[BreachExchange] Why small business should prioritise cyber security: Six top tips

Audrey McNeil audrey at riskbasedsecurity.com
Mon May 9 17:51:19 EDT 2016


b
http://www.itproportal.com/2016/05/07/why-small-business-should-prioritise-cyber-security-six-top-tips/

Whenever news breaks of a cyber-attack or a data breach, the victim is
nearly always a well-known global or multi-national organisation worth
billions. This gives the rest of us some pause and to some extent, a false
sense of security (if you will excuse the pun), but rarely makes us
seriously consider our own cyber defences.

If we happen to be part of a small business, we don’t often consider our
business at risk from such threats; after all, who would want to hack into
our systems? But it is just as important that small businesses have
effective cyber security measures in place, not only to protect their own
interests, but also their eco-system of partners, who may well be targeted
for attack through a hole in a smaller business’ security.

How and why are small businesses vulnerable?

In 2012, there were 300 times more cyber attacks on small businesses than
in 2011, and since then, the numbers have been rising year-on-year. Smaller
businesses, either limited by strategy or finance, tend to have weaker or
lesser cyber security in place, which makes them easier to attack.
Moreover, a lot of small businesses have Fortune 500 companies and other
large organisations as clients – this means that by hacking the small
business, the hackers can gain access to their larger, high profile clients.

Securing small businesses against cyber attacks

That said, cyber security services are becoming much more cost-effective
and therefore accessible to small businesses, with many beginning to
realise that they can employ reputable security firms to handle their cyber
security. While employing these cyber security services is an important
step, there are also other practices that small businesses can undertake to
make their organisation more secure.

With this in mind, here are my top six tips that smaller businesses need to
think about with regard to securing their businesses:

1. Understanding the risks

The first step to securing your business is to learn what threats and
vulnerabilities exist, and where these threats could be coming from. You
and your security team need to know what’s out there.

2. Create and implement a security policy

The next step is to create a security policy that involves strict
protocols, for both everyday security and for situations where your
security has been compromised.

3. Train everyone on security

Everyone in the organisation needs to be educated on the potential risks
and threats and has to be trained in the business’ security practices.
There can be no exceptions; believe me, it takes just one person breaking
protocol to give hackers the opportunity they need.

4. Maintain physical access control

While securing your network is important, controlling physical access to
networked devices is also critical. An unauthorised person accessing a
device could easily compromise your security.

5. Password protect and authenticate

Every system in the organisation must have a unique password and only
authorised employees should be in the know. Wherever possible, your vendors
must also employ multi-factor authentication to further secure access, and
all software that employees install on their systems must be approved by
your security personnel.

6. Secure mobile and Wi-Fi access

Every employee is sure to have a mobile device, whether it’s a smartphone
or a tablet, and every one of them is likely to want to connect to the
company Wi-Fi. If your company culture allows this, I recommend mandating
the installation of security apps on these mobile devices, as well as
maintaining constant Wi-Fi access control.

These security practices will improve the internal security of small
businesses and bolster their ability to combat threats. However, these
practices should form only a part of the organisation’s overall cyber
security strategy. Surveys reveal that small businesses are often forced to
shut down following a cyber-attack because it has caused such irreparable
damage to the organisation.

>From my perspective, it is vital that these smaller organisations partner
with a cyber security services provider to protect their data and ensure
business continuity, otherwise they may find themselves the next victim of
a cyber attack.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160509/ad800795/attachment.html>


More information about the BreachExchange mailing list