[BreachExchange] Never Underestimate the Value of Security for Small Businesses

[Audrey McNeil]

http://www.sitepronews.com/2016/11/04/never-underestimate-the-value-of-
security-for-small-businesses/

Cyber-security is a term that small business owners hear frequently, but
few understand just how important and timely it is. While many assume that
only large Fortune 500 companies need to take security threats seriously,
the reality is that smaller organizations have just as much to fear.

SMB Security Threats Aren’t Going Away

In 2011, small businesses were victims of cyber attacks only 18 percent of
the time. However, over the last five years, that number has risen
dramatically. In 2015, 43 percent of all cyber-attacks targeted small
businesses. That’s up more than nine percent from 2014 alone and shows that
hackers are making small businesses – which are much more likely to be
unprotected – their primary targets.

While hackers and scammers always seem to be one step ahead of the security
industry, it’s clear that the following three issues are pervasive.
Businesses must deal with them immediately or risk falling victim to
dangerous attacks.

Ransomware and phishing. As time passes, we’re seeing much more advanced
and creative ransomware and phishing attacks. The scary thing about these
attacks is that it’s too late to recover anything once the hacker gains
access to what they want. In the case of ransomware, the only way out is to
pay off the hacker.

People. You may like to assume that your biggest threats are lurking in
dark basements in foreign countries, but sometimes your own employees are
your biggest liability. Whether purposefully or accidently, employees can
wreak havoc on your systems.

Outdated software and tools. Small businesses don’t always update software
and tools as they should. As a result, loopholes can be exposed and
businesses may unwittingly fall prey to scams that are otherwise protected
in updated versions.

The main thing is that small business owners are aware of the risks they
face. The most dangerous belief you can have is the idea that you’re safe
because you’re small. As the trends show, you most certainly are not the
exception to the rule.

Six Tips for Securing Your Company

The bad news is that hackers and scammers are targeting small businesses.
The good news is that there are plenty of ways to protect your business and
mitigate your risk.

Let’s check out some of the things you can do.

1. Improve File Sharing Strategies

In today’s business world, where many companies work remotely and exchange
sensitive information with different parties, it’s imperative that small
businesses develop secure file sharing strategies that keep data out of the
wrong hands.

Thankfully, there are a variety of technologies designed to help
businesses, just like yours, enhance security in this critical area.  Make
sure you compare different options and find a solution that fits your
budget, needs, and existing tools.

2. Enhance Employee and Administrator Passwords

One of the most common entry points for hackers is actually the same entry
point that you and your employees use to access files: account IDs and
passwords. Since most passwords are easily guessed, hackers don’t have to
go through much effort to find their way into businesses. By improving
password security, you can mitigate some of the threats associated with
password hacking.

For starters, set up requirements for all passwords. They should be at
least eight characters long and need to contain upper case and lower case
letters, numbers, and symbols. Furthermore, passwords should be changed at
least once a month, and the same password should never be used on multiple
accounts.

3. Be Careful With BYOD Policies

BYOD policies are fairly common in today’s leading small businesses, but
the biggest disadvantage here is a lack of security. If you’re allowing
your employees to use personal mobile devices in the workplace, then there
needs to be a clear set of rules.

All devices should be password protected, with the same password rules that
apply to other accounts. There needs to be a policy in place for handling
lost or stolen devices and all data on these devices should be encrypted.

4. Educate Your Employees

Don’t assume that your employees understand the cyber threats your company
faces. The best way to enhance security is by educating employees.

“It’s clear that hackers will continue to target small businesses with
phishing attacks,” says Joshua Sophy of Small Business Trends. “And since
these attacks are targeting employees mostly, implementing a proper
training and informational program on phishing schemes within your company
is prudent.”

Not only does employee education prevent errors and oversights, but it also
makes employees more aware of their surroundings. As a result, they can
report suspicious activity and understand how they’re expected to respond.

5. Think About Cyberinsurance

No matter how well you guard your business and how many different layers of
defense you establish, it’s impossible to avoid every single threat. That’s
why many small businesses are turning to a new option: cyber-insurance.

“In the past several years, cyber-insurance policies have become an
increasingly popular option for small businesses looking to protect credit
card information, customer names and addresses, and other sensitive data
stored in online systems,” business expert Paula Fernandes notes. “Cyber
risks aren’t typically covered under general liability insurance, so it’s
important to find out which types of coverage are available.”

It’s always better to have more protection than you need. If your business
doesn’t have the resources to survive a significant attack, then you should
consider adding a cyber-insurance policy for peace of mind.

6. Remain Agile

Above all else, your business must remain agile. New security threats
emerge every day and technologies are being updated on a regular basis.
Avoid getting stuck in your ways and always be prepared to move. This is
the only way you can stay safe and significantly reduce your risk of being
attacked.

An Investment in Security Always Pays Off

There are three primary reasons small businesses fail to invest in security:

1. They don’t realize the severity of cyber threats,

2. They don’t know what to do, or

3. They’re worried about the cost of security.

After reading this article, you can’t let No. 1 or No. 2 hold you back. But
what about No. 3? Will the cost of cyber-security set you back? The short
answer here is no.

While it does take time and money to overhaul your security measures and
establish a defense, the initial investment is nothing compared to the
massive costs associated with an attack. Think about it in terms of
insurance. Your business has a handful of different insurance policies.
They all cost money and don’t really give you much in return. However, if
you ever need to file a claim, the savings on that claim alone make years
of paying monthly premiums worth it.

Cyber-security is the same way. You’ll never understand the true value of
securing your business unless you suffer an attack. Hopefully, though,
you’ll wake up and make an investment in security before you ever have to
figure it out on your own.

Small businesses no longer have the luxury of idly standing by, so make
sure you’re protected.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161104/e85f83ad/attachment.html>