[BreachExchange] How to Improve Cyber Security in Small Organizations

Audrey McNeil audrey at riskbasedsecurity.com
Thu Aug 11 19:19:01 EDT 2016


https://www.universityofhermes.com/improve-cyber-security-small-
organizations/

Stories of data breaches in the computer systems of big companies make the
headlines all too often. The amount of information these businesses keep on
computers is staggering and a breach of their computer security system can
affect millions of people. While big businesses may make the cyber security
headlines, it is important to remember that small businesses are not immune
to similar problems.

Recognize the potential for cyber security breaches and the need for data
protection. Small businesses may not have the money to install the same
types of security systems that big business does. That does not mean they
can leave the information they have stored on their computer systems
unsecured and unprotected. Instead, it means they need to be smarter about
how they manage their computer security systems. They need to follow steps
that will keep the information they have stored as safe as their clients,
customers, and employees expect.

Catalog the risks your small business faces. Small businesses face the same
risks that big businesses face when it comes to cyber security. Their
computer systems can be infected with viruses and malware that slow down
their computers. Their systems can also be breached by hackers who are
searching for private information that a small business may keep. Depending
on the type of business, the amount of private information about clients
and customers can be extensive.

Addresses, email addresses, and other information about customers and
clients.

Credit card information used for purchases.

Sensitive private identification numbers such as social security numbers
and tax identification
numbers. (This is especially common in small healthcare businesses.)

Consider the ramifications of lost data. If a small business does not
protect information entrusted to them, they can easily lose trust, revenue
and could face fines and sanctions. Install an antivirus on each office
computer. Each should have antivirus software that is up to date and is
turned on. This is the most basic protection and is essential.

Create layers of security. The amount of security needed depends on the
sensitivity of the information stored on the computer. Extra security
should be in place for more sensitive information. Invest in cyber
insurance. This is a fairly new product which can help a company overcome
financial difficulties if their computer systems are breached. Monitor
employee computer use. It is important to not only monitor employees to
make sure they are not putting computers at risk, it is also important to
monitor any private devices that an employee may use on the business
network.

Make employees aware of the need for security. Every business should have
policies in place to protect their computer systems. The employees should
all sign a form indicating they have read the policies and there should be
consequences when employees break those policies. Analyze the cost of
instituting cyber security. The biggest reason a small businesses will use
for not doing anything about cyber security is the cost. The reality is
that the cost of a cyber security system for a small business does not have
to be prohibitive. The cost of an anti-virus program, for instance, is not
as large some businesses may think. Many of the other steps to improve
cyber security don’t cost much at all–if anything.

Analyze the cost of not having cyber security in place. The cost of having
a computer system breached is often much higher than the cost to secure it.
Globally, the cost of breaches in cyber security for all businesses could
reach $3 trillion. Each instance can result in lost productivity, lost data
that has to be recreated and lost revenue. Weigh the costs and risk of
potential loss for your particular situation. Not everyone will agree about
the type of cyber security, or even how much security a small business
needs. One thing they can agree on is that the threats to all computers are
real no matter what size the business. They also know the threats will
continue to grow and a small business needs to act before it is too late.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160811/85a00c91/attachment.html>


More information about the BreachExchange mailing list