By Stephen Coty
Just like Fortune 100 companies and other large enterprises, small businesses face a constant threat of cyber-attacks and data breaches from hackers all around the world. According to a 2014-2018 forecast report by the IDC research group, 71 percent of all security breaches target small business.
The misconception that cyber attackers only go after large organizations to net bigger monetary gains or to steal more sensitive data—such as intellectual property or competitive trade secrets—is simply untrue. Cyber-attacks don't cost very much, so compromising any organization or individual typically results in profit. Moreover, cyber attackers usually go after computing systems they know well, so often times it’s more about compromising a particular technology rather than targeting a specific person or entity.
Top 5 Cybersecurity Tips
As hackers get smarter and the rate of cyber threats increases, small business owners must arm themselves with solid security strategies and employ basic security fundamentals. Here are five steps that you can take to keep your small business data, employees, and customers safe.
1. Consider a Products and Services Approach to Security
Many companies, both large and small, find that the best way to ensure the safety and security of their IT infrastructure is to outsource their security operations—either completely or in part—to a third-party security vendor.
A recent study on cloud security—conducted by Forrester Consulting and commissioned by Alert Logic—found that nearly 80 percent of participants saw value in outside security expertise to supplement their security operations. Market-leading security technologies are critical but the best approach to keeping sensitive data—both yours and your customers'—secure, involves a "products and services" approach. This combines cybersecurity technologies with 24x7 security-monitoring by a team of security and compliance experts.
2. Make Systems Upkeep Your Number 1 Priority
Have you ever heard the phrase, upkeep is cheaper than replacement? This adage applies closely to cybersecurity. One of the most important things you can do is continually update your small business IT systems, perform routine maintenance, and ensure they’re "clean." Regularly performing software updates on company devices and continually patching any discovered vulnerabilities can stop or significantly lessen many basic cyber threats.
3. Secure Applications and the Network
It is essential that small businesses continually monitor their network traffic for anomalies like suspicious IP addresses or unauthorized file transfers. Once IT admins identify them, they can add these anomalies to a block list that prevents them from accessing the network. Also, secure all yourweb platforms by setting up web application firewalls (WAFs) to HTTP conversations. This lets IT administrators easily identify and block common online attacks such as cross-site scripting (XSS) and SQL injections.
When a hacker tries to exploit web platforms or as your firewall identifies intrusion attempts, the WAF immediately alerts the IT admin, making it much harder for cyber attackers to access the applications that your business uses regularly.
4. Back Up Your Systems
Ransomware—when hackers use a virus to encrypt your computer files and hold them hostage until you pay a ransom amount—remains ones of the top security threats. It's such a concern for businesses that the FBI released a warning back in January 2015. In some cases, even when you pay the ransom, important files remain locked and lost forever. Different versions pop up every day, and even companies with strong cybersecurity programs can fall prey to these schemes.
As ransomware becomes the weapon of choice for cyber-criminals, small businesses must frequently back up their systems and all of the precious data within them. Whether you store your company data in the cloud, on-premises, or in a hybrid data center, you need to back up your files to hard drives and secure it in a safe place. Many businesses find the cloud helpful for that purpose, because it allows instant back-up and fundamental security protection.
5. Train Your Employees to Be Security Smart
Human error remains one of the biggest threats to a businesses’ cybersecurity. Each and every staff member needs to know about the security program and to receive quarterly security briefs and trainings. Along with keeping your employees up-to-date on the larger security program, you must also remind workers of the basic precautions they can take to protect themselves and their digital assets, both at work and at home. For example, passphrases are much harder for hackers to correctly guess than a password.
Small businesses, unlike larger organizations, frequently allow and encourage employees to use their own mobile devices for work. According to Anurag Agrawal of Techaisle, 61 percent of small businesses let their employees bring their own devices. With this in mind, small business owners should employ some type of mobile security solutions and network access control (NAC) products. That will let workers securely access the company VPN and email from their own mobile phones, tablets, and laptops without compromising your company’s entire IT infrastructure.
Big Security Stakes for Small Business
Larger companies can deal more easily with the devastating effects of a data hack. They can afford to risk losing millions of dollars in a data breach (Target’s 2013 data breach cost them $252 million). But small businesses simply don’t have the money—or the reputation—to lose. A minor data breach or a successful intrusion attempt can force some small businesses to declare bankruptcy or even close their doors forever.
The cybersecurity products and services currently available can detect, prevent, or alert you to intrusion attempts—and save you time and money in the process. If you own a small business, you already have a target on your back; protect yourself against the cyber-criminals that come knocking at your virtual door.
Stephen Coty is the chief security evangelist at Alert Logic.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|