Over 60% of small businesses experienced a cyber attack in 2016. That’s a scary number. What’s worse is that most businesses that have been breached don’t even realize it. Small businesses can be bleeding customer information, intellectual property, and even hard currency for an average of 180 days or more before the breach is discovered. And after the breach is detected, it takes most companies another 2 months to recover from the attack. Think about that: Up to a third of the remaining time most of these organizations will stay in business is spent just trying to clean up the mess.
Small Business, Big Risk
Here’s another number: $690,000. That’s what the Ponemon Institute says that a small business can expect to pay after suffering a successful attack. This includes the lost revenue during remediation, as well as hard costs of coordinating customer notification and hiring contractors and security professionals to help recover from the breach. Not to mention paying fines, as a growing number of regulations will require, and the loss to brand and customer goodwill.
While the small business sector is one of the largest and fastest growing parts of the US economy, it’s also one of the most targeted by cybercriminals—a fact that is made all the more tragic because many small businesses are largely unprepared to survive an attack.
While we offer platforms to help secure your business against these threats, we recognize that platforms alone won’t get the job done. Comprehensive defense against bad actors and insider threats requires more than just spending money. Businesses must take a broad look at their operations and understand where they have exposure.
We have put together some basic tips based on the Federal Communications Commission’s guide, Cybersecurity for Small Business. Whether you’re a small business that’s just starting to look at how to implement a more comprehensive security program, or an established small business looking to quality check your own measures, these tips can help.
- Establish a strong security culture
Establish the basics—strong password policies, appropriate use guidelines, and policy on how to manage and protect customer data. Teaching not only the process but also WHY security is important shows the direct effects that cyber threats can have on your employees’ lives.
- Create and follow a software and hardware patch plan
Keep security software current, applications at their most recent patch levels, and scan for threats regularly. New vulnerabilities are being discovered all the time, so it’s vital you keep systems up-to-date.
- Secure your internet connections
Like antivirus, a firewall goes a long way in protecting your network and endpoints. Ensure software firewalls are in use at the OS level, and if employees work from home or remote locations, ensure their systems are secured as well.
- Don’t forget your mobile systems
Mobile devices represent one of the largest and most exploited sectors of your security perimeter. Require users to use multi-factor authentication protocols and encryption if they maintain sensitive data on their devices. Also, make sure to have reporting procedures in place if phones or mobile hardware are ever lost or stolen.
- Have a backup plan and test it regularly
Backups, backups, backups. Make sure your vital data is being backed up, and practice restoring it regularly. Millions of dollars are lost annually to ransomware threats that can often be mitigated by simply having current backups enabled.
- Control physical access to your computers and create user accounts for each employee
Prevent unauthorized use of your business systems and ensure your IT admins keep their user and administrator accounts separate. When employees aren’t around their systems, ensure they lock them to prevent unauthorized access.
- Secure your Wi-Fi networks
If you maintain a Wi-Fi network for your workplace, make sure it’s secure, encrypted, and hidden. If you provide public access for vendors or customers, ensure it’s secure and physically and logically separate from your business networks.
- Secure your payments or business credit cards
Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used.
- Establish role-based access for all users
Limit employee access to data systems. Employees should only be given access to the specific systems needed for their role.
- Strengthen user authentication requirements
Require employees to use unique, complex passwords and change passwords regularly. Strongly consider multi-factor authentication.
Together with these fundamental policies and procedures, LanScope Cat can be the engine that makes your entire organization secure. Businesses of any size can limit their exposure and have the visibility needed to stop compromises before they become a full-fledged breach. That’s something you can count on.