Cyber-crime is on the increase, and according to a recent report carried out by the Ponem Institute, the cost of data breaches to businesses in the US averages $188 per incident.
Crackers, hackers, and script kiddies are opportunistic, which means that they’re more likely to go after an unprotected server or poorly designed shopping cart owned by a small business than they are to target a huge corporation. Data collected from the Chronology of Data Breaches, published by Clearing House, states that in 2012, malicious attacks including hacking and insider theft accounted for nearly 47% of all recorded data breaches whilst specific hacking attacks were responsible for over 33% of data breaches.
The good news for small business owners is that most breaches can be protected with some simple, fairly inexpensive security precautions.
Cyber Security Is For Everyone
Many small business owners make the mistake of assuming that they’re too small for anyone to care about. Don’t think that you’ll be the lucky one and that it will never happen to you; hackers don’t care who they target, and they could strike at any time.
To help you protect yourself from cyber-theft, here’s a quick ten-step plan to help you improve your data security. Each step in the plan is easy to implement, and together they will make a huge improvement to your company’s IT security. Here’s a quick summary of the steps:
- Develop a security plan for mobile working.
This means encrypting laptop drives, and setting mobile devices to lock automatically when unused for a certain length of time. These small changes put up barriers that could deter the lazier hacker.
- Educate your employees.
Poor password choices and a willingness to give out details to anyone who “sounds official” are a leading cause of security breaches.
- Create an incident response plan for IT security.
There should always be someone monitoring security events on your computer network. In the case of a security breach, employees should know, and follow, a specific procedure to minimize the damage of computer or network intrusions. If you’re struggling to develop your incident response there are companies out there who offer data protection training for very reasonable prices.
- Review your risk management plan.
Add an IT security section if you don’t already have one. Again, there are companies that can help you develop your management plan.
- Be selective about handing over network privileges to employees.
You should also be proactive about revoking those privileges if an employee leaves the company.
- Limit the use of removable media within the company.
This applies to bringing data into the network, as well as copying data on to removable devices for use elsewhere. You can encrypt USB sticks and CD/DVD’s to offer greater protection when moving data around.
- Pro-actively monitor all IT systems and review network logs.
You need to ensure that someone in your office is keeping an eye on who’s accessing your network. Without this, knowing who is coming and going on your network is incredibly difficult and hackers could dip in and out without your knowledge.
- Apply security patches for all software as soon as they are released.
Patches are pieces of software that are designed to fix a problem, whether this is a vulnerability that could affect security, or bug fixing.
- Install anti-malware software.
Perform regular scans for viruses, Trojans and malicious applications that could be hoarding your sensitive data.
- Install firewalls and intrusion detection systems.
Close unnecessary network services and filter unauthorized traffic. Test your firewalls regularly.
The above ten steps will cover most likely security breaches. No security is completely unbreakable, but the fewer points of entry there are into your system, and the fewer people who have access to those systems, the safer your network will be.
As more companies move their business into the cloud, security becomes more complex. The responsibility for server security and patches for cloud systems falls to the service provider, but that does not mean that small business owners can abdicate all responsibility. It is still your job to restrict who has access to the cloud services and to ensure that your employees use secure passwords, and change them frequently. It is also good practice to maintain regular backups, even if your SaaS provider promises to make their own backups.
Security should not be a “special case” that concerns only big organizations. You don’t need to spend a fortune on security, all you need to do is balance the potential risks to your business with sensible best practices that are easy to implement. Take security seriously, and make small precautions a part of your daily IT habits.
What daily habits do you include in increasing your small business security?
Published: September 3, 2013