The Independent Professional’s Guide to Cyberattacks

Changing Times and Cyberattack Exploits

In the autumn of 2016, Mirai, a network of malware bots, laid waste to a university and several high-profile targets like Netflix and Twitter.

First discovered in August of that year by white hat malware researchers, Mirai caused some of the largest, most disruptive distributed denial of service (DDoS) attacks ever recorded.

Since then, a lot has changed. Mirai and other botnets have evolved into stronger, remote-controlled malware systems, using artificial intelligence to guide attacks.

Cybersecurity exploits have also changed focus from enterprises to smaller businesses, which usually lack larger companies’ knowledge, skills, and IT budgets. Cyberattacks never stop evolving, and hackers are ever more inventive and daring.

As a result, attacks constantly change in unexpected and dangerous ways.

How Cyberattacks Are Changing

Small businesses, solo professionals, and private practices are more exposed than ever to cyberattacks. Recent trends include:

• Attacks are stronger and easier to set up, organize, and pay for.
• multi-vector attacks (ransomware exploits set up with a denial of service attacks, for example) occur more frequently.
• Even inexperienced attackers can rent digital mayhem by the hour, although its polite name is insider threats as a service (ITaaS).

These trends should matter to solo professionals and professional practices. That’s because beyond the costs of repairing the damage of a cyberattack:

• Legacy solutions aren’t holding up to sophisticated exploits.
 Many IT pros are fighting the last war with now-out-of-date hardware solutions.
• Effective defenses require changes in the resources and security strategies used. 
Professionals (or third-party service providers) must spend more time, effort, and money to set up defenses tailored to a new risk landscape.

This guide provides detailed how-to instructions designed to protect your IT operations from specific types of cyberattacks.

And independent professionals must address additional requirements laid out by federal, regional, and state agencies and professional groups. A complete description of these requirements is beyond the scope of this guide.

But in each case, we’ll describe general practices and point to important information resources.

Protecting Your Workplace or Private Practice

In several cases described below, attackers focus on businesses in the small-office IT environment. The IT systems are set up in professional practices and offices of solo professionals. What’s that?

Practitioners include private healthcare providers, lawyers, tax specialists, investors, brokers, and financial advisors.

Recognizing and Responding to Cyberattacks

Any network connected to the internet is exposed to holes in its cybersecurity defenses. These targets can include any system with an IP address or hostname that resolves publicly in a domain naming service (DNS).

Therefore, you risk hackers entering your network if your system uses a VPN, remote desktop protocol (RDP), or other access tools.

This section describes six major types of cyberattacks, their trends, causes, and effects on doing business in solo professional offices and practices. You’ll learn to recognize attack threats and how to reduce the risk of being a target.

Ransomware: Pay Up or Get Locked Out

Smaller organizations, including solo professionals and professional services practices, are getting more attention from cyber attackers than ever. That makes ransomware a serious threat to small businesses—the #1 threat in 2020.

How ransomware works

Ransomware is a type of malware. It encrypts files on a device, making the system that relies on them unusable. Attackers demand payment (ransom) to give your access back. The hackers require payment in cryptocurrency, a credit card, or untraceable gift cards.

This exploit is panic-inducing, annoying, and effective. Unfortunately, paying the ransom doesn’t guarantee that you regain access.

Even worse, victims who do pay are frequently targeted again. Infection of one machine or device can spread ransomware throughout your entire network—and sometimes to other businesses in your supply chain.

More sophisticated ransomware attacks

In earlier years, during a ransomware attack, you could tell hackers “no way” that you would pay and restore files from backed-up copies.

Now, ransomware tactics have changed. First, attackers steal and then encrypt all the files that they can. Then, if you refuse to pay the ransom, they threaten to publish confidential files.

That means you must now encrypt sensitive business information such as IP and important data that you store or send with the internet.

There are several ways that ransomware can get into your computer or system:

• Email spam and phishing techniques. These messages include a malicious attachment or link to a malicious or compromised website. Unwary users click a link, and malware enters your IT infrastructure.
• Exploit kits. These software toolkits are available on the dark web for about $50. Hackers use these kits to find and take advantage of easy-to-enter spots in your browser or programs.
• Fake software updates. This method tricks users into giving hackers admin capabilities and enables them to install malicious code.

Early warning signs of ransomware attacks

There are no preventing ransomware attacks. The best one can reduce the odds of infecting your computer or system. That means someone who’s computer-savvy must go through your computers, devices, and network, looking for vulnerabilities such as:

• Known or suspected phishing attacks. Most ransomware attacks arrive as an email attachment. Look for emails with strange or unfamiliar domains that have landed on your network.
• Many login failures occur in Active Directory.
• Evidence of brute-force attacks in your network.
• Logs that show a string of questions about a single machine.
• Security tools used in places they weren’t assigned. Where did that instance of Mimikatz (a legitimate tool often used in phishing attacks) come from?
• Unusual time stamps that appear on VPN connections. Who was up working at 0237? Are you sure?
• System redirects traffic to scary places on the Dark Web. No one using your network should go near TOR, for example.

Ransomware attack response

If you get attacked, there are quite a few things you can do and others that you should avoid.

What not to do? Do not panic or pay the ransom. If you refuse to pay, you’re in good company—more than 75 percent of small businesses make that choice.

What to do immediately. Here’s what you should do to limit damage to your network. (If you have a cloud host or MSP, it’s their job to engage in these steps):

• Trace the attack. Where did it enter, and which systems and devices are affected?
• Unplug your connections. Make sure to cut all connections to the internet and between IoT devices.
• Notify your IT security pro if you have one. If you engage managed service providers, they might have 24-hour response services. If not, get on the phone.
• Notify the authorities. This can be a complex process requiring more time and effort to report than other cyberattacks. For example, check out this post, which lists notification requirements for legal offices.
• Inform all employees and customers. Don’t delay completing this step. A slow-motion response might affect your working relationships with partners and suppliers.
• Update all your security systems.

And if you don’t have a breach attack plan, create one as soon as possible after the dust settles.

Phishing Attacks: Take the Bait and the Consequences

Scammers use email or text messages to trick you into giving them your personal information. They might try to steal your passwords, account numbers, or Social Security number. If they get that information, it’s “Open, sesame!” They can gain access to your email, bank, or other accounts.

The goal of phishing remains the same, access to information they can eventually turn into cash. Nevertheless, the top targets of spoofing (fooling account owners) are changing.

Phishing attack trends

With layoffs skyrocketing, and more employees working from home, hackers are pouncing on small-office businesses. However, mass phishing campaigns of the past are becoming more targeted and sent at lower volumes.

A single phishing email might have been sent to hundreds of recipients in the past. In 2020, most phishing campaigns were sent at much lower volumes and used new methods to carry the malware.

Why the change? Mass phishing waves are easier to detect than low-volume attacks. This trend shows that phishers are getting smarter about picking their targets.

Businesses might improve account user awareness, but phishers are getting more skillful, too. They’ve even started spoofing phishing awareness training platforms.

How phishing attacks work

An attacker impersonates a trusted contact and sends the victim fake mail messages. The victim opens and clicks on the malicious link in the mail or opens the email’s attachment. One-click, and voila! Attackers gain access to confidential information and account credentials.

In addition to traditional phishing methods, COVID-19 emails and shared file notifications have been more common since the pandemic. On SharePoint, OneDrive, and Dropbox platforms, workers daily receive shared-file notifications from these well-known applications. In 2020, hackers increasingly exploited these services’ credibility to conceal their identities and intentions.

Phishing attack causes

Human nature (inattention or being rushed) has not changed, but the sources of phishing bait are new and more complex.

Phishing attack early warning signs

There are many ways to protect yourself from this attack, but the main one is vigilance. The main thing to remember is that successful phishing expeditions run on adrenaline. So, stay cool and watch for these telltale signs:

• A suspicious document sent by a company or institution you know or have dealings with.
• A message based on a story makes you want to click on a link or open an attachment.
• User or tech comments about noticing suspicious IT activity or login attempts.
• A claim is a problem with your account or payment information.
• Notices that ask you to confirm personal or business information.
• Communications that include an invoice.
• Urgent messages want you to click on a link to make a payment.
• Messages claim that you’re eligible for a government refund.

Responding to phishing attacks

There is good news about phishing attacks. They are avoidable. Here are some ways to make you less of a target.

Reducing the Risks of Phishing Attacks

There is no 100 percent protection from any security risk, but here are reliable methods that can stack the odds in your favor:

• Protect your computers and devices by using security software.
• Protect your mobile phone by setting software to update automatically.
• Protect your accounts by using multi-factor authentication.
• Protect your data by backing it up.

Keep Your Trigger Finger on Hold

STOP if you get an email or a text message asking you to click on a link or open an attachment. Then ask yourself, “Do I have an account with the company or know the person that contacted me?”

If the answer is no:

• Find and review the indicators described in the “Phishing attack early warning signs” earlier in this guide.
• Next, look for signs of a phishing scam.
• If you see any, report the message.
• Delete the message.

If the answer is yes:

• Contact the company using a phone number or website you know is real.
• Don’t use the contact info in the bait message. Clicking attachments and links can install harmful malware.
• Report the message.
• Delete the message.

If You Think Your System Is Infected…

OK, you couldn’t stop yourself in time. You clicked a link that sent you straight to a cybercrook. Now what?

• If you think a scammer has your information, like your Social Security, credit card information, or bank account number, go to IdentityTheft.gov and take the specific steps based on the information that you lost.
• If you think you clicked on a link or opened an attachment that downloaded harmful software, update your computer’s security software.
• Finally, run a system-wide security scan.

Reporting the Attack to Officials

If you got a phishing email or text message, report it. The information you give can help fight scammers.

• Forward the phishing email to the Anti-Phishing Working Group at [email protected]. 
Or, if you got a phishing text message, forward it to SPAM (7726).
• Report the phishing attack to the FTC at ftc.gov/complaint.

Password Attacks: Getting Illegal Access

Password cracking means recovering passwords from a computer or data that a computer transmits. Password attacks are exploits in which a hacker identifies your password or other sign-in credentials with various programs and password-cracking tools like Aircrack, Cain and Abel, or John the Ripper.

More sophisticated attacks and defenses

They are faking voice data, and video imitation isn’t a future attack tool. They were here in 2019. Hackers used AI and voice technology to impersonate a business owner. A company’s CEO was convinced of the owner’s identity to transfer $243,000 to a hacker.

But security defenses are more robust, too. For example, passwords are stored using a key derivation function (KDF). This method runs a password through a one-way encryption cipher, and a server keeps the encrypted version of the password.

Attack. Defend. Redesign. Repeat.

Think about password attacks as tit-for-tat wars between cybercrooks and IT product designers and engineers.

Security exploits get more effective, so software and hardware are developed to make attackers use more time and resources to penetrate your network. Attackers respond by designing faster, stronger, or more unexpected exploits than their previous efforts.

This scenario has been part of IT security for years and will continue. Here’s a list of the most common password attacks:

• Phishing: Tries to entice you to click on attachments or links that lead to malware
• Man-in-the-middle. Inserts a bad actor into the communications stream of a user and a destination user in a target network.
• Dictionary and other brute force attacks: Uses trial-and-error and high-speed, high-volume data analysis methods to identify passwords or other credential information.
• Keylogging: Enters a network by stealth and captures all data typed on system keyboards.
• Credential stuffing. Tries to gain unauthorized access to user accounts by directing many (often tens of thousands) automated login requests at a web application.

Causes of password attacks.

You can summarize the causes of these attacks in a word: humans, often the weak link in the security chain. In password attacks, human nature expresses itself in several ways.

Poor account password management.

• There are no established password/passphrase policies, or they are enforced in a hit-and-miss fashion.
• There is no password/passphrase update schedule.

Poor account access management

• Too many users have access to specific company assets.

Defending against password attacks

Even if your IT ops involve only a handful of computers and devices, your business is still an attractive target to hackers. Consider a multi-layered approach to defending your work and communications processes. This approach includes setting up:

• Password and network access policies. (Details below)
• Multi-factor authentication. Some security specialists consider the obsolete MFA procedures that use phones and text messages. Forward-looking MFA products now include two- or three-tiered identification options, which combine messaging and biometrics capabilities (fingerprints, facial recognition, voice recognition, and retinal scans).
• Network monitoring equipment and schedule. DIY network monitoring capabilities take in-house IT techs into deep water. Commercial software is available, but without deep knowledge and experience, choosing and installing this equipment should be left to professionals.
• A password attack simulation. Sometimes called a pen test, this valuable method puts your system through its paces by mimicking a password attack.

Yes, setup and monitoring duties require time and effort, perhaps more than you can or want to engage in. Consider hiring a third-party security services provider if you prefer to delegate these tasks.

Making it hard for hackers to enter your system.

As always, you never totally prevent a password attack. But making it too much trouble for hackers to enter your system can help you avoid harm.

The best ways to do this include creating policies for passwords and access to valuable data and sensitive business information.

Password policies require users to create and maintain dependable, safe passwords. These rules are at the top of the security to-do list. They go beyond suggested best practices (although it’s fine to have these, too).

• Adopt passphrases as a standard. Create passphrases instead of passwords. Passphrases are usually harder to crack due to their length. Create a strong passphrase like a password—symbols, numbers, and letters (upper and lower case).
• Require longer, stronger passphrases. Long ago, four-character passwords sufficed. Now, 10 to 16 characters are the new standard for strong passwords and passphrases. Why so long? They make hackers use more resources to get into your system.
• Do not use personal details. say no to passphrases that refer to users’ personal information. That means forget your favorite cat’s name, your mother’s birthday, or your favorite NFL team.
• No duplicate passwords. Ever. Make sharing passwords or using them for more than one account taboo.
• Avoid previously compromised passwords. If you were hacked in the past, get rid of all passwords when the attack occurred. Hackers often come back.
• Use a password manager—and keep it offline. A software password manager or a list of passwords on a Word doc is fine. Just keep the list on a machine that’s not connected to the internet. If the password/passphrase information is connected to the internet, it’s vulnerable to hackers.

We understand if all this effort seems like a bit much for a single-person business or a small professional practice. The secret to IT security success is having clearly defined standards and following them consistently.

Reducing damage of password attacks

If you get hacked, you’re in good company. About 50 percent of smaller businesses share your experience. Remember, when you get hit, act quickly to reduce damage to your IT infrastructure and business relationships: by

Containing the damage immediately.

Reset all passwords and remove any corrupted files. In a serious breach, you might take the entire system offline, isolate part of your network, block website traffic or install temporary firewalls.

Contacting authorities and members of your business network.

If the attack stole sensitive financial information, calls to the FBI and FTC should be on your to-do list.

Contact customers, suppliers, partners, and service providers. Being thorough here will build goodwill along your supply chain.

Insider Threats

When a data breach occurs, the threat—deliberate or accidental—often comes from the inside. An insider threat can be a partner, employee, or contractor inside your organization; or an unpredictable event based on a moment of carelessness.

If you doubt insider threats can touch your practice, think again. The stereotype of an insider threat—a disgruntled employee, leaving with a briefcase filled with sensitive information—is still relevant but less so than previously.

And now, you can add internal threat as a service (ITSaaS) to the mix. You can buy almost anything on the dark web, where you can find organized cells of recruitment infiltrators.

In this scenario, bad actors become trusted employees to be interviewed, entering your workforce and stealing highly valuable IP and other information.

Insider threat early warning signs

Human error, not to mention greed and malice, can always be counted on to expose IP and sensitive business, legal, or financial information to bad actors. Here are six things to watch for:

• An unusual number or types of access requests.
• A user assigns themselves higher access privileges.
• Employees bring USB drives or DVD burners to work.
• Employees send emails to destinations outside those in your business network.
• Someone gets access to the information after hours or when they’re on vacation.
• Employee behavior changes unexpectedly (colleague relationships sour, someone quits suddenly).

Man-in-the-Middle Attacks: Eavesdropping Conversations

In this exploit, hackers intercept communications between a system user and the server the user is trying to reach.

Hackers can steal passwords and other sensitive data or actively alter the information by injecting malware into the communications session.

Avoiding MitM attacks

These attacks are especially relevant to smaller businesses because most man-in-the-middle attacks target organizations without money for expensive cybersecurity solutions.

MitM attacks are preventable. Just remember to:

• Avoid using public Wi-Fi routers. When you access sensitive business information, stay away from free unsecured networks like those at your local coffee shop or library.
• Use a VPN. A virtual private network (VPN) can shield and encrypt the data you send and receive if you use unsecured networks. Check out our VPN recommendations list for more tips.
• Keep software current. Update the latest versions of secure web browsers such as Chrome or Safari and security scanning apps such as WebRoot. Make sure to change all security software settings to update automatically.
• Pay attention to browser alerts. These alerts report that a website you want to enter is not secure. It’s easy to blow them off but remember: They exist to help you avoid becoming an entry point to malware or other malicious software.
• Take precautions to avoid malware and phishing attacks. Software that enables these attacks often provides MitM hackers access to your data and communications. Refer to the “Password Attacks” and “Phishing Attacks” sections in this guide for detailed how-to information.

Distributed Denial of Service Attacks

In a distributed denial-of-service (DDoS) attack, hackers use malware or other cyber tools to make computers or network resources unavailable to their intended users.

When run with hundreds of thousands of bits of malware, DDoS attacks can halt the activity of the largest companies. These attacks can run on their own or with password attacks to deliver more damage to their targets.

Many DDoS attacks target a network layer that controls connections between networks. As attackers send large volumes of junk traffic to your IT infrastructure, your site can become slow or even inaccessible to users. Eventually, your site becomes unusable. Your business and its revenue streams stop.

Recent attack trends

DDoS attacks have grown more powerful and complex over the years and victimize networks of all sizes. Mammoth attacks (2.3 Tbps in February 2020 and up to 1.5 Tbps in 2016) continue to amaze IT security pros.

But smaller attacks are also effective against under-protected internet assets of smaller businesses.

Early warning signs of DDoS attacks

Network traffic monitoring and analysis is the best way to detect and identify a DDoS attack. These symptoms can indicate a DDoS attack in progress:

• Unusually slow network performance when users open files or enter websites.
• A particular website becomes unavailable.
• All websites become unavailable.
• Contact your ISP to confirm whether the service outage is due to an external or in-house network problem.

Understanding the warning signs of network slowdown, intermittent website shutdowns, and loss of other important system functions is important.

These general rules and guidelines apply to all small-office IT operations. However, when you engage in specialized practices, there are more requirements.

Working with Compliance and Liability Requirements

Depending on your specialization, your practice might work with various types of sensitive legal, financial, and healthcare data. Security standards, laws, and regulations protect each type of information.

Law Practices

Each country and U.S. state has its data protection laws and recommendations. Here are compliance tips for U.S. law firms:

• Perform detailed background checks when hiring new employees.
• Identify the location and type of sensitive data you store and handle.
• Encrypt sensitive information at rest and in transit.
• Verify user identities carefully by using multi-functional authentication.
• Minimize the number of users who access sensitive information.
• Install and use an employee monitoring solution.
• Pay special attention to privileged users who access your organization’s critical data and infrastructure.
• Check vendors’ compliance with cybersecurity standards and which vendors get access to your important company assets.
• Write and enforce incident response and threat protection plans.

Standards organizations

Many agencies govern how legal firms gather, store, and handle information. Here are the major entities that guide these activities in the U.S. and European Union:

• American Bar Association developed the Model Rules of Professional Conduct.
• National Institute of Standards and Technology (NIST) established and maintained Special Publication 800-53.
• General Data Protection Regulation (GDPR) guides compliance of companies that operate in the EU or manage the data of EU residents.

More information

These industry acts and standards describe the necessary data protections for specific data types. These include:

• HIPAA for healthcare information.
• PCI DSS for financial and credit card data.
• SOX for accounting and investor information.

Medical Practices

Doctors in medical practices with fewer than 20 employees are often reluctant to spend money on HIPAA security measures. They don’t believe they’re at risk for a data breach. But then, all it takes is a lost laptop, theft of a tablet, or human error to release patient data accidentally. And then, there’s the risk of ransomware or a data breach.

Small businesses are liable to a wide variety of cyberattacks. Here are some hints and pointers to agencies that can guide your practice through the modern age of cyberattacks.

HIPAA Security Rule

The HIPAA Security Rule focuses on securing the creation, use, receipt, and maintenance of electronic personal health information by HIPAA-covered organizations. This rule sets guidelines and standards for the administrative, physical, and technical handling of personal healthcare information.

Healthcare data breaches are very frequent. We published a research piece highlighting the incidence of healthcare data breaches in the US between 2009 and 2019.

Complying with the HIPAA Security Rule

Here’s a list of capabilities that medical practices must be able to show in data audits:

• Educating healthcare staff (general security awareness and knowledge of HIPPA requirements)
• Restricting access to patient data and applications
• Controlling how patient data is used and stored
• Logging and monitoring access- and use-related data
• Encrypting data on mobile devices
• Securing mobile devices
• Reducing the risks of operating Internet of Things (IoT) devices
• Conducting regular data risk assessments
• Using off-site data backup facilities

Standards Organizations

HIPAA: The Health Insurance Portability and Accountability Act is a federal law that aims to make it easier for people to:

• Keep their health insurance when they change jobs.
• Protect the confidentiality and security of healthcare information.
• Help the healthcare industry control its administrative costs.

International Standards Organization: ISO 22301: 2012 is an international standard that provides a best-practice framework for implementing an optimized business continuity management system (BCMS). More ISO standards apply to medical patient data. You can find them here.

Financial Services Practices and Advisors

The Securities and Exchange Commission (SEC) and U.S. state securities regulators are starting to crack down on financial advisors’ cybersecurity practices to ensure that financial services professionals and their firms take cybersecurity seriously. Here are recent changes in compliance-related enforcement activity. The:

• SEC now performs cybersecurity examinations as well as regular inspections.
• SEC now charges firms that fail to keep client data safe.
• Securities Industry and Financial Markets Association work with financial firms and government regulators to simulate real cybersecurity attacks.
• American Institute of Certified Public Accountants has developed cybersecurity certifications such as the Systems and Organization Controls. Similar certification is being developed for financial services firms and advisors.

Establish a formal security framework.

• The National Institute of Standards and Technology (NIST) Cybersecurity Framework describes best practices that cover five core areas of cybersecurity identification: protection, detection, response, and recovery.
• The Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook provides a comprehensive list of security guidelines.

Developing these capabilities should make complying with GLBA, PCI DSS, and SOX standards easier.

Strengthen your employees’ security knowledge.

Most malware attacks succeed by using online social engineering schemes that manipulate unsuspecting users, opening the door wide for hackers. To prevent this scenario:

• Teach users to attack identification techniques and other security best practices.
• Set up and enforce rules for using password managers and logging out of devices before leaving them unattended.

Perform continuous threat monitoring.

Recognize patterns of vulnerability. For example, the RSA 2020 State of Security Operations report revealed that 35% of threats were detected between 8 p.m. and 8. a.m.

Discover, assess, and manage vulnerabilities.

With the average organization deploying 129 apps, there are ample opportunities for bad actors to find weaknesses in your I.T. infrastructure. No organization can address all vulnerabilities. That’s where vulnerability assessments come in. They help you:

• Understand what’s going on throughout your I.T. infrastructure, including software and systems that have weaknesses.
• Prioritize the highest-value vulnerabilities so that you can fix them first.
• Monitor and scan your system for vulnerabilities regularly and consistently.

Manage third-party risks.

Financial services businesses rely on many types of vendors, suppliers, and partners who can expose your business to trouble. Across all sectors, Ponemon Institute found that 59 percent of those surveyed said they’ve experienced a breach due to a third party.

Yet only about a third kept an inventory of their third parties, and even fewer—16 percent—said they effectively mitigated the risks. Protect your network by:

• Establishing and verifying the security practices of your vendors and partners.
• Using SLAs requires business associates to maintain security best practices.
• Segmenting your network and limiting third-party access to critical information assets.
• Using a threat detection and response solution to monitor your network for odd behavior.

Devise an incident response plans

You should have well-defined methods to find and use quickly to quarantine, block, or eliminate malicious network traffic. If you don’t have them, you should. Your effort needn’t be a burden. Just create a document that provides answers to questions about everyone in your business network:

• Whose job is it to inform clients, partners, suppliers, and employees if an attack affects their operations?
• If data has been lost, who and what should be done to recover it? 
Or, if you have an MSP, whom should you contact?

Answering these and other questions ahead of time can reduce post-attack confusion and pave a smoother path to recovery.

Standards organizations

These sources provide background information about regulations that affect day-to-day cybersecurity operations and how to set up your security compliance system:

• SEC Cybersecurity Requirements
• Sarbanes-Oxley
• PCI DSS
• Bank Secrecy Act
• Financial-Industry-Regulatory-Authority (FINRA)

As you can see, recent changes in cyberattack tactics and targets put your business in the crosshairs of actors who will try to do you harm.

Protecting yourself from these groups will require more time, effort, and money than before. But remember, your potential savings of time, money, and perhaps your reputation will be larger.

Summary and Conclusions

In the tit-for-tat cybersecurity war, the bad guys are still ahead, but by less than before. Even in a one-computer office, the risk is real and won’t disappear. The best that you can do is:

• Never assume your business is too small to interest hackers.
• Be ready to invest more time, effort, and money into security measures than you have previously.
• Be thorough in reviewing your system for vulnerabilities.
• Be consistent. Patching software and monitoring your system requires regular attention.
• Consider engaging a managed services provider specializing in cybersecurity. They would take care of most of the tasks mentioned in this guide.