Cyber News Roundup: Security tips for SMBs for 2019

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

Almost every day there are headlines about cybersecurity breaches. Just this week, Marriott announced that its reservation system had been hacked, potentially exposing sensitive customer data for roughly 500 million guests. While breaches with big companies such as Target and Equifax still capture the headlines, small to medium-sized businesses (SMBs) need to take steps to protect themselves and prepare for pending threats.

Would it surprise you to know that 47 percent of small businesses had their networks breached at least once by cybercriminals in 2017? According to Security Today, only about three in 10 small businesses would be able to handle a cyberattack if they were hit with one today. SMBs are obvious targets since they have limited budgets and IT resources needed to protect themselves from thieves. Yet as the articles outlines, there are basic steps that SMBs can take to increase security including:

• Train your staff on basic cybersecurity awareness
• Create a plan for mobile device security
• Conduct a cybersecurity threat assessment with a third-party expert

Additionally, there are many tests and tools available that can help protect SMBs from hackers. Security Boulevard offers three steps to consider:

• Vulnerability scanners help detect system weaknesses and entry points that are easy to exploit.
• Penetration testing (aka pen testing) is when cybersecurity experts purposefully ‘attack’ a network to review how secure it is. This is referred to as ethical hacking.
• Make sure you’ve installed the latest software upgrades and patches. Similarly, make sure that your company has updated all operating systems, third-party applications, and drivers.

Forbes’ Technology Council recommends that companies take these 10 steps to improve their cybersecurity practices:

1. Employing password management and two-factor authentication
2. Encouraging email vigilance
3. Raising awareness of phishing
4. Making better decisions (sometimes that’s easier said than done!)
5. Avoiding personal devices for work
6. Using a VPN
7. Protecting test data
8. Building a strong firewall
9. Implementing safe reporting

Cyber Oregon partner blog post of interest

• PKI Solutions: The PKI Guy talks digital identity with Kevin von Keyserling of Keyfactor