<h2>Six tips for securing a business of any size</H2>
According to Security Magazine, there is a hacker attack every 39 seconds and those attackers steal 68 records every second on average per the Breach Level Index. A piece by Fortune magazine reported that a survey by IBM and Ponemon of 2,400 security and IT professionals found 75 percent of the respondents didn’t have a formal cybersecurity incident response plan in place for their organization. Small Business Trends reported that 43 percent of cyberattacks still target small businesses while ransomware is on the rise. Financial Management magazine reported the average total cost of cybercrime per company jumped from $11.7 million in 2017 to a record-high $13 million in 2018.
Simply put, the recovery costs of a cyberattack on your business can be staggering. So what can be done? The National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework) published by the National Institute of Standards and Technology (NIST) in NIST Special Publication 800-181, offers some great tips for protecting your workplace from a nasty breach. Additionally, check out this shortlist of do’s and don’ts from ORAM Corporate Advisors for securing your business against an attack it can not recover from.
Do Conduct an Annual Technology Assessment
Your business, regardless of size, should perform a highly-specialized review and evaluation of incoming cybersecurity information to determine what can be gleaned from it as well as what protections you have in place. This is known as a technology assessment. Technology assessments should be conducted on a regular basis each year. Consider it an annual digital checkup for your business.
During the technology assessment, you should be looking at several things. A few of the items the assessment will consider include:
- Analyze threat information from multiple sources across your network and the intelligence community to determine where you are most likely to be attacked.
- Examine collected information to identify the vulnerabilities specific to your business and the potential that they may be exploited.
- The security measures you currently employ to address those threats.
- Whether those security measures address the threats to your business properly.
- Consideration of why your business may be targeted and by whom.
- What your backup and recovery plan entails should an attack occur.
Don’t Lose Track of Threats
Collect and examine your business data regarding threats and attacks against your business. This will help you establish security priorities so your business can be better prepared in the future. Even if you can’t afford to do everything at once, you can address the threats most pertinent to your business. Once you identify those threats, you can address them head-on.
Do Plan Ahead
After you perform your annual cybersecurity analysis, you should outline a cybersecurity plan that operates throughout your business from one employee to 10,000. You need a plan in place that not only assists your business in preventing an attack but also outlines how an attack should be reported (who employees should contact). That plan should also address who needs to respond to a cyber incident and in what period of time (internal IT or third-party vendor such as ORAM). Your cyber plan should also state what steps to take toward complete recovery (think backing up here).
You will want to document your cybersecurity policies so you can share them with your employees universally. The U.S. Small Business Administration (SBA) offers a plethora of online training, checklists, and information specific to protect small businesses and the Federal Communications Commission (FCC) has a cyber planner to help you outline a cybersecurity plan for your business.
Don’t Forget Your Basic Security Tools
As a business, you should always have certain cybersecurity tools in place. Every business should employ a strong firewall and an anti-virus program as a baseline of cybersecurity. Firewalls can be established externally but many companies are now starting to also employ internal firewalls. With telecommuting on the rise, require your employees who work from home to install a firewall on their home network as well.
Antivirus programs act as a vaccination for your network. Such software protects your business against most worms, Trojan horses, and of course, viruses. These types of invaders can leave your network “sick” by performing malicious acts (such as infecting other networks), deleting business files, or accessing personal data. This all leaves your business vulnerable to data loss and denial of service which means proprietary information you and your employees need to work every day may be stolen, lost, or made unavailable. It also exposes the personally identifiable information (PII) of you, your employees, and your clients to risk. These ugly cyber threats can bring your business to a complete standstill so an antivirus is a basic necessity.
Employee training on a regular, ongoing basis is also a necessity given that most attacks are initiated by the actions of people. While your employees are your weakest cybersecurity link, they can also become your greatest security allies with proper security training. If your business doesn’t have its own IT department, you can hire a third-party vendor such as ORAM to conduct them regularly at an affordable rate.
Do Plan for Mobile Devices
According to Tech Pro Research, 59 percent of organizations currently allow the use of personal devices for work purposes such as laptops, mobile phones, and tablets. That means these devices are accessing the business network(s) and data. While there are benefits to allowing bring your own device (BYOD) to work, this could put your business at risk for an attack though there are ways to address this.
Start by having a company policy in place that addresses what devices are acceptable and which are not. You’ll also want to outline their appropriate use and times of use in the workplace. You’ll want to review this plan annually to keep it updated to address new technology and work practices.
When your employees are using their own devices, you will need to know what they are using. You can require employees to register the personal devices they are using for work-related activity. This list can be kept and updated regularly with your IT department if you have one. Businesses should also require their employees to use two-factor authentication (2FA) and a virtual private network (VPN) to access any sensitive or proprietary company data. This will reduce the change of a hacker successfully gaining access to something like a personal email account or your business network.
Don’t Rely on Luck
Don’t ignore the threat of cybercrime to your business and hope it’s lucky enough not to be targeted. Even small businesses with a small IT budget can manage some level of protection for themselves. This problem is not going to go away and your business could be the next one to be attacked.
For more information about ensuring cybersecurity in your workplace, contact the experts at ORAM Corporate Advisors at (617) 933-5060. We have the knowledge and expertise to help your business become more secure and prepare for recovery should the worst happen.