Cyber Criminals Target Small Businesses January 21, 2019
Cyber criminals are targeting small businesses at an alarming and increasing rate. Cyber-attacks can range from a stolen laptop to a hacked network, and the impact can be anything from exposed sensitive data to malware infecting your computer systems. These attacks can be so damaging to revenue and customer expectations that small businesses are forced to close.
A risk-based approach to security recognizes that risks do not fit into well-ordered buckets of high and low. Instead, they extend over a spectrum ranging from risks that are so low that the organization may accept the risk, to those that are so severe they must be prevented at all costs. The risk-based approach is essential for small businesses because they don’t have the resources of the big companies, yet they are just as exposed to potential data breaches.
There is no foolproof prevention and detection technology that can stop motivated cyber criminals. With the appropriate knowledge, policies, architecture, and technology, you can greatly improve your odds of fending off cyber criminals who seek to steal your sensitive information.
Practical steps to reduce the likelihood of a data breach
Educate and train your employees
Security awareness training should be more than just a one-time lecture or PowerPoint presentation. Educate your employees frequently on the current threats and how to properly use IT resources and protect sensitive data. This will provide your employees with the knowledge they need when confronted by phishers, fraudsters, and even malicious inside users.
Change passwords to passphrases
Simply adding complexity to your password does not make it inherently more secure. There are free automated tools on the internet that will crack simple substitutions like “a” with “@” and “e” with “3.” The US National Institute of Standards and Technology (NIST) recommends creating long passphrases that are easy to remember but difficult to crack. “fishing big dreams” is a far stronger password than “F!$hMor3” even though it only contains letters and spaces. Increasing the number of characters in a passphrase improves security. In addition to passphrases, implementing multi-factor authentication (MFA) for systems with sensitive information is an effective way to prevent unauthorized users from accessing corporate data.
Update software and systems
With cyber criminals constantly devising new techniques and looking for new vulnerabilities, an optimized security network is only optimized for so long. To keep your network protected, make sure your software and hardware security is up to date with the latest and greatest.
Perform periodic risk assessments
There are many benefits to performing periodic risk assessments beyond simply complying with PCI DSS, HIPAA, FERPA and other regulatory bodies. Periodic risk assessments will help your organization identify new risks and make smart security investments by prioritizing and focusing on the high-priority, high-payoff items first.
Encrypt sensitive data
Protecting sensitive data both in transit and at rest is imperative as attackers find increasingly innovative ways to breach systems and steal data. Failing to meet applicable PCI DSS, HIPAA, and FTI data encryption standards could cause your organization trouble, particularly if an incident occurs which exposes data that should be encrypted.
Analyze and monitor your IT systems
Security scans and threat detection can be effective in identifying and helping to remediate vulnerabilities before they can be exploited, and logging and alerting are important components to prevent security breaches. Establish centralized logging and alerts based on warning signs such as high volumes of failed logins, unauthorized access, privilege escalation and other elements which indicate malicious activity is taking place.
Third-Party due diligence
Organizations should conduct thorough, periodic vendor risk assessments and perform the necessary due diligence with third-party relationships. Doing so can help you preserve brand integrity and business continuity while protecting against lawsuits, fines and other undesirable consequences of a regulatory violation.
Hire security and compliance experts
The practice of outsourcing IT security and compliance operations has been growing steadily in recent years. Outsourcing is a great way for organizations to meet their security and compliance requirements while reducing and controlling operating costs.
Partnering with RCS grants you 24/7 access to cyber security experts who handle and manage your IT security and compliance needs. This involves assessing and mitigating your risks by developing and managing a cost-efficient security program. Best of all, you’ll have more time to concentrate on running and growing your business.