Home Depot. Target. EBay.JP Morgan. Not only do they represent some of the most popular brands in their respective industries, they have also been the targets of some of the most crippling data breaches in the past five years. More recently, Chase became the latest victim of a breach, losing data for 76 million households across the country.
So what can small businesses learn from the mistakes of these large companies?
For starters, they reveal that millions of dollars invested in security cannot protect against every threat, as the dangers are both complex and ever-changing. Question is, if these massive organizations can't stop a cyberattack, how can the average small business, with limited resources and little expertise, effectively protect its data?
While there's no silver bullet, there are some steps you can take to shore up your lines of defense, and better yet, they don't require a big financial investment by your company.
10. Take action
Cyber risk is the new normal. Small-business owners do themselves no favors by ignoring this fact, and when it comes to cyberattacks, size doesn't matter. Symantec's 2014 Internet Threat Report revealed that 30 percent of cyberattacks last year targeted small companies.
Small employers need to act now to establish proactive cybersecurity strategies that cover the entire organization in order to defend against this pervasive threat, or at the very least reduce the impact of a breach.
9 Create a data classification policy
To know what to protect, you need to know what is most important. A strong data classification policy begins with the simple act of defining and categorizing data based on its degree of sensitivity, and understanding the value it represents to current and future earnings.
This is an important first step in creating an effective cybersecurity strategy, yet it is inexpensive to implement. In fact, this can be accomplished with nothing more than a whiteboard and a couple of hours from key stakeholders during which a consensus should be reached on what represents the company's most critical data.
8. Assess risk
Once you've identified the crown jewels, the process of building a layered security plan from the inside out can begin to take shape. By performing a simple risk assessment, you should be able to identify the most serious threats to your data, as well as the limitations of any existing policies and controls you may have.
For example, if your company requires constant overseas travel, particularly to destinations known for seeking U.S. innovation, a good place to start is to develop a robust travel security policy that incorporates both technical and behavioral protocols in defense of your data. An exercise like this can help small companies with limited resources align their budgets with the critical aspects of their operation where corporate secrets are most vulnerable.
7. Think bigger than regular cyber defense
Many business owners make the mistake of limiting security investments to those areas focusing strictly on traditional cyber defense, such firewalls, anti-virus software and intrusion detection. While necessary, such bulwarks do not guard against an often-overlooked reality in today's world: Upwards of 70 percent of all organizational data theft is the result of deliberate or unintentional behavior of privileged insiders.
It is therefore critical that small businesses think beyond popular data security sensors and address other vulnerabilities that might directly impact your company, such as the sub-standard hiring practices of an essential supplier or vendor, or employees who seek access to proprietary matters outside of their job functions.
In both cases, education through customized training and awareness programs can provide an effective, low-cost solution in the defense of your business that is just as important as the traditional (and more expensive) cyber-centric control.
6. Create a tailored security culture
Cybersecurity is not solely a technology or IT issue, and it shouldn't be left to a select few to manage. Every employee should bear some responsibility for the security of the organization. This requires frequent training on policy and procedure and instilling an atmosphere of accountability that balances security without disrupting corporate culture.
Because the vast majority of insider threats aren't always malicious, but rather the result of inadvertent actions, encouraging a sense of awareness and vigilance throughout the company can help reduce high-threat behaviors and serve as a compliment to existing technical solutions already in place.
5. Dedicate one computer for the company's purchasing, banking and confidential financial business
When you browse the Internet, you make it easy for someone to introduce something malicious into the system. The computer used for a company's bookkeeping, banking and purchasing should not be used to search the Internet or view social media sites. It is also recommended that the computer should auto-lock if not being used.
4. Keep your hardware, operating system, software and apps up to date
One way that malicious software, or malware, is able to gain access to a computer system and exploit it is through out-of-date hardware and software. Updates include security fixes, so having the latest versions keeps your system the most secure. Cycrest Managed Services (CMS) automatically updates your important antiviral and antimalware software so your risk is minimized and your network stays stable.
3. Plug leaky apps
One security company found that 60% of the mobile apps it evaluated leaked information and had "other security problems." Developers are under such tight deadlines that they move quickly and sometimes code improperly, leaving an app vulnerable. An app can leak out your address, customer list, suppliers, password, or user name and send it out over the Internet without encryption, so hackers just harvest that date.
Cycrest and other apps can help you assess your mobile device for leaky apps. Some can even send out notices when an app is unsafe or needs updated.
2. Clean house frequently
Chances are you store information in your database that you no longer need. Try a yearly audit of your data. Do it in conjunction with your legal counsel, and make sure whatever you're getting rid of won't get you in trouble.
1. Invest in Cycrest Managed Services
Cycrest's CMS plans are designed to bend around your budget and add the most value possible. To keep your network secure and for assistance with all of these tips, call the Inland Northwest's Premier Cybersecurity experts, Cycrest Systems. With our CMS plans you get:
- Weekly network wide (systems & servers) virus scans, detection and removal
- Real time virus scanning and detection for all incoming emails and web page viewing
- Hourly virus updates to server and workstations to insure protection from newly released threats
- Real time intrusion detection and prevention from system hackers
- Hacker tracking for attempted intrusions to aid in prosecution of hackers
- Instant security-critical updates when an immediate threat is spreading and announced
- Monthly security-critical updates to all workstations and servers to keep your system stable and safe
- Regular spyware and malware scans, detection and removal to insure people are not stealing your important and confidential data
Cycrest Systems keeps your network secure so you don't have to have the budget of the largest companies to avoid data breaches and to keep your network running. Cycrest "Provides Stability and Increased Productivity to your Organization," all with our "One Call…Total Service" approach.
@ Copyright 2017 All Rights Reserved.
Brought to you by Cycrest Systems, Inc
For more IT information, check out our bi-weekly newsletter here: Click here for the whole newsletter