Today, the attention of both IT and business managers in organizations of all sizes is fixed on cybersecurity. The reason is simple: Absolutely no organization is immune to cyber attacks in an ever-growing threat environment.
This is particularly true for SMBs. A recent major study of some 600 SMBs unearthed startling findings that more than half of them had experienced a cyber attack in the last year. The origins of the attacks are many and varied, with Web-based attacks, phishing and general malware topping the list.
Managers at small businesses cannot be blamed for feeling helpless against the threats at a time when huge corporations and even government agencies cannot protect themselves. But the truth is, a few simple, common sense tips can and will go a long way to protecting your small business from attacks that are inevitable.
Deploy a comprehensive password management solution. This has to be high on the to-do list, if not at the top. Why? Because all your employees use passwords. And research shows that, left to their own devices, most employees will do a poor job of proper, effective password management, thus leaving themselves and the business open to attack.
For example, employees routinely use the same password for multiple online accounts. They also use simple easy to remember passwords that are very easy to hack.
Carefully chosen, a password management solution should provide IT and/or the business owner visibility into the password habits and practices of employees. More importantly, the solution will help enforce correct password hygiene while improving employee productivity.
Training is often the missing link. Cybersecurity awareness training is extremely effective in today’s threat environment. There is no excuse for omitting it in a small business because there are fewer employees to train. Training will educate employees on the most common vulnerabilities and attack points. Education should always carry a message of personal accountability so that everyone realizes they have a role to play in securing data and information assets.
Cybersecurity is more than an IT issue. Security is more than just protecting computers and databases. It is about protecting the business. While one person should be responsible for security decisions, delegating cybersecurity in a small business to IT without company-wide support is often a mistake.
It is the business and financial leaders that know what data needs the most protection. Seen this way, cybersecurity is a risk management issue which IT can help address as part of a coalition of company leaders. Security should be tied to business objectives. All this and more is outside the usual purview of IT by itself.
Data, data, who’s got the data? How can any business know if its data is safe if it doesn’t know where data resides and how it is stored? That is often the case today, where various third party and cloud providers store business data for their clients. Always ask, “Where will my data be hosted? Who has access to it? What monitoring is in place to alert me of a breach or unauthorized use? What safeguards are in place to protect me against potential rogue employees at your site?” Also carefully vet the provider’s data encryption policies and procedures. And be sure all your data is encrypted before it is stored in the cloud or anywhere online.
Hackers take the path of least resistance. Often times the path of least resistance for hackers are employee-owned mobile devices. Don’t allow any unencrypted data on mobile phones, whether company-owned or BYOD. Device-based security policies, like those insisting the encryption be enabled at all times, can prevent illicit network access.
Remember: Solutions for complex security challenges don’t have to be complex.