The recent, high-profile breach by the Chinese group Salt Typhoon targeted major telecommunications providers. But that doesn’t mean small and mid-size businesses are safe. If you use the internet, a carrier, or email—you’re at risk, too.
- 60% of small businesses experience a cyberattack each year.
- 43% of cyberattacks specifically target small businesses.
- 35% of SMBs in the telecom sector have reported attempts or successful unauthorized access to their communication systems, according to the same report.
You can take steps to safeguard your business’ IT and phone systems, though. Every step reduces your risk and the potential impact of a breach and business interruption.
What happened in the Salt Typhoon Breach?
According to the FBI and other government sources, the Chinese hacking group Salt Typhoon breached several major U.S. telecommunications providers, including Verizon, AT&T, and Lumen Technologies. The cyber-espionage campaign’s goal was to access communications interception systems used for crime investigations—risking national security and business operations. As worrisome, Reuters reported that a large number of American’s metadata has been stolen. And the hack is ongoing.
Could your business be a target of an attack like Salt Typhoon?
Possibly. Even smaller businesses can have information that cybercriminals crave. To assess your potential as a cybercrime target, consider:
- The Type of Data You Hold: Do you handle sensitive customer information, financial data, or intellectual property?
- Your Industry: Are you in a sector that is frequently targeted, such as healthcare, finance, or telecommunications? Did you know that 79% of healthcare organizations experienced at least one data breach? And the finance sector reported a 40% increase in ransomware incidents in 2023.
- Your Network Exposure: Do you have devices or services exposed to the internet? Most businesses do.
- How Easy a Target You Are: Have you implemented training and protections to keep your systems and employees secure? If not, you’re open to easier attack.
Essential Cybersecurity Practices for SMBs
Just the term “cybersecurity” can sound intimidating. It doesn’t have to be overwhelming, though. Let’s look at five steps you can take to significantly improve your business’s security.
1. Patch and Upgrade Devices Promptly
Why It Matters: Vulnerabilities in software and hardware are low-hanging fruit for cybercriminals. It’s like leaving your front door open or at least unlocked. Close those doors by regularly patching and updating your devices.
Action Steps:
- Automate Updates: Turn on automatic updates for your operating systems and applications. That way, you’ll receive the latest security patches.
- Conduct Regular Maintenance: Schedule routine maintenance checks to make sure all devices, including routers and VoIP systems, are up to date. Yes, it’s a pain and it takes time—but it’s better than the pain and downtime of a breach.
- Subscribe to Vendor Notifications: Subscribe to alerts from your device and software vendors, so you can stay informed about new patches and updates.
2. Disable Unused, Unauthenticated, or Unencrypted Protocols
Why It Matters: Unused or insecure protocols can serve as entry points for attackers. Disabling these reduces the potential attack surface. (Protocols are the set of rules and standards that devices use to communicate with each other over a network. Like FTP, RDP, or NetBIOS.)
Action Steps:
- Audit Your Systems: Identify all actively used protocols on your network and determine which ones are needed for your operations.
- Disable Unnecessary Protocols: Turn off protocols that aren’t in use, such as older versions of FTP or Telnet.
- Ensure Encryption: For protocols that are active, make sure they’re encrypted and that they require authentication to prevent unauthorized access.
3. Limit Management Connections and Privileged Accounts
Why It Matters: Privileged accounts, like administrator accounts or IT support accounts, have elevated access to your systems. They can do more and therefore do more damage. Limit these accounts to minimize the risk of unauthorized changes or access.
Action Steps:
- Role-Based Access Control (RBAC): Assign access rights based on job roles, so that employees have only the permissions they need.
- Multi-Factor Authentication (MFA): Implement MFA for all privileged accounts to add an extra layer of security.
- Restrict Access Points: Limit access to management systems (the ones used to manage your IT and telecommunications infrastructure) to only trusted IP addresses or secure VPNs.
4. Use and Store Passwords Securely
Why It Matters: Weak or compromised passwords are one of the most common ways for attackers to gain access. Secure those passwords!
Action Steps:
- Implement Strong Password Policies: Require employees and contractors to use complex passwords that include a mix of letters, numbers, and special characters. Enforce regular password changes.
- Use Password Managers: Use password managers to store and manage credentials securely, so they are harder to steal.
- Train Employees: Train your staff on the importance of not sharing passwords and in how to recognize phishing attempts aimed at stealing credentials.
5. Use Only Strong Cryptography
Why It Matters: Strong encryption protects your data from being intercepted or tampered with during transmission and storage. In fact, after the Salt Typhoon breach, experts are recommending that people use encrypted platforms like Signal for messaging.
Action Steps:
- Adopt Robust Encryption Standards: Use industry-standard encryption protocols like AES-256 for data at rest and TLS for data in transit.
- Regularly Update Cryptographic Practices: Stay informed about the latest encryption standards and replace outdated or vulnerable algorithms.
- Secure Key Management: Make sure encryption keys are stored securely and are accessible only to authorized people.
Don’t Ignore Your Telecom Systems
The Salt Typhoon breach attacked carriers. Telecom is increasingly a target. So, in addition to implementing the above cybersecurity practices, consider leveraging a secure telecom platform such as 8×8. BlackPoint IT works with providers like 8×8 because these platforms come with built-in data protection, multi-factor authentication, and compliance to key industry standards like PCI, HIPAA, SOC2 Type 2, and more.
Consider Using One IT and Telecom Provider
You might consider consolidating your IT and telecom services with a single provider. Doing so offers several advantages:
Simplified Management: Managing both IT and telecom services through one provider simplifies your operations. It makes it easier to implement and monitor security measures across all systems.
Cost Efficiency: Bundling your IT and telecom services can reduce costs by eliminating the need for multiple vendors and streamlining your service agreements.
Reliable Support: Don’t you hate getting the run-around when there’s a problem. The Telecom provider says it’s the IT provider’s fault. The IT provider says it’s the Telcom provider’s issue. Sometimes, the problem lies with both and requires coordination.
Having a single provider for both IT and telecom ensures that you receive consistent support and expertise, so you can get issues addressed promptly.
Scalability: As your business grows, one provider helps you scale your secure telecom platform and your IT systems together, providing the flexibility to add or modify services without compromising security.
Additional Protective Measures
You have the basic steps to help secure your business. If you want to go beyond the essentials, here are some other steps you can take.
Enhance Visibility and Monitoring
Why It Matters: Increased visibility into activities on your networks helps detect issues early—and allow for swift intervention.
Action Steps:
- Implement Logging: Ensure that all configuration changes and management connections are logged.
- Set Up Real-Time Alerts: Set up alerts for any unexpected or unauthorized activities.
- Use Security Information and Event Management (SIEM): Use SIEM tools to aggregate and analyze logs, identifying potential threats quickly.
Monitor Traffic Even from Trusted Partners
Why It Matters: Even trusted partners can be vectors for attack. Monitoring their traffic ensures that compromised connections don’t jeopardize your network.
Action Steps:
- Segment Networks: Isolate partner traffic from your internal network to limit the impact of any potential breaches.
- Use Deep Packet Inspection (DPI): Use DPI tools to scrutinize the actual contents of data packets coming from your partners and notify you of issues, thus ensuring they are free from malicious content.
Build a Security-Aware Culture
Human error is often a factor in cybersecurity breaches. Foster a security-aware culture within your organization to reduce the risk of inadvertent compromises.
Why It Matters: Well-informed and diligent employees are the first line of defense against cyber threats. Training them to recognize and respond to potential threats can prevent many attacks.
Action Steps:
- Regular Training Sessions: Conduct periodic training on cybersecurity best practices, including how to identify phishing emails and other social engineering tactics.
- Security Policies: Develop and enforce clear security policies that outline acceptable use of company resources and the steps to take in case of a suspected breach.
- Encourage Reporting: Create a culture where employees feel comfortable reporting suspicious activities without fear of repercussions.
Partnering with a Managed Service Provider (MSP)
It sounds like a lot. For many SMBs, managing IT and telecom security in-house can be challenging due to limited resources and expertise. If this sounds familiar, consider partnering with a Managed Service Provider (MSP) like BlackPoint IT Services.
Comprehensive Security Management
An MSP can handle all aspects of your cybersecurity, from implementing protective measures to monitoring and responding to threats, allowing you to focus on your core business operations.
For example, BlackPoint IT provides annual advanced security assessments and does an assessment within 60 days of onboarding. We also offer Pen (Penetration) Testing to further protect our clients.
Expertise and Experience
MSPs bring specialized knowledge and experience in cybersecurity, ensuring that your systems are protected with the latest technologies and best practices.
Cost-Effective Solutions
Outsourcing your IT and telecom security to an MSP can be more cost-effective than hiring full-time staff, providing you with access to expert services without the high overhead costs.
Proactive Threat Management
MSPs continuously monitor your systems for potential threats, addressing vulnerabilities before they can be exploited by cybercriminals. For example, BlackPoint IT’s Advanced Security offering provides continuous monitoring backed by a Security Operations center.
Conclusion
The Salt Typhoon breach serves as a stark reminder of the evolving cyber threats facing businesses today. For small and mid-size businesses, implementing robust cybersecurity measures is essential to protect your IT and phone systems from potential attacks. By following best practices such as patching devices promptly, disabling unnecessary protocols, limiting privileged accounts, securing passwords, and using strong cryptography, you can significantly enhance your security posture.
Additionally, leveraging a secure telecom platform like 8×8 and partnering with a Managed Service Provider can provide comprehensive protection, simplified management, and peace of mind.
Don’t wait until a cyberattack disrupts your operations—take proactive steps today to safeguard your business’s future.