically and horizontally within your network. You should seriously consider one of these solutions.
While these measures are not comprehensive enough to prevent the determined hacker, they will significantly reduce the probability of being hacked by the more common schemes.
While you're at it, demand tougher passwords from your team. "BOB2001" is not a password, it is an open invitation to a hacker to gain access into your systems in seconds with automated discovery tools.