Cyber Security Best Practices For Small To Medium-Size Business
It’s down right ‘IGNORANT’ to think that because you have a small business, cyberattacks will seldom happen with your company and often this leads you in a situation where you end up paying substantial cost of ignorance for trivializing an important piece of your business. The “who will steal from us” Mindset is very common to see with small and medium scale business owners when it comes to Cyber Security, but it is also completely inaccurate and non-aligned with today’s Cyber Security Best Practices.
Bloomberg stated recently that 66% of SMBs globally reported a cyberattack within the past 12 months and this information is as recent as Oct 2019. Guess what – According to an article in Forbes there were 2,216 data breaches and more than 53,000 cybersecurity incidents reported in 65 Countries in the 12 Months ending in March 2018. IT Security in 2019 is no longer going to be simply about protecting sensitive data and keeping hackers out of our systems. In this day and age of big data and artificial intelligence—where cooperation on data can lead to enormous business opportunities and scientific and medical breakthroughs—security is also going have to focus on enabling organizations to leverage, collaborate on and monetize their data without being exposed to privacy breaches, giving up their intellectual property or having their data misused.
But why are small businesses attacked more often than larger businesses? Almost all cyber-attacks are to obtain personal data to use in credit card or identify theft. While larger enterprises typically have more data to steal, small businesses have less secure networks, making it easier to breach the network. Today’s interconnected business ecosystem requires a shift from reactive security that focuses on prevention and controls to a risk-based approach that prioritizes an organization’s most valuable assets and its most relevant threats in a proactive manner.
CSO.com by IDG’s article “Why criminals pick on small businesses” says that by using automated attacks, cybercriminals can breach thousands or more small businesses, making the size less of an issue than the network security. The CSO.com article says that lack of time, budget and expertise for proper security is a top reason for the high rate of SMB attacks. Other essential reasons include not having an IT security specialist, not being aware of the risk, lack of employee training, not updating security programs and low priority given for security protocols from gate to source of data. How can your business avoid being an easy victim of a cyber-attack? Here are some Crucial Cyber Security Best Practices for business which you can try to adopt Today.
1. Leveraging the Firewall
One of the first lines of shields to defend in a cyber-attack is a firewall. All SMBs set up a firewall to provide a barrier between your data and cybercriminals. In addition to the standard external firewall, many companies are starting to install internal firewalls to provide additional layer of protection. It’s also important that employees working from home install a firewall on their home network as well to secure the most unexpected entry point. Consider providing firewall software and support for home networks to ensure security compliance.
2. Documented Approach of Cyber Security Policies
While small businesses often operate by word of mouth and intuitional knowledge, cyber security is one area where it is essential to Document your Line of Defence. There are several Cyber Security portals which provide online training, checklists, and information specific to protect business interests.
3. Armouring the Mobile Devices
The BYOD market is on course to hit almost $367 billion by 2022, up from just $30 billion in 2014. It is quintessential that companies have a documented BYOD Policy that focuses on security protocols. With the increasing popularity of wearables, such as smart watches and fitness trackers with wireless capability, it is essential to include these devices in a policy. As per an article in Forbes – 60% workforce uses a smartphone for work purposes while 31% desire one which is bound to increase year after year to yield business productivity.
4. Converting Cybersecurity-Fiction to Security-fication – IT Security Education to all Employees
Employees often wear many hats at SMBs, making it essential that all employees accessing the network be trained on your company’s network cyber security best practices and security policies. Since the policies are evolving as cybercriminals become savvier, it’s essential to have regular updates on New Security Protocols.
To hold employees accountable, have each employee sign a document stating that they have been informed of the policies and understand that actions may be taken if they do not follow security policies. Organizations could also adopt a Cyber Security Awareness LMS Module within the organization to get a greater reach at an essential and effective pace.
5. Enable and Encourage Safe Password Practices
Indeed, employees find changing passwords to be a pain- Who doesn’t? The first 6 months of 2019 saw 3813 data breaches – The number increased by 54% compared to the same period of last year, which exposed over 4.1 billion records. Almost half of the data breaches (43%) impacted small businesses and 33% were linked to social engineering attacks (2019 Verizon’s Data Breach Investigations Report) The cost of data breaches will increase up to $2.1 Trillion Globally by end of 2019 (Juniper Research). In today’s BYOD world, it’s essential that all employee devices accessing the company network be password protected.
As per SOP the recommendations for an ideal password combination is that employees need to use passwords with upper- and lowercase letters, numbers and symbols. SMBs should require all passwords to be changed every 60 to 90 days and this is not just restricted to SMBs – if you know what I mean.
6. Systematically and Periodically Backing-Up All Data
Whilst it’s important to prevent as many attacks as possible, it is still possible to be breached regardless of your precautions. It’s truly crucial to back-up word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files to avoid unforeseen as well as undesired incidences. One needs to be sure to also back up all data stored on the cloud, making sure that backups are stored in a separate location in case of fire or flood as a plan for disaster recovery. To ensure that you will have the latest backup if you ever need it, check your backup regularly to ensure that it is functioning correctly – As Out Of Sight Could be Out Of Mind and Out In The Blind Too.
7. Adopt Anti-Malware Software
It’s easy to assume that your employees know to never open phishing emails. Since phishing attacks involve installing malware on the employee’s computer when the link is clicked, it’s essential to have anti-malware software installed on all devices and the network. Here are Phishing Facts: 70% of breaches associated with a nation-state or state-affiliated actors involved phishing. 71.4% of targeted attacks involved the use of spear-phishing emails. 93% of social attacks were phishing related. 82% of manufacturers have experienced a phishing attack in the past year. Almost half of all phishing attacks registered in 2016 were aimed at stealing victim’s money. NEED I SAY MORE. Driving awareness about it is the first step towards avoiding ‘Cost Of Ignorance’.
8. Make Multi-factor Authentication A Priority
Irrespective of any form of preparation, an employee in all likelihood; can make a security mistake that can compromise your data. A recent study has reported that 80% of security breaches could have been prevented through Two Factor Authentication. This has made multi-factor authentication a priority for many companies in their IT departments in 2019. Although a lot of companies have already made the change. Gmail, PayPal, and Drop Box have already made the switch to MFA being a standard feature for access. It was reported in January of last year that 90% of Google users did not use the MFA option available to them. It is always an option to make it mandatory for users to use the MFA method. Passcode, Password, Challenge / Response, Magnetic Stripe Cards, Card Security Codes, Smart Cards, Security Token, Biometrics are some of the varied methods of Multifactor Authentication. Security is a moving target. The cyber criminals get more advanced every day.In order to protect your data as much as possible, it’s essential that each and every employee as well as organizations in general, make Cyber Security a Top Priority.