Protecting Your SMB from Cyber Security Threats  

How to Protect Your Business Before It’s Too Late 

As technology advances, small and medium-sized businesses (SMBs) need to be increasingly aware of the importance of cybersecurity. Cyberattacks target SMBs frequently, and the repercussions of a data breach can be devastating.  

This Cyber Security Guide is a comprehensive overview on how SMBs can safeguard their business against cyber threats. It provides key information on principles of protection, email security, phishing, network protection, training your team, and backup and disaster recovery. By implementing the tips and best practices shared in this guide, SMBs can prepare themselves and their businesses to defend against cyberattacks.  

We hope you find this information helpful. Great Lakes Computer always recommends consulting with an expert to create or update your cyber security guidelines. Contact us with questions or to schedule a complimentary consultation

Table of Contents 

Part I: Protect Your Business Cyber Security Guide for SMBs

Part II: Email Security and Phishing 

Part IV: Protecting Your Network 

Part V: Training Your Team for Breach 

Part VI: Backup and Disaster Recovery – Protecting your network 

Content 

Part I: Protect Your Business Cyber Security Guide for SMBs

5 Principles of Protection for Your SMB 
Small and medium-sized businesses are at risk of data loss and theft due to limited resources and the value of their assets, making extra security measures an essential factor for protecting data.  

Here are five key areas where a little extra protection can go a long way in preventing loss. 

  • strong internet security 
  • thorough security policies 
  • updated software 
  • backup measures 
  • physical security  

Neglecting any of these measures could result in the loss of all data due to malicious emails or other cyber attacks. All it takes is one malicious email and a click of a mouse to lose all of your data to a hacker.   

Small Business Security Tips 

Due to limited resources and higher costs per user, small businesses are at a greater risk for cyber-attacks and have a more difficult time finding experienced security personnel. By moving security to the cloud, small businesses can reduce the need for in-house personnel and lower costs, improving their protection against cyber threats.  

Integrating email and internet security through a consolidated security solution can also help address combined attacks and lower licensing costs. Osterman Research recommends that small businesses use third-party providers that are dedicated to security for better performance and efficacy. Monitoring the constantly changing threat landscape is crucial to keeping your work secure.  

2 Fundamentals of Small Business Disaster Recovery 

Small businesses need to prepare for disaster as much as big ones. The experts at ITToolbox detail the two foundational Disaster Recovery Planning points you need to address. Here is a quick overview of their recommendations. 

Building a Disaster Recovery Budget 
Small businesses must account for natural and man-made disasters when planning their disaster recovery plan. The budget should prioritize protecting data by having on-site and off-site backups, redundant firewalls and anti-virus software, and possibly using cloud storage or paying for a hot site. 

 Small businesses should make copies of important software and have a way to access data if all hardware is destroyed. Each business should identify their greatest threats and budget for the tools and manpower necessary for protection, data recovery, and setting up a temporary headquarters if needed. 

Funding a Disaster Recovery Budget 
Small businesses should consider dedicating a separate department or budget line towards their disaster recovery plan to avoid diverting funds to other projects. They can examine other areas of their budget for possible disaster relief expenditures and move existing IT spending, such as data backup and anti-virus software, to their disaster recovery budget.  

Business interruption insurance may be a viable option to fund a disaster recovery budget for businesses reliant on their equipment, inventory, or employees. Basic IT disaster recovery tools and protections would still need to be paid for out of pocket. 

Small Businesses Looking for Security Use Managed Services 

Small businesses have a critical weakness in their limited security resources, making them low-hanging fruit for cyber criminals. A recent study of 800 SMBs found that 77% anticipate outsourcing at least half of their cybersecurity needs, and 78% plan to invest more in cybersecurity. The solution is working with a Managed Service Provider that can offer advanced threat detection and analytics along with 24×7 support.  

This eGuide IT Outsourcing: The Secret Weapon of Successful SMBs will provide an overview of what you need to know about IT Outsourcing and answer the following questions: 

  • What is IT outsourcing?  
  • How do you know when the time is right to consider it?  
  • What IT services can be outsourced?  
  • What criteria should you use to choose a managed provider once you’ve decided to outsource? 

Cybercrime As A Service (CaaS): What Every Business Owner Needs to Know 

Cybercrime-as-a-Service (CaaS) is an emerging trend that offers hacking tools, services and expertise to criminals. CaaS led to damages of over $6 trillion in 2022 and puts businesses at risk.  

Cybercriminals offer multiple types of Cybercrime-as-a-Service, including: 

  • Ransomware-as-a-Service (RaaS) 
  • Phishing-as-a-Service (PaaS) 
  • Hacking-as-a-Service (HaaS) 
  • Crimeware-as-a-Service (CraaS) 

CaaS is a growing concern for businesses, allowing hackers to purchase and deploy malware to steal sensitive data easily. To protect against CaaS attacks, businesses should invest in anti-virus software, strong passwords, two factor authentication and regular security audits and provide employees security awareness training. 

Part II: Email Security 

The Importance of Email Security 

Email is a widely used means of communication by businesses, making employees vulnerable to cybercriminals who take advantage of lapses in attention to send disguised emails containing malware. 

What a Malicious Email Can Cause 

  • stolen login credentials 
  • spyware and Trojan installation 
  • payment fraud 
  • ransomware installation 

Digital security providers and AI-powered software can provide solutions that protect against potential email weaknesses, scanning emails for malicious content and effectively preventing cyber-attacks. To improve email security, businesses need to implement external systems that independently block phishing attacks and malware, without relying on employees. 

Your Essential Guide to Phishing Email Scams 

Phishing is a commonly used tactic by cybercriminals to gain access to IT networks, with an estimated 43% of digital data breaches in 2021 involving phishing emails. Even professionals are sometimes fooled by cleverly disguised scam email attempts.   

The kind of information commonly asked for includes login credentials, dates of birth, social security numbers, specific addresses, password access information, corporate account numbers, credit card information or other financial details. 

Different Types of Phishing Attempts 
One thing that all phishing email (spam email) attacks share is that they were created to trick the recipient into doing or revealing something that they shouldn’t. There are different variants that aim at different purposes. 

Here are a few different types of phishing emails. 

  • Dishonest information requests 
  • False link emails 
  • Spoofed website emails 
  • Executive fraud 

Phishing Emails: Would You Take the Bait? 

Phishing email attacks are a growing risk for businesses of all ages, with Gen Z employees being most likely to be victims.  

Younger generations such as Gen Z and Millennials tend to be more confident about online security compared to older generations. Many of these workers use their corporate email addresses for personal social media logins and online shopping, creating weak entry points for potential phishing attacks. 

To protect against these attacks, businesses should strengthen their cybersecurity practices and advise employees on best practices such as avoiding personal use of corporate email addresses and being wary of unexpected emails. 

Learn How to Prevent Phishing by Spotting It 

It’s time to get serious about thwarting phishing attempts. While these attacks are increasing in frequency, we can decrease their success rate with just an ounce of prevention. It doesn’t matter how new the approach is, the trick is the same. It’s all about duping just that one person into clicking on a link or downloading an attachment that can give the hackers the keys to the kingdom that is your customer information. Let’s outsmart these attacks with a little basic training.   

Check out our infographic 10 Tips to Spot Phishing Attempts and share it with your teams. A little knowledge can go a long way. 

Fake Emails to Ignore to Protect Your Cybersecurity 

Hackers can be very clever, there’s no doubt. They prey on uninformed email and internet users in the hopes of getting their malware into your network. Savvy users can spot the majority of spam emails and pop-ups pretty easily. A few of the most recent email scams we’ve seen include. 

USPS Missing/Lost Package Notification 
Malware is distributed through bogus shipping notices sent via email with various subject lines and body messages related to delayed USPS parcels. A single email can contain up to three malware families that can take over your computer and compromise your finances. To avoid being affected by this type of malware, be cautious of suspicious emails and refrain from installing any unknown files.  

Cable Bill Overdue 
Scammers pretend to be cable TV providers and send fraudulent emails with a link to view an invoice. Clicking the link takes you to a fake site with an infected file that, when downloaded, infects your gadget with malware. Criminals can alter the payload to create different scams at any time. 

CEO Requesting Tax Documents from HR 
The IRS warns companies about email scams requesting employee Forms W-2, using the name of a corporate officer, to file fraudulent tax returns. The scam involves a “spoofing” email from the CEO, asking for employee information. Payroll officials should double check unusual requests for Forms W-2 or SSNs. 

Enforcing Cybersecurity in the Age of Credential Phishing 

The shift to remote work creates more opportunities for cyberattacks, particularly phishing. Credential phishing involves hackers stealing an individual’s identification details to disrupt their function or obtain information. Attackers scour social media for useful information and use it to create identical emails and websites.  

Training employees to flag false emails and block unauthorized links or websites can help, but a network layer multi-factor identification is scalable and denies the intruder further access. Segmentation and enforcing device policies can also help prevent credential phishing. 

Part IV: Protecting Your Network 

Data Security: Can Hackers Take Control of Your Products & Equipment? 

Could you imagine what would happen to your manufacturing company if a hacker took over your control systems? Hackers can access a company’s data through its business network. They can make their way through production networks and into control systems and often use targeted e-mails that appear to come from a trusted source (called “spear-phishing”). In past years reports show that hackers seem to have sophisticated knowledge of industrial control systems, increasing the risk for companies like manufacturers. Regardless of what you manufacture, or where you make it, hackers can damage it if it connects to the web. 

The web isn’t safe and secure…especially for manufacturers and installing antimalware and antivirus software is not enough data protection. Take a look at how this might play out with other manufacturers and certain types of products in this overview of a past incident – Hackers Take Control of Manufacturer’s Products & Equipment

How To Defend Your Network Security from 5 Wi-Fi Attacks 

Network Security is a serious business. There are many ways intruders can get into your network. Strong passwords are a great place to start defending your network, but you need to take it to the next level. Here are five ways Wi-Fi attacks occur. 

1. Lost or stolen device 
2. User-to-user snooping 
3. Sessions hijacking accounts 
4. Rogue access points 

Learn how to prevent these threats. Read more

15 Must-Dos to Protect Your Business from a Cyber Attack 

Cybersecurity is more critical now than ever. Those seeking to access your information are constantly upping their game. Whether they slip in through the backdoor with a simple malware-laden phishing email or enter through your network and encrypt your data, you need to be prepared. What can you do to prevent data loss and downtime? 

Here is a checklist: 15 Must-Do Things to Protect Your Business from a Cyber Attack. 

1) Risk Assessment 
2) Written Security Policy 
3) Security Awareness 
4) Passwords  
5) Multifactor Authentication  
6) Advanced Endpoint Protection  
7) Web Content Filtering  
8) Encryption  
9) Firewall  
10) Backup  
11) Updates  
12) Access Control  
13) Penetration Testing  
14) Incident Response  
15) Cyber Insurance  

Learn the preliminary steps to take to help protect yourself and your livelihood. Download a PDF version of this checklist Cyberattack Check List. 

Establishing Effective Company Cybersecurity Policies 

With the growing reliance on digital technologies and the increasing prevalence of cybercrime, having solid policies in place is crucial for protecting sensitive business data, mitigating malicious activities, and ensuring compliance. As the risk of data breaches increases, it’s essential to prioritize data safety. 

  1. Create Strong Password Practices  
  2. Two-Factor Authentication (2FA)  
  3. Device Usage and Network Access  
  4. Secure Email and Messaging  
  5. Periodically Review Policies and Security Standards 

Having strong cybersecurity policies and protocols is crucial in the digital age, with a focus on mitigating cyber threats and data breaches to secure digital assets and ensure survival. Use this checklist to ensure you are developing the necessary cybersecurity protocols. 

Learn step-by-step how to develop these cybersecurity protocols. 

Endpoint Protection Platform: Edge to Edge Enterprise Security Platform 

The SentinelOne Endpoint Protection Platform (EPP) combines prevention, detection, response, and hunting capabilities in one agent powered by machine learning and automation, providing full visibility and control over all enterprise assets with rapid threat elimination and real-time forensics.   

Your antivirus and firewalls are no longer enough. You need an Endpoint Detection and Response (EDR) program to actively defend your network. 

Your Next Generation Endpoint Protection (NGEP) solution needs to address four core pillars that, when taken together, can detect and prevent the most advanced attack methods at every stage of their lifecycle. These pillars include: 

managed it service
Mitigation
managed it service
Immunization
managed it service
Remediation
managed it service
Forensics

SentinelOne EPP provides real-time, unified endpoint protection with advanced machine learning and intelligent automation to protect endpoint devices from multiple security threats, while constantly monitoring system-wide operations at the kernel level to distinguish between benign and malicious behavior. Once a malicious pattern is identified and scored, immediate responses end the attack before it starts. 

SOC-as-a-Service: What You Need to Know 

Cyber criminals target sensitive data for profit through ransomware and distributed denial-of-service attacks, and with a shortage of cybersecurity professionals, small and medium-sized enterprises (SMEs) are under immense pressure to protect themselves.  

Even if SMEs incur the cost of owning a security information and event management (SIEM) solution, hackers can exploit vulnerabilities anytime, requiring 24/7 staffing of security experts. 

SOC-as-a-service, or SOCaaS, provides the following benefits: 

  • Access to a team of security experts 
  • Centralized visibility with actionable outcomes 
  • Never deal with annoying false alarms 
  • A simplified and predictable pricing model 

Great Lakes Computer provides expertise in remediation and repair of infected IT. Arctic Wolf provides single pane of glass visibility into your security solutions—and the dedicated security engineers to stand guard, day and night. Together, we’ll help keep your data safe. 
 
Information provided by Arctic Wolf. 
 

Part V: Training Your Team for Breach 

Build a Human Firewall for Your Business 

Creating a human firewall is crucial as 95% of successful cyberattacks are due to human error. Your employees are your single most important business asset and can be your first line of defense against a breach. On the other hand, employees are also a weakness when it comes to cybersecurity.  

Good software, good hardware and strong passwords are great, but they mean little without a staff that’s vigorously trained and knowledgeable. It makes creating a Human Firewall a necessary business process. However, it is expensive to hire an in-house 24-hour IT security staff.  

Managed IT security providers offer an external human firewall with its own tools. They monitor staff’s communication activities and provide 24-hour protection for sensitive information against attacks. An external IT security provider lets you benefit from a corporate-level human firewall without the expense of buying and installing the protection yourself. 

9 Ways to Protect Your Security BEFORE Connecting Your New PC 

Whether you are managing your business, or your home, you probably use a computer. You use it for searching the internet, paying bills, and storing important records. Computers make our lives more efficient, but also very vulnerable. All of these invaluable pieces of information can be accessed through your network if you’re not properly protected. It is vital that you maintain data security. The Department of Homeland Security recommends doing these 9 things to make sure your new PC is as protected as it can be.  

These recommendations include: 

  1. Connect to a Secure Network  
  2. Enable and Configure a Firewall 
  3. Install and Use Antivirus and Antispyware Software 
  4. Remove Unnecessary Software 
  5. Modify Unnecessary Default Features 
  6. Operate Under the Principle of Least Privilege 
  7. Secure Your Web Browser 
  8. Apply Software Updates and Enable Future Automatic Updates 
  9. Use Good Security Practices 

Learn more about these best practices. 

What is Two-Factor Authentication (2FA)? 

If you have not been using two-factor authentication (2FA) you need to start immediately. First let’s dive into how it works. 2FA strengthens access security by requiring two methods to verify your identity, such as a username and password and a smartphone app. It protects against attacks and secures logins from stolen credentials. 

Basically, two-factor authentication is an IT tech process by which you need to use two different authentication factors to enter some kind of sensitive digital account. For example, if you want to access your Gmail account, enabling TFA for this would mean having to first type in your password and then also verify that you’re who you say you are by saying yes to a security notification on your smartphone. This is just one basic example of TFA. There are other variants of it involve verifying with things. 

Duo Push
We strongly recommend using Duo Push or Web Auth as your second factor, because they’re most secure and can protect against man-in-the-middle (MITM) attacks.

Duo’s flexibility and customizability allows you to find the adaptive authentication method that meets the unique needs of your diverse user base. More 

Don’t Just Pitch Your Old Computer, Protect Your Data Security 

There is a never ending, revolving door of new technology these days. When upgrading computer equipment, don’t just throw the old one away. It’s bad for the environment and data security. Follow these steps instead. 

1. Pack Up Your Data.  
It’s important to keep data while upgrading your computer. Back it up on an external hard drive or flash drive. Cloud providers like Google Drive and Microsoft OneDrive are another option. If you are already using cloud storage, back it all up to your cloud account and then you can access as needed from the new pc or any connected device. 

2. Clean Up After Yourself.  
Clean up your hard drive by deleting personal files and using a file shredder, deauthorize any accounts, delete browsing history, and uninstall applications. Reset the hard drive to factory settings to wipe it clean. Alternatively, physically destroy the hard drive if not donating or selling the computer. 

3. Dispose of the Machine.   
Recycle old hardware properly instead of throwing it in the trash. Electronics chains like Best Buy and local waste service providers often offer electronic recycling drop-off days. 

These are just a few quick tips. Learn more about protecting your data before trashing your computer. If you’re looking to repair your computer equipment instead of trashing it, contact Great Lakes Computer. 

Part VI: Backup and Disaster Recovery – Protecting your network 

Data Backup and Recovery Best Practices for SMBs 

The need for proper backup and recovery procedures is more pronounced than ever. Small and medium-sized businesses need to be prepared and have the proper backup and recovery procedures to avoid costly downtime and data loss.  

To make sure you are ready for an emergency do the following: 

  • Have a formalized, written plan in place 
  • Prioritize your vulnerable data accordingly 
  • Stick to your data backup schedules 
  • Test your backups regularly 
  • Craft procedures for physical media 
  • Store your backup data at a secondary location 

Choose the right partner for your data recovery needs 
You don’t have to undertake disaster recovery preparations alone. Great Lakes Computer offers comprehensive agentless backup and recovery plans, so you know your critical data is as protected as possible. 

5 Simple Data Backup Tips You Can Use Today 

Business owners have been taking precautions and backing up their data for 20 years. Today, backing up your data is a little more complex because best practices have changed.  Here is a checklist of five more recent backup tips for the time-strapped small business owner: 

  • Have a Plan 
  • Backup Offsite 
  • Develop a Routine 
  • Test Your Backup 
  • Have 2 Separate Backups of Your Data 

This is just a quick checklist. Make sure you know the detailed steps before moving forward or contact Great Lakes Computer to learn about our Data Backup & Recovery Services

Data Security MUST Include Regular Backup 

A robust data security policy should include frequent and automated backups. A “hit or miss” approach relying on individual employees to backup data often leads to problems such as incomplete or outdated data sets.  

Automated backups are more reliable and can be scheduled frequently, ideally daily and stored offsite, such as in a cloud provider. Some companies are adopting continuous backup, which duplicates each change in each file in real-time.  

Great Lakes Computers has partnered with Dell’s AppAssure product to provide backup and data recovery services. AppAssure is the #1 unified backup and replication product that offers data protection for VM, physical and cloud IT environments. Contact us for details about these services. 

The Need for Online Backup: A Business Analysis 

Data Security-The need for online backup  
Data security has always been crucial, especially for small and medium-sized businesses that may lack IT support. These businesses invest heavily in essential data such as customer databases and future plans, making data loss prevention a primary concern. 

The local hard drive solution  
Backing up data on hard media located on the company’s premises has been a common solution, but it brings serious drawbacks. If a fire or natural disaster happens, the company becomes highly vulnerable as duplicate data will be destroyed too. 

The traveling hard drive solution 
Companies may send backup hard drives to alternate locations, but this method still has drawbacks. Stolen or incomplete backups become concerns as data can remain unprotected until the next procedure. Some companies do this every day to protect themselves, but changing files and records create vulnerabilities each morning. 

The online solution  
Online backup services provide an elegant solution to the need for off-site backups. Backups located on a remote server in the cloud enable enhanced disaster recovery solutions. Companies can restore records and continue workflow from a branch office even if the main office becomes unusable. 

Data Backup: Government Regulations 

A Matter of Both Necessity and Regulations  
Small to medium-sized businesses (SMBs) should arrange for data backup and recovery services not only to maintain mission-critical information but also to comply with various regulatory hurdles such as data security mandates by the federal government and non-government entities like the Payment Card Industry. Contracting with an IT firm that provides online backup and data loss prevention safeguards is often the best solution. 

SMBs must comply with laws such as the Sarbanes-Oxley Act for financial reporting, HIPAA for medical record security, and the Payment Card Industry Data Security Standard for any major credit card acceptance. Due to the complex data recovery and security requirements, SMBs should contract with a firm that specializes in these areas. 

The Blue Screen of Death! A Good Lesson in Data Backup. 

The Blue Screen of Death (BSoD) is a major system-wide crash in Windows that can cause data loss for unsaved applications. However, it doesn’t necessarily mean death for your computer. Here are five things to keep in mind when experiencing the Blue Screen of Death (BSoD) on a Windows system: 

  • The BSoD is a full system crash, usually caused by low-level software crashes or faulty hardware. 
  • Restarting the computer and entering safe mode can help diagnose the problem. 
  • A minidump file is created when the BSoD occurs, which can be useful for troubleshooting. 
  • The BSoD information is published in the action center for Windows 7 and newer, allowing for online solutions. 
  • The BSoD is less common in newer Windows versions, and upgrading can provide better support. 

Automatic backup to the cloud is a great way to keep your data backup effective for BSoD. If the BSoD problem is too big to tackle, reach out to Great Lakes Computer for help. 

Affordable & Effective Data Backup Options for SMBs 

In any size business, your data is just as valuable as your income. Customers trust you over larger operations that have more resources. Regardless of your budget there are a wide range of storage options with an equally wide range in ticket price. With so many options, how can you decide which is right for you? 

Here is a quick guide to data backup options that are viable for small to medium-sized businesses from CIO

  1. Direct attached storage connects storage devices directly to a PC or server, but ad-hoc or batch backups lead to out-of-date files. 
  1. Network attached storage connects to the network and offers file server capabilities with redundancy and remote synchronization. 
  1. Disaster protected storage resists disasters that can destroy unprotected data, such as ioSafe’s models. 
  1. Online storage offers cloud-based storage options for businesses or consumers for data backup or incremental backup. The downside is slow data retrieval. 
  1. Private Cloud lets small businesses access privately owned cloud storage using network appliances like Transporter or BitTorrent Sync. 
  1. Offline media, tape drives or optical media like Blu-Ray discs, can still be useful for backup purposes, as demonstrated by Google and Facebook. 

One of the points we stress about backup is how easily and how fully that backed up data can be recovered. We offer a comprehensive, agentless backup and recovery platform that is proven to fully recover your data in the event of loss or breach.  

5 Data Backup Myths to Ignore 

Throughout the years you have heard stories about businesses that lose their data or don’t comply with given standards. We learn from mistakes, but they still happen. 

Don’t let yourself be a victim! Ignore these common data backup myths: 

1. Onsite Data Backup Is Enough: Backing up your data on your own physical premises is a start. But a physical disaster could destroy your entire building. Fortunately, there are backup solutions available that backup your data over the cloud. 

2. Backing Up Your Data Weekly is Good Enough: Weekly backups work okay for businesses that don’t create much data. But, especially in the healthcare industry, you need to back your data up daily. 

3. Cloud Backup is Not Safe: Cloud storage safety depends on the provider’s encryption and replication across servers. When selecting a provider, it’s important to thoroughly interview them to ensure safety. 

4. Tape Backups Shouldn’t Be Used Anymore: Tapes certainly aren’t the most advanced backup technology available. However, tapes are a solid backup option because: 

•    They have high capacity 
•    Don’t cost much 
•    Are highly resilient 
•    Work well if you have massive amounts of information to backup 
•    They’re additionally secure because they work offline 

5. Because the Cloud is Available, You Can Outsource Disaster Recovery: The truth is the cloud helps enormously with disaster recovery. However, you still need to plan your own recovery in the event of a disaster. 

It’s best to ignore these myths and focus on current issues and recommended solutions from an expert. You always have the option to outsource for your data backup needs. 

Disaster Protection: Why Your Business Needs BCDR Now 

Disasters sometimes strike, from fires to hurricanes, earthquakes and theft. That’s why your business needs a business continuity (BC) and disaster recovery (DR) plan in place to safeguard your staff and IT infrastructure.  

BCDR ensures that IT systems can be de-localized and multiply redundant through remote backup versions for optimal protection. These qualities make BCDR for IT manageable to implement and maintain.  

Find out if you’re protected against disaster. Take Great Lakes Computer’s BCDR self-assessment today to see if your existing practices are aligned with comprehensive data protection needs. We can offer recommendations based on your score that will help you boost your IT security in no time.