Cybersecurity: Know the Risks

Scarcely a day goes by without hearing about a cyber-attack hitting a business or system somewhere in the world. Protecting your company from cybersecurity risks may seem like a daunting task, but it can (and should) be a basic part of doing business.

→ Read Now: Three Ps of Business Cyber Security

Types of cybersecurity risks

Businesses face a variety of cybersecurity risks, no matter what their size. Some attacks directly target a company, while others cause damage as a result of disruptions to other businesses, their systems, and their supply chains.

Ransomware

These attacks hold a company’s data or computer systems hostage while demanding payment. They can occur when an employee unwittingly opens an infected email or attachment or through vulnerabilities in the company’s computer system or connected devices.

Malicious code (viruses, worms, Trojan horses, spyware etc.)

Various kinds of malicious code can be inserted into a company’s systems through processes similar to those for ransomware. With malicious code, however, the bad actors behind it may not be demanding money but are instead using the company’s computer systems for their own purposes. They may wish to shut the system down to disrupt business, eavesdrop on company secrets, or snarl operations simply to cause disruptions.

Spoofing

In a spoofing attack, bad actors send emails while impersonating another business. Recipients may trust the email, thinking it is from a legitimate business they know, and inadvertently give away their personal information. Spoofing attacks can damage a business’s credibility and brand.

Denial of service (DOS) attacks

In DOS attacks, the attackers seek to shut down the website and/or systems of a business by overwhelming it with requests for service from bots. The targeted business’s system cannot withstand the volume of traffic and shuts down, causing lost work time, sales, and customer service.

Secondary risks

Even when a business is not the primary target of a cyber-attack, it can be affected if the attack disrupts its suppliers or support systems.

Creating a system for managing cybersecurity risks

The National Institute of Standards and Technology (NIST) has created an easy-to-follow framework for businesses to manage cybersecurity. Within the framework, companies can tailor a system to meet their own specific needs. The six categories within the framework are: govern the system, identify potential risks, protect against attacks, detect unusual activity, respond to threats, and recover from attacks. Within each category, NIST provides sample planning documents and questions to consider. The key is to develop a plan, keep it updated, and be ready to respond should a cyber-attack occur.

To reduce the likelihood of cyber-attacks, businesses can follow recommended cybersecurity best practices as outlined by the Federal Trade Commission and the Cybersecurity and Infrastructure Security Agency (CISA). Top suggestions include:

• • Requiring employees to use complex passwords and change them frequently
  • Limiting data access to only those employees who need it
  • Changing the password on the company’s router(s) from the manufacturer’s default
  • Maintaining strong physical security over paper documents, removable drives, and computer hardware
  • Using multi-factor authentication
  • Backing up data off-site and/or in the cloud
  • Keeping software updated with automatic updates

CISA also provides a list of publicly available tools – Stuff Off Search – that can be used to block smart devices from being found by search engines, thus cutting off another possible entry point for cyber attackers.

In addition, companies can consider purchasing cyber insurance to help defray costs associated with a cyber-attack, should one occur.

→ Read Now: Three Ps of Business Cyber Security

Hiring out cybersecurity

Not every business wants to manage their own cybersecurity. For many, it may make more sense to hire a cybersecurity firm to evaluate their systems and maintain cybersecurity processes. In evaluating a potential cybersecurity partner, consider these factors:

• • How does the platform match your company's risk profile? If your data is highly sensitive, is their platform robust enough to protect it? On the other hand, is the system more powerful than what you require?
  • How much experience does this company have in your industry? Does it meet all compliance requirements you have? Do they understand the types of data you store?
  • How easy is the platform to use? Human error is what allows many cyber-attacks to occur. If a system is too complex, employees may try to work around it and defeat its purpose. In addition, too much complexity can raise the cost of implementation and decrease productivity.
  • How much room does the platform have to grow? New cyber threats are created every day. A system needs to be able to scale with your company’s growth, and it needs to be flexible enough to detect and prevent future attacks.
    

Investing in cybersecurity

Setting up a cybersecurity platform may require an upfront outlay of funds, but many businesses consider it a necessary and valuable investment. Oak Street Funding^® offers working capital loans that can help spread out the cost of the investment over time, allowing businesses to get the protection they need without dipping into financial reserves.

Conclusion

Cyber threats are a fact of life for businesses. Nearly every business will be affected – at least secondarily – by a cyber-attack at some point. Following best practices to prevent cyber-attacks and having a plan to deal with them if they occur will help a company get through these challenges.

Disclaimer: Please note, Oak Street Funding does not provide legal or tax advice. This blog is for informational purposes only. It is not a statement of fact or recommendation, does not constitute an offer for a loan, professional or legal or tax advice or legal opinion and should not be used as a substitute for obtaining valuation services or professional, legal or tax advice.