In this age of technology, it’s
common for businesses to want to carve out a niche for themselves in
cyberspace. As businesses move online, cyber criminals follow and target them.
A business is more vulnerable to malicious cyber-attacks that could serious consequences
if it is still using outdated cybersecurity strategies. Cybersecurity is
serious business and it is high time every serious minded business steps up its
game, adopts cybersecurity best practices.
Urgency Need for Robust Cyber
Security Strategies
When you run a small business,
you might feel less targeted by cyber criminals. But nothing could be further
from the truth. In reality, small and medium-sized businesses are much
more prone to attack than large corporations.
Cyber criminals aren’t
necessarily hunting for large firms. What they want is easy access and valuable
data. “It is the data that makes a business attractive, not the size —
especially if it is delicious data, such as lots of customer contact info,
credit card data, health data, or valuable intellectual property,” says Jody
Westby, CEO of Global Cyber Risk.
Unfortunately, many small
business owners (SBOs) don’t recognize this and have cut their security
spending. According to PwC’s Global State of Information Security Survey 2015,
firms with annual revenues of less than $100 million cut security spending by
roughly 20 percent in 2014, while those above that level increased security
investments by 5 percent.
The unfortunate result of these
cuts is that the majority of small businesses will be victimized at some point
in the future. According to Timothy Francis, a leader in the cyber insurance
field, 62 percent of cyber-breach victims are small and medium-sized businesses.
The cost of an individual
attack can range from a few hundred to a few million dollars. That’s enough to
put many companies out of business.
Cyber insurance can offset some
of these costs, but it does very little to protect against the initial breach.
What small businesses really need are better cyber security strategies. And
until owners band together to increase security, they’ll continue to be easy
targets.
Six Tips for Protecting Your
Small Business
Every firm is unique. Your
needs may be dramatically different from those of your closest competitor.
Given that, here are a handful of cyber security strategies and tips that
virtually any business should consider for better security.
1. Implement Secure
Communication Methods
The biggest threat facing your
business is unsecure communication. Many companies still choose to transmit
information via relatively unsecure channels such as email or direct mail.
In order to mitigate risk —
especially if you’re bound by compliance mandates like HIPAA — you need to
invest in more secure forms of communication. Here’s a tip that may surprise
you: Did you know that fax is the most secure form of communication in the
business world?
“When a document is sent by fax
it’s converted into binary code (1s and 0s), sent over the telephone network
and then reassembled at the other end,” says Karol Waldron of XMedius, a leader
in enterprise-grade fax solutions. “Hacking into the telephone network would
require direct manual access to the telephone line, and even if a file were
intercepted it would present itself as nothing but noise, making it virtually
impossible to interpret/read.”
In addition to using fax, you
should also review your company’s approach to mobile communications. If your
staff uses mobile devices for work purposes, there need to be restrictions on
the information devices can access, rules on whether devices can be taken home,
and clear guidelines for when IT departments can wipe a device clean.
2. Create a Sophisticated
Password Strategy
Believe it or not, a lot of
cyber security attacks succeed because passwords are too simple. Hackers
have access to technologies that enable them to take encrypted passwords and
crack them. Some call this “brute forcing.”
“Brute force is about
overpowering the computer’s defenses by using repetition,” tech expert
Paul Gil explains. “In the case of password hacking, dictionary attacks involve
dictionary software that recombines English dictionary words with thousands of
varying combinations.”
This is the sort of stuff you
see in the movies, where the hacker cracks one letter at a time using thousands
of variations per minute. You can’t prevent 100 percent of password threats,
you can make it much harder for hackers and reduce the chances of being
compromised.
It all starts with creating a
sophisticated password strategy. Here are a few things to know:
Employees should be required to
create passwords with combinations of uppercase and lowercase letters, numbers,
and symbols. Furthermore, passwords should be reset every few
weeks.Administrative accounts should use even more complex passwords. Never set
simple passwords like “Password01” or “Admin123.” Hackers frequently try these
overused codes.Implement actual consequences for employees who don’t follow
password rules and regularly conduct audits. Employees need to know you take
password strength and integrity seriously.
Even when you follow techniques
such as these, you won’t be 100 percent protected. Make sure you have the
ability to revoke a user’s access and permissions at any time. This empowers
you to respond swiftly should an account become compromised.
3. Use a Secure Backup Plan
You should already have a
secure backup plan, but go ahead and review the details. Many cyber criminals
use a tactic known as “cyber blackmail” when they attack a small business.
They’ll hold some of your
valuable data hostage and demand a ransom in return. If you have an adequate
backup plan, you’ll have much more leverage in this situation.
With a secure backup plan, your
data should be saved and stored in multiple locations. Ideally, one of these is
a cloud solution that’s independent of any physical hardware in your office.
This won’t automatically
prevent data from being compromised, but it does ensure you never lose your
access to it.
4. Be Aware of Internal Threats
Did you know that 31.5
percent of attacks are carried out by malicious company insiders, and 23.5
percent of attacks are conducted by inadvertent actors (that is, people who
pretend they’re unaware of what they’re doing)? This means 55 percent of all
attacks come from the inside.
Protecting your business is as
much about fortifying your company walls as it is about strengthening
internal protocol. By increasing authorization requirements and keeping a
watchful eye on any employee with access to secured data, you should be able to
prevent data leaks before they happen.
It’s easy to feel guilty about
watching employees or questioning their motives, but you owe it to your
business and customers to be on the lookout for attacks … even on the inside.
5. Designate a Point Person
The obstacle for small
businesses is a lack of resources. SBOs will say things like, “We can’t afford
to hire a full-time IT person.” Or maybe: “Our IT person has so much to do, we
can’t throw another thing on his plate.”
These are valid claims, but you
need to find ways around them. Cyber security strategies are not optional, they
needs to be regarded as a core activity. What do you do when your business has
a need in a core area? You find a way to satisfy the need.
However it works for your
business, find and designate a point person to oversee your cyber security
efforts. Even if employees are wearing multiple hats and handling a variety of
responsibilities, it needs to be someone’s job to focus on security.
“Your point person has three
primary responsibilities: to stay informed of major news and changes in digital
security, to know the basic requirements for your business to function securely
and efficiently, and to ensure that those requirements are put in place and
kept updated,” says consultant Ty Kiisel.
“This doesn’t mean that the
person in charge needs to personally do all the work, but that he or she needs
to find the right services or professionals who can do the necessary updates and
improvements.”
6. Thoroughly Educate Employees
Aside from the point person,
the rest of your employees need to be educated about cyber security strategies
and their importance. In order to stay secure and avoid attacks, everyone has
to be on the same page.
As Kiisel says, “The more
informed your employees are, the better they will be at protecting the data
that is vulnerable and crucial part of your business.”
There are a number of ways you
can educate employees. Start by developing a training program. Employees should
be required to participate in some sort of regular training each month. This
can be as informal as reviewing industry websites and reading articles, or as
formal as purchasing a program with a professionally developed curriculum.
Figure out what works for your
business and go from there.
Be Proactive! Don’t Wait Until
You’re Attacked
The time to develop a cybersecurity
strategy is now. If you wait until after you’ve been attacked, you could end up
spending hundreds of thousands, even millions, of dollars to recover. Think
about the above tips and work on developing a company-specific strategy that
will enable your business to operate without the threat of an attack.
There are many different
approaches, but the important thing is that you take action. Now is not the
time for indecisiveness or passivity.
Written by:
Larry Alton
An independent business
consultant specializing in social media trends, business, and entrepreneurship.
Culed from: smallbiztrends
Agree, getting cyber insurance can cover the loss of the company but you still need to implement different precautions to avoid any cyber attacks.
ReplyDelete