Security is a continual hot topic among IT leaders in small and medium-sized businesses. New threats are emerging including ransomware and vulnerabilities in Internet of Things devices, while existing threats are evolving, such as distributed denial of service (DDoS) attacks, malware that targets mobile devices and phishing scams over email.
Many SMB owners think that cyber attackers wouldn’t bother targeting a smaller scale business like their own. They are completely incorrect, and this common “but there’s not much to steal” mindset can get you in hot water if you don’t take the right precautions. The 2016 State of SMB Cybersecurity report found that 50% of SMBs had experienced a security breach in the past year. Cyber attackers are aware of the prevailing yet flawed sense of security that exists among SMB owners and they exploit this. It’s much easier for them to gain access to a poorly protected SMB than a big corporation with the latest security updates. Any company that interacts with customers, has sensitive data or processes credit cards is a target.
Most security activities are focused on preventing data breaches and ensuring that the company’s revenue-generating platforms are secure. That includes protecting customer information, ensuring the integrity of ecommerce and online purchasing, and reducing exposure to phishing scams and ransomware, an extortion scheme in which hackers encrypt corporate data and demand payment before unencrypting the data.
Most SMBs cite a lack of time, budget and expertise as reasons for not having proper security. Factors involved in SMB attacks usually include workers not being aware of risk, a lack of employee training, not having updated security programs and not having an IT specialist.
If you want to avoid being a victim of a cyber-attack check out these 6 best practices for SMB cyber security. To safeguard your IT infrastructure and data, we recommend a comprehensive approach to security through a mix of policies, technology and people.
1. Install anti-malware software
While most of us think we’d never open phishing emails, the Verizon 2016 Data Breach Investigations Report found that 30 percent of employees opened phishing emails, up 7 percent from 2015. When employees open phishing emails, malware is automatically installed on their computer. Anti-malware software is crucial for all devices on the network.
2. Use a firewall
All SMBs should set up a firewall to provide a barrier between their data and cybercriminals. This is one of the first lines of defense against cyber-attacks. In addition to the standard external firewall, many companies are starting to install internal firewalls in addition to standard external ones to provide an additional layer of protection. For employees who work from home, consider providing firewall software and support for their home networks to ensure compliance.
3. Educate all employees
All employees accessing the network should be trained on network security policies. Hold employees accountable by having each of them sign a document stating that they have been informed of the policies and understand that actions may be taken if they do not follow security procedures. Since policies are evolving as cybercriminals become savvier, it’s important to have regular updates on protocols.
4. Document your cybersecurity policies
While small businesses often have informal procedures, don’t leave cyber security up to word of mouth and intuitional knowledge. Visit this Australian Government website for help with deciding on and documenting your cyber security policies . They also have a 5 minute procedure for protecting your business right now – https://www.acsc.gov.au/business.html
5. Plan for mobile devices
According to the Tech Pro Research 2016 BYOD, Wearables and IOT: Strategies Security and Satisfaction report, 59 percent of businesses currently allow BYOD. For this reason – it is essential that SMBs have a documented BYOD policy that focuses on security precautions. It should be a requirements that your employees set up automatic security updates and each device should require a password to access the company network. A lot of devices are left on default settings, posing a security risk. Instead, businesses need to use more stringent passwords and connect them to protected networks. As the popularity of wearables like smartwatches grows, it is necessary to include these devices in the policy.
6. Use multi factor identification
Requiring multi-factor identification to access networks is simple to set up and provides an extra layer of protection. Cyber attackers may have the password, but it is unlikely they will be able to gain access to a secondary requirement, like a PIN sent to the employee’s phone.
7. Enforce safe password practices
The Verizon 2016 Data Breach Investigations Report found that 63 percent of data breaches happened due to lost, stolen or weak passwords. So while employees may find regularly changing passwords a hassle, it’s essential for advanced password protection. For optimised security, employees should be required to use passwords with upper- and lowercase letters, numbers and symbols. All passwords should be required to be changed around every 60 days.
8. Regularly back up all data
Despite taking all necessary precautions, it is still possible to be breached. SMBs should regularly back up all word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Everything in the cloud should also be backed up. Ensure backups are stored in a different location in case of fire or flood. Make sure your backup is functioning correctly by changing it regularly – this will ensure you always have the latest information stored on your backup.
Security is a fast moving target and cyber criminals are becoming more advanced every day. To ensure the best possible protection for your data, it’s essential that all employees make cyber security a top priority. The security of your business depends on staying ahead of the latest security trends and technology.
While there will never be one tool or solution that’s going to magically do everything, you have to have multiple solutions in place and combine technology with good processes and people operating them to provide the best possible coverage.