When it comes to cyberattacks, the targets are typically the behemoth companies and organizations you read about in the news. But according to IBM, small and mid-sized businesses are the target of 62 per cent of all cyberattacks – which equals about 4,000 attacks per day. The reason? They are an easy target.
Can your company or clients be under attack?
We hear a new story about cyberattacks almost every day. A business gets hacked — allowing sensitive proprietary and customer data to be accessed and compromised. The list of the world’s biggest data breaches is littered with recognizable names, including Anthem, JP Morgan Chase, and Target.
But don’t think for a second that hackers only target large organizations. In fact, small businesses are often just what hackers are looking for. Why? The main reason is that small businesses often have inadequate online security, and with sensitive data housed in the cloud they become an easier victim.
A quick night’s work for a hacker can mean disaster for your business. According to a report by the U.S. National Cyber Security Alliance, 60 percent of small businesses that suffer a cyberattack are out of business within six months.
Nobody will protect your business except you
Banks and the government haven’t done much to assist small businesses with hackers and data breaches. The recently introduced MAIN STREET Cybersecurity Act in the United States will help small businesses protect their digital assets from cyber threats, but it’s far from a silver bullet. Businesses of all shapes and sizes need to start taking data security seriously — proactively and with full accountability.
Now is the time to put together a solid security plan.
Don’t just go with the first solution you find. Instead, take the time to find the approach that fits your business, customers and industry. There is no one-size-fits-all solution. More importantly, don’t leave data security to just the IT staff. Get everyone involved — including your managers and all levels of employees. Train each of them on protection measures and show them how to stay compliant. For example, teaching employees to avoid opening suspicious email attachments can be a safeguard against malware that could easily creep into your network.
If your workforce is highly mobile, you may want to consider the rules around any bring your own device (BYOD) program you may have in place. Security Magazine explains how a BYOD program, whether formally in place or not, could create unintentional risk within the organization — simply based on the lack of awareness of such programs. The publication states that, “17.7 percent of survey respondents who bring their own devices to work claim that their employer’s IT department has no idea about this behavior, and 28.4 percent of IT departments actively ignore BYOD behavior.”
Once you start protecting your company, you must take the next steps to stay safe.
Obtain cybersecurity insurance, create a strong password strategy for your users, and utilize virtual data rooms (VDR). For in-house IT departments and office managers, it’s important to upgrade your tech as well. Start with this list of five tools and services your small businesses can use to protect against cyberattacks.
Taking cybersecurity to the next level
Want to dig deeper? Consider employing an ethical hacker — a cybersecurity expert who works within your company to locate weaknesses and vulnerabilities by duplicating the intent and actions of hackers.
Also talk to a company that specializes in cybersecurity protection. Many of these businesses will offer free vulnerability assessments to give you an idea of where your weaknesses may lie. They’ll also explain how they can help you manage those threats. If you don’t currently have an in-house IT team, outsourcing the work could be an efficient option.
As if all that wasn’t enough, here’s one more thing to consider. When crafting a data security policy, make sure you’re actually protecting data privacy by including the following nine elements in your policy, as detailed once again by Security Magazine. It’s crucial to consider your policy from all angles – after all, your data can make or break your business.
|1||Ensure Data Security Accountability||All IT staff, workforce and management must be aware of their responsibilities.|
|2||Create Policies that Govern Network Services||How to handle remote access, IP addresses, routers and network intrusion detection.|
|3||Scan for Vulnerabilities||Have a routine in place for checking your own networks regularly for hacking vulnerabilities.|
|4||Manage Patches||Implement code to eliminate vulnerabilities that can help to protect against threats.|
|5||Create System Data Security Policies||Rules around company servers, firewalls, databases and antivirus software.|
|6||Have a Response Plan for Incidents||If a security breach occurs, have measures for handling the issue along with evaluation and reporting.|
|7||Educate Staff on Acceptable Use||Employees should understand and sign an acceptable use policy, which includes disciplinary action.|
|8||Monitoring Compliance||Regular audits to ensure staff and management are complying with the data security policy.|
|9||Account Monitoring and Control||Designate someone to monitor and control users, and keep track of active and inactive user accounts.|
It seems like a lot, but it can be done. More importantly, it must be done. When it comes to today’s advanced hackers, organizations must be prepared for when — not if — they will have a data breach. Taking small steps now will ensure you’re not facing bigger problems down the road.