Cyber Security Strategy for Small Businesses
The internet has enabled businesses of all sizes, all around the world to reach newer and larger markets, tapping into new streams of opportunities by leveraging computer-based tools. Whether businesses are planning for entire cloud computing suits or just using email and maintaining a simple website, cyber-security should be an important part of the firm’s plan.
It’s a common perception that small businesses are too small a target for cyber-attacks, and the basic security structure is enough to protect them against computer viruses and hacks. However, most of the time, that’s just not true. Companies often fail to prioritize cybersecurity as an essential function leaving their IT infrastructure vulnerable. IT security issues often cost companies a lot of money and days of downtime every year. Even if your IT infrastructure consists of a couple of laptops, cyber security should be a top priority.
An example of how important cybersecurity is the ‘WannaCry ransomware’ attack from a few days ago, the cyberattack hit more than 230,000 victims in over 150 countries irrespective of the victim organization’s size, asking them to pay a ransom of $300-$600 to decrypt their Important files and businesses are still dealing with its fallout.
Why Hackers Target Small Businesses?
Large organizations often fell prey to cyber-attacks, however, for the past few years the scales have started to tip towards small businesses, mostly because they are considered ‘soft targets’, as they have more digital assets compared to an individual and have less security than a large-scale organization. As Stephen Cobb, a senior security researcher at ESET describes, “they fall into a hacker’s sweet spot”. Hacks and ransomware attacks are often targeted towards small business as they do not have a huge cyber security budget and a large team of IT professionals backing their IT Infrastructure.
Symantec’s 2017 Internet Security Threat Report suggests that there has been a great surge in the number of cyber-attacks in the country and small businesses have become an even bigger target of these attacks. Cyber security attacks such as email malware have impacted small to medium-sized businesses (with 251 to 500 employees) the most. Spammers appear to be non-discriminatory when it comes to the size of the companies they target and the difference between the most-targeted small businesses and the least-targeted larger businesses was just over a percentage point.
What Can Small Businesses Do to Safeguard Themselves?
Train employees and create a cyber-secure culture
The most vital part of any cybersecurity plan is the human element. A culture of cyber security best practices should be implemented and followed throughout the organization, employees should be trained in basic security practices & policies and should be aware of important ‘Do’s & Don’ts’ when it comes to cyber security & safe internet use guidelines. There should be penalties for violating company cybersecurity policies and rules for safeguarding customer information and other mission critical data.
Test your IT infrastructure security
Penetration tests and vulnerability testing can be conducted in order to analyze the readiness of the security systems in place. These tests mimic real world scenarios and are conducted in controlled environment, highlighting inherent weakness of the system and measuring the effectiveness of security protocols in withstanding skilled hackers.
Regularly update anti-virus and other software
It is important to regularly update the security software, browsers and operating systems, ‘wannacry ransomware’ exploited the vulnerability in an un-updated Microsoft Windows operating systems, for which a security patch was available since March. Regular update of software can be the best defense against malwares, hacks and viruses.
Use stronger passwords
It is important to have strong passwords for all employee accounts and to restrict administrator access to only those who absolutely need it. Passwords should be long and have special characters making it more difficult to hack. Companies should also utilize multifactor login that requires additional information beyond a password for logging in.
Take regular backups of your mission-critical data
It is important to take regular backups of all mission critical data; backups could be taken offsite or in the form of cost-effective cloud backups. Sensitive information such as proprietary databases, legal information, financial records, human resources files and customer data should be securely backed up on a regular basis.
Secure your Wi-Fi network
It is important to secure Wi-Fi networks, making sure they are hidden, encrypted and password protected. New routers that have the same default username and password that should be changed immediately upon setup; you can also configure your router not to broadcast the network name, Service Set Identifier (SSID), to add an extra layer of protection.
Disaster Recovery Plan
There should be a robust disaster recovery plan in place to avoid downtime that could cost businesses heavily, there should be a clearly written and communicated disaster recovery plan with details about who takes responsibility for what and which systems need to be addressed first to resume normal business operations.
Create a cyber-security contingency plan
There should be a game plan to deal with breaches, like isolating the infected system, automated/manual system shutdown & lockout options to contain the breach, automated/manual system reboot, and plans for providing real-time transparent updates to stakeholders likes partners, users and customers.
What Solutions to Sort out?
A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across public networks as if their computing devices were directly connected to the private network. In other words, it creates a secure, encrypted connection, which can be thought of as a tunnel, between your computer and a server operated by the VPN service. Using VPN creates an additional layer of encryption that protects all the data in transit, making it extremely difficult for hackers to compromise the data. With a setup cost as low as $10 a month, it can easily be utilized by small businesses.
Managed Network Security Outsourcing
It is becoming an accepted industry to outsource network security to a Managed IT services firm, a cost benefit analysis often indicates that it would cost a fraction of what it would be needed to deal with a cyber-attack in house.
Security expert Danielle Valliere at LockPath explains, “Although information security is a stressful matter, consulting with a professional IT services firm instead of trying to handle things in house is a smart move”. “Whether you decide to go with managed services or purchase hardware and software through an informed reseller, be sure to consider the level of risk to your vendors and clients, as well as, budgetary requirements before making a decision.
Moving to Cloud for security may be an abstract concept, difficult to grasp, but it’s quite simple. Cloud providers often spend a lot to update, maintain and secure their infrastructure as they have a lot riding on their cloud security. They dedicate enough resources to assure security of their client’s data stored within their infrastructure.
Migrating to cloud can be a cost-effective solution for small to mid-size organizations, to secure their data and leverage other unparalleled benefits offered by cloud computing.
You can know more about the benefits offered by Cloud here: Cloud: An Imperative Need for SMBs
Firewall Network Security
A firewall is a network security system that prevent outsiders from accessing data on a private network. It monitors and controls the incoming and outgoing network traffic based on predetermined security rules. Firewall could be installed within the network in the form of hardware or software, that provides an added layer of protection against unauthorized access. Operating systems such as Microsoft Windows, come with built-in firewalls that offer some degree of protection. However, it is advisable to add firewall systems to protect routers, servers and other IT assets separately.
Cyber-insurance is an important solution that helps recoup losses and pay legal fees associated with data breaches. Just like any other insurance, it is a policy covering damages in case of a cyber-attack. It is a common perception that Cyber-insurance is for larger firms only; however, many insurance companies have started to offer tailor-made coverages for smaller companies to meet their budgets and risk-exposure levels. With small businesses becoming a bigger target every year, this tool can definitely provide comfort to a business and sense of security.
Current Trends in Cyber-security
Cyber security is a growing concern for businesses all around the world. Small businesses have started laying greater emphasis to train employees in do’s and don’ts, outsourcing network security and have begun to invest in various resources for disaster recovery planning and cloud migration; Cloud computing offers excellent surveillance for intrusion, restrictive access and strong perimeters for security. It is important be prepared and develop a plan, instead of simply staying in the dark.
Ultimately, the best thing you can do is to have a “security-first” mentality. Just because a firm is small it does not mean it would not fall victim to breaches. Being aware about current trends in cyber security can be extremely beneficial for small businesses and can help save precious resources like, time and money.
To talk more about what cyber-security strategy works best for your organization, meet us at our booth at the USPAACC CelebrAsian 2017 Conference from 31st May to 2nd June at Hilton San Diego Bayfront, California.