Cyber-attacks, data breaches, viruses and malware – you are familiar with all of these phrases and have undoubtedly seen your share of news headlines pertaining to businesses which have fallen victim to hackers and scammers. Most of you fall into one of two categories of people: those who consider cyber security matters to be a challenge only for big business, or those that know that their small business is at risk but feel overwhelmed as to what to do to protect themselves. This month’s article aims to convince you of your need to protect yourself and provide you with four steps to get you on your way towards a more secure business environment.
Cyber-Security is Everyone’s Problem
If you believe your small business is not a target for cyber criminals, think again. In 2014, 71% of security breaches specifically targeted small business. Of that number, more than 60% went out of business within six months of the breach. Why are small businesses a target? Because just like big businesses, you have what cyber criminals want: a flourishing bank account, customer credit card information, and employees’ personal data, but you are likely lacking one thing big businesses have: adequate technical tools and resources to properly protect your assets.
Cyber criminals are very well educated and their attacks are calculated. These individuals know specifically where to look for the valuable information they are seeking and how to get it. Choosing not to protect yourself is not an option in today’s environment.
4 Steps to Getting Started
- Build a strong foundation and maintain it.
Keep your PC and server operating systems current and patched regularly. Update the software packages in use by your organization as updates become available. Install security software across your network. Set up firewalls. Secure your wireless network. Be aware of what ports are open on your network and close any that are unnecessarily open. Consider the use of web filters to control what websites can be accessed by users on your network. Proactively monitor your network for activities that should not be taking place in your environment. Doing all of these things will reduce the level of risk in your network environment.
- Educate your employees.
Building and maintaining your network foundation is not enough. You can have the best security tools and staff available but they will do little to protect you if your employees are not educated. Review your company’s acceptable use policy as part of your new employee onboarding process. Educate your employees about best practices with regard to internet safety and security. Include training about email scams and phishing attacks. Also teach your employees what types of information you deem to be sensitive and how to properly handle the disclosure of that sensitive business information to others.
The National Cyber Security Alliance offers free resources to get you started with your training. Access their materials at www.staysafeonline.org.
- Thoughtfully assign privileges and set strong passwords.
When establishing user accounts, set appropriate permissions. Every user does not need to be a network administrator. Grant access only to the network resources your employees need to do their job.
A strong password is your first line of defense against unauthorized access to your business’ network infrastructure and your sensitive data. Require your users to set strong passwords and discourage them from using the same password to access multiple accounts.
At a minimum, passwords should follow these guidelines:
- Use both upper case and lower case letters
- Include at least one number
- Include special characters
- Make passwords at least 8 characters long
- Do not save passwords in web browsers or write them down
- Avoid using personal information as part of your password (such as your name, birthdate, etc)
- Be extra diligent with mobile devices.
The use of mobile devices has improved the way that work gets done, but the use of these devices are not without risk. Failure to properly protect these devices could put your business data in the hands of cyber criminals. Dell reports business travelers lose more than 12,000 laptops per week in US airports. Over 3 million smartphones were lost or stolen last year.
Keep an eye on your device and make sure your device is protected with a password or passcode. Consider the use of applications that can remotely lock and wipe your device should it be lost or stolen. Avoid storing sensitive business data on mobile devices.
Strong cyber security is a company-wide challenge.
Cyber security is not just an IT challenge. A good plan requires employee education and the development of policies in addition to sound software solutions. Follow these four steps to get you on your way to a more secure 2015.