[BreachExchange] Prepare Your SMB with These 5 Cybersecurity Questions
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Nov 6 19:02:34 EST 2017
https://nopassiveincome.com/smb-cybersecurity/
The vast majority of small- and medium-sized businesses (SMBs) do not hold
anywhere near the volume of data that Equifax maintains, and in the event
of a data breach, an SMB will not be in a position of having lost control
of the personal and financial records of more than 143 million people.
Even so, the recent Equifax data breach is a stark reminder to all SMBs
that they need to have their cybersecurity houses in order because any loss
of data can result in expenses and liabilities as well a substantial loss
of customer faith and trust in the SMB.
One of the greater problems that SMB managers face is that the
cybersecurity world is evolving rapidly, and those managers do not have the
knowledge or experience to ask the right questions about the SMB’s
cyberdefenses.
These five questions are a good starting point for SMB managers to begin an
assessment of the SMB’s cybersecurity strategy.
1. What type of data does the SMB hold and maintain, and how valuable is
that data?
SMBs that conduct sales on credit or with credit or debit payment
processing services inevitably hold their customers’ payment information,
including bank accounts and credit and debit card numbers.
Even if the SMB does not store detailed financial data, it likely maintains
records of the names of individuals and their places of employment,
including whether they have authority to place orders. Hackers can use that
identifying information to dig deeper into the internal processes of an
SMB’s customer.
The absence of financial data does not eliminate the value of that data to
a hacker. Apart from customer data, the SMB’s own financial records can be
a gold mine for a determined hacker.
2. How aware or involved are the SMB’s employees in its cybersecurity
efforts?
Do the SMB’s employees assume that an IT department or a third-party
technology consultant will handle all cybersecurity matters, or are they
vested in the SMB’s cybersecurity strategy?
If the SMB has established cybersecurity policies and procedures, determine
if its employees have copies or are aware of those procedures and whether
they have received instruction to follow them.
If employees use weak passwords, routinely click on email attachments, or
log into the SMB’s networks through free public wifi, the SMB should
revisit its policies and procedures in order to make its employees more
engaged in the SMB’s cybersecurity.
3. Does the SMB have a multi-layer cyberdefense technology strategy?
Does the SMB’s cyberdefense technology begin and end with a single firewall
or does it have several layers of defenses, including multi-factor
authentication (MFA) for logins, policies for regular software and
operating system updates, and data storage segmentation to erect better
protections around very sensitive data?
A single firewall is no longer effective in guarding an SMB’s information
systems against hackers. Every SMB needs a coordinated cyberdefense
technology strategy that embodies current tools and techniques to fend off
cyberattacks.
4. Could the SMB afford to rebuild internal systems and to reimburse
customers in the event that customer data were lost in a data breach?
Does the SMB have an incident response plan that will facilitate recovery
of its operations and provide for payment of losses and liabilities
associated with a breach? Will a data breach do permanent damage to the
SMB’s reputation? In many cases, even a lesser data breach can cost tens or
hundreds of thousands of dollars.
Some SMBs are even out of business within six months after a breach because
they do not have the financial resources to remediate all the damages
caused by the breach. Cyber insurance can cover data breach losses and
liabilities and allow an SMB to get back on its feet more quickly and with
a minimum of damage to its reputation after the SMB loses data to hackers.
5. What data backup procedures has the SMB implemented?
SMBs are particularly susceptible to ransomware attacks that freeze access
to systems and data and that effectively shut down the SMB’s operations
until a ransom is paid to hackers.
SMBs with robust backup systems that are maintained separate and apart from
the SMB’s primary network will be better able to recover frozen data and to
resume operations without paying any ransom.
The SMB should regularly test and practice backup recoveries to avoid
confusion when the backup is actually needed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171106/6e20ed51/attachment.html>
More information about the BreachExchange
mailing list