3 IT Security Keys for SMBs in 2019
Tim and Marina Wainwright were first time home buyers. They’d lived in an apartment, managed to save $30,000 over six years for a down-payment, and were only a few weeks away from closing on their new home.
But on closing day, they discovered that their $30,000 was long gone and there would be no closing on a new house that day.
Harden Your Network Defense with a Next Generation Firewall and IPS
What does the Wainwright’s story have to do with info security keys for SMBs?
Tim and Marina worked with multiple organizations as part of the process of buying their house, from their realtor, to their bank, to the title company. These businesses each shared and stored the Wainwright’s personal financial data throughout the process.
In order to comply with bank regulations in their state, the Wainwright’s bank had implemented a new information security regime that included:
- An Intrusion Prevention System (IPS) to keep unauthorized traffic out of the network;
- A Next Generation Firewall (NGFW) that enabled the bank to enforce its strict and specific network access rules;
- An Intrusion Detection System (IDS) that enabled the bank’s IT Security to detect and address any unauthorized traffic that might have made it through the firewall.
Also, state regulations required that any company that did electronic data exchange with banks in the state have similar security regimes.
Implementing these security mechanisms meant that, while it would not be impossible for hackers gain access to the Wainwright’s personal financial information, it would certainly have been more difficult than it would be for the same hackers to gain access to the average SMBs’ client data.
While small business owners might believe that hackers only target big-name companies, not small, local outfits, a New York Times article entitled “No Business Too Small to Be Hacked” noted that “Sixty percent of all online attacks in 2014 targeted small and midsized businesses.”
Key #1: In 2019, hardening your network defense with combination of a Next Generation Firewall and an Intrusion Prevention System is a basic necessity for protecting client data.
Three weeks before the Wainwrights’ closing date, their realtor, Kate, got an email from a prospective home buyer with two documents attached, one was a pre-qual letter and the other was a list of the criteria the buyer was looking for in a home.
When Kate opened the pre-qual letter, a piece of malware was loaded onto her computer and began sending screen-scraped data to a hacker.
After a week, the hacker had enough information on the Wainwright’s home purchase process – closing date, planned down-payment amount, name of the title company – to make his move.
Using the collected information and posing as the title company, the hacker constructed a simple email with instructions on how the Wainwrights could transfer their $30,000 down-payment to the title company’s account in order to expedite the closing process and avoid some check processing fee that the Wainwrights had never heard of but seemed worth it as it would save them $200.
Tim clicked on the link that took them to the title company’s portal, entered in their bank account information, clicked the send button, happy to be saving $200.
On closing day, when the Wainwrights arrived at the bank to sign the closing docs, there came the point in the process where the real estate banker asked for the down payment check.
It quickly became clear to Tim and Marina that something had gone terribly wrong.
Your IT Security Process Must Go Beyond Digital Security Tools
As we mentioned, the Wainwright’s bank and the companies the bank worked with all had up-to-date digital security tools. So what could they have done to help protect their clients?
It could have been as simple as adding a step to their pre-closing process in which they inform their clients that they may be called or emailed by criminals posing as someone from the bank, from the realty company, from the title company, or even a state government agency, and that if they have any question as to the validity of such a contact, that they should call the real estate banker to confirm.
The stronger digital network security that IPS and NGFWs has provided means that cyber-criminals have to look for other ways to exploit their victims.
Key #2: Include in your security plan methods to protect against Phising, Vishing (“Voice Phishing”) and other uses of social engineering used by hackers to steal your clients’ information.
Understand the IT Security Threats to Your Specific Business
The third key is nothing groundbreaking, but it is fundamental to protecting your clients’ data.
Key #3: Get an IT security audit from an IT company that specializes in IT security.
The only people that like the word “audit” are auditors. But implementing a firewall on your network and hoping that you’ve covered all the bases is a recipe for disaster.
Partnering with a Managed Security Service Provider (“MSSP”) like Link High is the best way to:
- Keep your IT security tools up-to-date;
- Ensure that your IT security is in compliance with state and local statues;
- Gain the peace-of-mind that comes with knowing your systems are being monitored and protected against cyber-attacks.
Whatever the state of your company’s IT security, we’d like to help you make it the best it can be.
If you’re ready for IT security help from a company that specializes in IT Security, contact us and let’s get your IT secure.
Victor is a 25-year veteran of the IT industry. and used his skills as a visionary business leader to quickly transform the company from a computer repair shop to an IT consulting firm. Victor has a passion for learning, holding a BA from the University of California at Berkeley, a Juris Doctor from Rutgers Law School in Newark, and multiple certifications including HIPAA Security Professional.