How to Prepare Your Business for a Cyber Attack

Don’t let an online security incident take your business offline for good. We tell you how taking precautionary steps now can save you from future catastrophes.

In the medical field, they say an ounce of prevention is worth a pound of cure, and that’s also the case for cybersecurity. In that vein, if you own a business or you are in charge of a corporation’s website, what are you doing right now to protect against future online attacks? Recently, the White House warned Russia is exploring attacks on critical US infrastructure, including businesses.

Be Prepared for the Worst

Deploying a security suite after an attack is a front-line effort to mitigate some of the damage from bad actors targeting web-based businesses. However, when it comes to online security, reactive solutions may not be enough. As PCMag’s Neil McAllister recently noted in an article about preparing for cyberattacks in light of the Russian invasion of Ukraine, business owners also need to have a proactive plan in place to keep their operations online and prevent data loss. Vintage IT Services can help you implement the appropriate security tools to minimize risk of ransomware and cyberattacks.

Josh Koenig is the chief strategy officer for Pantheon, a web operations platform for Drupal and WordPress websites. Kim Kay with PC Magazine interviewed him recently about how businesses that maintain a website presence can better prepare to deal with the inevitability of a cyberattack.

Kim Key: What are the cybersecurity threats companies are facing?

Josh Koenig: Increasingly, people need to worry about phishing scams and ransomware. A smart attacker will say, “I could make your website homepage very embarrassing for you now, but if you pay me these bitcoins, I won’t have to do that.”

People compromise websites and use it as a way to start compromising other websites by distributing more malware. I’ve even seen things where people will compromise a website and they’ll put in a JavaScript tag that would normally be used to load an ad for something. But it loads a highly inefficient yet still functional Bitcoin miner that starts running in every end user’s browser to try to get the attacker a fractional bitcoin.

KK: Are small businesses just as much of a target as larger ones?

JK: The vast majority of compromises that occur are not directed. They’re automated. It’s not actually with the intent of getting any particular benefit out of the small business. They’re just using that as a way to attack other websites. They’re not going to go and ransom a pet shop, but they are going to try to put malware on everybody that visits the pet shop and then use that to get others. So in that sense, small business websites and personal websites, they’re under threat from all this automated activity just the same as the big sites are, and you see that the big sites sometimes fall prey to this stuff, too.

KK: What forms of cybersecurity software should companies invest in?

JK: Thinking about it from a website perspective, a modern, high-quality content distribution network that includes a bunch of the smart security stuff out of the box is a table stakes thing, but you’d be surprised how many people just don’t have that. That’s the way to head off random denial of service attacks and random malware probes. Vintage IT Services has cyber security tools grouped into all of our services offerings to ensure all of our clients have extra layers of protection against “bad actors” and cyber security attacks.

It’s really about building around single sign-on systems that have very strong two-factor authentication. So it’s no longer that there are passwords for your website.

KK: What can businesses do to prepare themselves for a cyber attack scenario?

JK: Part of security is having the agility to respond when something does happen and having more automation around how you manage the website. You want to think about installing antivirus and having device management.

If you do the right things and can orient your mindset around resiliency and responsiveness versus trying to be impervious or have zero risk, there is a happy world out there for you. You don’t need to be afraid. I think there’s a kind of confidence that comes from acknowledging that nothing is going to be a hundred percent, but we know what to do when something goes wrong.