Another high-profile cyberattack made the news recently, this time against UnitedHealth. In this ransomware attack, the hackers demanded $22 million in bitcoin in exchange for the restoration of their systems. How did the hackers get in? A basic form of security: Multifactor Authentication (MFA).
As a result, records systems were offline for thousands of patients and doctors, patients were unable to book appointments, and staff were locked out of their email accounts or even required to completely turn off their computers and use paper transactions as a backup where necessary.
According to disclosures from UnitedHealth, the cyberattack in Q1 2024 resulted in a substantial financial impact of $870 million for the insurance company. This amount includes nearly $600 million spent on system restoration and response efforts, with the remaining costs attributed to revenue loss and business interruption. CFO John Rex projected that the total costs for the year would range between $1.4 billion and $1.6 billion.
The seriousness of this attack and the frequency of them so far underscores the need for ALL businesses to take their cybersecurity solutions seriously.
No Business Is Too Small to Need Cybersecurity Solutions
For every attack against a major company that makes headline news, there are countless more against small and medium-sized businesses that get attacked and don’t make the news. Small businesses make excellent targets for cybercriminals.
Due in part to a lack of resources and/or information, SMB’s are more likely to have unprotected websites, accounts, and network systems that make cyberattacks relatively easy. And cybercriminals know this…actually, they bank on it.
Therefore, any business with an online presence – whether that’s a website, online accounts, or any type of Web or Cloud-based infrastructure or applications – is at risk for a cyberattack.
And so it follows that any business with an online presence needs to understand that implementing cybersecurity solutions is critical. And smart businesses are proactively managing cyber risks by planning for a “when” scenario instead of debating the “if” possibility.
In case you don’t quite believe that you personally need to worry about this because your business is “too small” or just not on anyone’s radar screen then consider this:
According to IBM’s 2023 Cost of a Data Breach Report, the average impact of a data breach on organizations with fewer than 500 employees is $3.31 million; the average cost per breached record is $164. $10.5 trillion by 2025
What are the 5 Cybersecurity Solutions That Your Business Should Have?
Here are 5 cybersecurity solutions that all businesses should have in place:
#1 – Firewall
A firewall is part of a computer system or network designed to block unauthorized access, while still allowing for outward communication. It acts as a barrier between a trusted network and other untrusted networks, like the Internet. It will help to protect your network from sites that are known to be infected or malicious.
#2 – Anti-Virus Software
Anti-virus software is not new and most businesses are probably at least aware of the need for anti-virus software that is designed to detect and destroy computer viruses. But it’s worth a reminder that an estimated 60,000 new pieces of malware get created each day and that without anti-virus software that is installed and up-to-date, experts warn that a computer will be infected within minutes of connecting to the Internet.
So as you check off your cybersecurity solutions, make sure that your anti-virus software is installed (and receives patching for updates) to help with the detection and removal of malware like worms, Trojan horses, adware, spyware, and more.
#3 – Patch Management
It is critical that patches in all programs and software get applied in order to lock up the vulnerabilities that the vendors have identified. Ignoring them is like forgetting to lock your front door – criminals can just walk right in – especially considering that oftentimes the software vendors only locate the vulnerabilities AFTER they find out that they have been hacked. This includes applying updates to your website and any plug-ins that are in use on the site. (To learn more about patch management, check out this blog post that further explains it.)
#4 – Data Backups
Remember how smart businesses are planning for when they get attacked and not if? Having modern, reliable data backups is the best guarantee that any business has to protect against data loss. And with ransomware attacks on the rise, it also safeguards your business against the need to pay hackers should they encrypt or lock you out of your data.
The key with data backups is to ensure that they are actually working, which means someone needs to monitor and test the backups on a regular basis. It’s also smart to think about the next step beyond data backups (safe storage of your data) to having a plan to actually access that data when you need it (disaster recovery).
#5 – End-User Education
This one may surprise you because not only is end-user education, not software or a system, but it is also your BEST defense against a cyberattack. And that’s because many, many breaches stem from simple human error. This makes sense when you consider the increased intensity and sophistication of the attacks being levied against businesses.
Many of them are being directly targeted towards individual end-users, simply because it’s easier to persuade 1 person to click on a link and open the proverbial front door to your system than it is to try to break in through the side window. One bad click or link really is all it takes to allow hackers access to your entire network.
Other types of phishing scams use sophisticated spoofed emails to convince employees to transfer money from one account to another, resulting in the loss of funds that can never be recovered.
Social engineering tactics are also widely used and unfortunately, have a high rate of success. Most likely, employees who cause or allow breaches aren’t acting maliciously. But that doesn’t mean that it won’t cost your business when mistakes are made.
Staying vigilant and regarding all unknown or unsolicited links or attachments with a healthy amount of skepticism are a critical component when it comes to cybersecurity solutions for any business. But in order for your employees to know what to look for and what to avoid, they have to be educated.
To help you, we’ve put together a Phishing Email Examples PDF – an educational resource in PDF form that you can download and distribute to all of your staff.
Cybersecurity Resources for Businesses
Cybersecurity is super important, but it can also be difficult to manage on top of working to manage and grow your business. The good news is that there are resources available to help you assess your risks, manage threats and create and implement cybersecurity solutions that will protect your business.
One great resource for information is StaySafeOnline.org, an organization that is powered by the National Cyber Security Alliance. They offer tons of great tools and resources to businesses for free.
Another one is the FCC Small Biz Cyber Planner – a tool developed for small business owners that will generate a custom cyber security plan with expert advice just for you. The results are generated based on input you provide about your business and any areas of concern.
Another option is to turn to an cyber security managed services company for help. As a managed cyber and IT services provider, this is what we do for our customers so that they can focus on what they do best and not worry about it. Our unlimited cybersecurity and IT service includes Firewalls, Anti-Virus Software, Patch Management and Data Backups Management for your business, all for a fixed monthly fee.
One thing that is important to point out with all of these cybersecurity solutions is that they need to be constantly managed and monitored in order to provide true protection against cyber threats. These aren’t “set it and forget it” solutions. So if you are managing them internally be sure that patches and updates are part of the regular maintenance, as well as educating any new end-users and even reminding current staff of the importance of being mindful and passing on alerts when new viruses or scams are circulating.
No matter what option you choose, we strong encourage you NOT to choose the option of doing nothing and assuming that your business is safe from cyberattacks because you aren’t large enough or a nationally recognized brand.