Home Depot. Target. EBay. JP Morgan. Not only do these names represent some of the most popular brands in their respective industries, they have also been targets of some of the most crippling data breaches in the past few years. Most recently, Chase became the latest victim of a data breach and subsequently lost the data for 76 million households across the country.
So, what can small businesses learn from the mistakes of these well-known companies?
First and foremost, these incidents reveal that even millions of dollars invested in security cannot protect against every threat, as the dangers to virtual data security are both complex and ever changing. The question is; if these massive organizations cannot stop a cyber-attack, how can an average small business, with limited resources and expertise, effectively protect it’s data?
While there is no magic shield, there are some steps you can take to strengthen your lines of defense and best of all, they do not require a large financial investment by your company.
10. Take Action
Cyber risk is the new normal; small-business owners are not doing themselves a favor by ignoring this fact because when it comes to cyber-attacks, size does not matter.
It is imperative that small business employers act now to establish proactive cyber-security strategies that will protect the entire organization against this pervasive threat (or at the very least reduce the impact of a breach.)
9. Create a data classification policy
To know what to protect, you first need to figure out what is most important. A strong data classification policy begins with the simple act of assessing and categorizing data based on its degree of sensitivity/understanding the value it represents to current and future earnings.
This is an extremely important step in creating an effective cyber-security strategy, yet it is inexpensive to implement. In fact, it can be accomplished with nothing more than a whiteboard and a couple of hours from key stakeholders during which a consensus can be reached on what represents the company's most critical data.
8. Assess risk
Once you have identified those crown jewels, the process of building a layered security plan from the inside out can start to take shape. Performing a simple risk assessment should allow you to identify the most serious threats to your data, as well as the oversights and limitations of any existing policies and controls you may have.
For example, if your company requires constant overseas travel (particularly to destinations known for seeking U.S. innovation) a good place to start building your security plan is to develop a robust travel security policy that incorporates both technical and behavioral protocols in defense of your company’s data. An exercise like this can help small companies with limited resources align their budgets with the most critical aspects of their operation where corporate secrets are most susceptible.
7. Think bigger than regular cyber defense
Many business owners make the mistake of limiting their security investments to strictly traditional cyber defense such as firewalls, anti-virus software, and intrusion detection. While necessary, such bulwarks fail to protect against an unpleasant and often-overlooked reality in today's world: Upwards of 70% of all organizational data theft is the result of deliberate or unintentional behavior of privileged insiders.
It is therefore critical that small businesses think beyond these popular data security sensors and address the many other vulnerabilities that might directly impact your company, such as the sub-standard hiring practices or employees who seek access to proprietary matters outside of their job functions.
In both cases, education through personalized training and awareness programs can provide an effective, low-cost solution in the defense of your business that is just as important as the traditional (and often more expensive) cyber-centric control measures.
6. Create a tailored security culture
Cyber-security is not solely an IT issue and it should not be left to a select few to manage; every employee should bear some responsibility in maintaining the security of the organization. This requires frequent training regarding policies/procedures and instilling an atmosphere of accountability that balances integrating enhanced security without disrupting corporate culture.
Because the vast majority of insider leaks are not always malicious, but rather the result of inadvertent actions, encouraging a sense of awareness and vigilance throughout your company can help reduce high-threat behaviors and serve as a low-cost way to compliment existing technical solutions that are already in place.
5. Dedicate one computer for the company's purchasing, banking, and confidential financial business
When you browse the Internet, you make it easy for something malicious to be introduced into the system. The computer used for a company's bookkeeping, banking, and purchasing should not be used to search the Internet or view social media sites. It is also recommended that the computer should auto-lock when not in use.
4. Keep your hardware, operating system, software, and apps up to date
One way that malicious software (also known as malware) is able to gain access to and exploit a computer system is through out-of-date hardware and software. Updates include security fixes so having the latest versions is an easy way to keep your systems as secure as possible. Cycrest Managed Services (CMS) automatically updates your important anti-virus and anti-malware software so your risk is consistently minimized and your network stays stable.
3. Plug leaky apps
One security company found that approximately 60% of the mobile apps it evaluated leaked information and had "other security problems.” Developers are under such tight deadlines that they move quickly and sometimes code improperly, which can leave an app with vulnerabilities. An app can leak your address, customer list, suppliers, password, or username out to the Internet without encryption so hackers are able to easily harvest that data.
Cycrest and other apps can help you assess your mobile device for leaky apps; some can even send out notices when an app is unsafe or needs to be updated.
2. Clean house frequently
Chances are that you currently have information stored in your database that you no longer need. Try performing a yearly audit of your data. Do it in conjunction with your legal counsel to make sure that whatever you are getting rid of will not get you in trouble later on.
1. Invest in Cycrest Managed Services
Cycrest's CMS plans are designed to bend around your budget and provide you with the most value possible. To keep your network secure and assist you with all of the aforementioned tips, call the Inland Northwest's Premier Cyber-security experts, Cycrest Systems. With our CMS plans you get:
- Advanced Web Protection Systems to help keep you protected while you surf the net.
- Multi-factor Authentication/ 2 Factor Authentication which adds the requirement of a 2nd rotating – random password to log onto your systems.
- Advanced Email Protection Systems to help reduce spam, malware, virus, ransomware laden emails before they get into your email box
- Disaster Recovery and Business Continuity Systems so in the event you do suffer an attack, you can recover quickly
- Weekly network wide (systems & servers) virus scans, detection and removal
- Real time virus scanning and detection for all incoming emails and web page viewing
- Hourly virus updates to server and workstations to insure protection from newly released threats
- Real time intrusion detection and prevention from system hackers
- Hacker tracking for attempted intrusions to aid in prosecution of hackers
- Instant security-critical updates when an immediate threat is spreading and announced
- Monthly security-critical updates to all workstations and servers to keep your system stable and safe
- Regular spyware and malware scans, detection and removal to insure people are not stealing your important and confidential data
Cycrest Systems keeps your network secure so that you do not have to have the budget of an extremely large company in order to avoid data breaches and keep your network running smoothly. Cycrest "Provides Stability and Increased Productivity to your Organization” with our "One Call...Total Service" approach.