A VETERAN OWNED SMALL BUSINESS | Call or text now for a FREE consultation: +1 (770) 765-3692 | Website LoginCyber security challenges are not just limited to large banks, credit bureaus, utilities, or other critical entities, they effect all businesses.
The infographic below, presented by techjury, reveals the cyber security statistics for 2019.
Republished with permission from techjury.
These days you’re likely doing a lot of business and performing your tasks online. While the Internet can be an extremely beneficial way to run your company, it also comes with its downsides.
One cause for concern is being vulnerable to hackers and those who wish to sabotage your files and business. The following ideas are going to help you learn and understand what you can be doing better at your workplace to protect your small business online. This is one subject matter you want to take seriously and attend to if you wish to keep your company free from any unfortunate situations that will be difficult to clean up later on.
Educate Yourself and Be Current
One idea for keeping your small business protected online is to educate yourself on the topic. Be current about knowing what anti-virus programs to use, what backups to perform and when and getting to know your computers better so you can make sure they’re consistently running smoothly. The more you know about IT maintenance, the less of a chance there will be that your business will fall victim to hackers and wrongdoers. You put yourself at risk for negative consequences when you choose not to learn more about online security and what you can be doing better to improve it at your workplace.
Hire Help
Another great idea is to hire help and pay for the professionals to assist you on the matter such as using a Managed IT service. The reality is there’s a lot of information in this area you’re not going to know and will need assistance with if you want to make sure your business is protected online. You likely have other pressing matters and initiatives to attend to and can’t always be in the know about what’s new in the IT world. Invest in using a third party to help you make sure you’re doing all you can to keep yourselves safe on the Internet.
Use Strong Passwords
Never underestimate the advantages of using strong passwords to protect your computers and files. Keep your small business protected online by committing to using passwords that would make it difficult for someone else to hack into your information. Create ones that are challenging and complex, but also update your current passwords often so that it makes it harder for someone else to guess it or compromise your data.
Provide Best Practices to Your Employees
It’s not only your job to make sure your business is protected online, but also that of your employees. However, they may not be aware of how important this matter is or how to go about doing so unless you inform them. Provide best practices your employees can use to make sure their laptops and files are secure. For example, educate them about not clicking suspicious looking links, following through and complying with computer updates and who to ask or turn to should they have online security questions.
Cyber attacks spiked 164% in the first half of 2017, compared to the same period in 2016, entailing 918 disclosed breaches-according reports on broadcaster CNBC. Threats vary from sector to sector. Healthcare, for example, is more susceptible to crypto-locker ransomware like the infamous WannaCry.
Internet-connected consumer devices often fall prey to malware that shackles them to remotely controlled botnets such as Mirai. Varied though the threat may be, and staggering though these numbers are, the word disclosed highlights a central paradox: While transparency contributes to the overall fortification of cyber-security protocols and procedures, battening down the hatches presumably mitigates further financial risk.
Sure, a disclosure is immensely beneficial in terms of buttressing industrial safeguards, national and global security, and customer protection – not to mention mitigating the longer-term repercussions of an attack – but so too can disclosure exact lasting damage on a bottom line.
Fighting back
The nature, intent, and consequences of an attack notwithstanding, the way companies have responded to breaches is closely related to their designation: public or private. CFOs at public and private companies face different risks and pressures when it comes to cyber-security and disclosure, and exhibit divergent perspectives when it comes to preparation.
Broadly speaking, public company CFOs are more likely to outsource cyber-security to third-party firms, while private CFOs tend to invest in in-house IT teams. Regardless of who secures a company’s network, breaches are often known by CFOs before they are made public. By disclosing a breach, CFOs of publicly traded companies might trigger investor panic and sell-off, whereas private company CFOs risk irreparable harm to consumer and employee confidence.
On one hand, foreknowledge of pending disclosures can put unique pressure on public company executives, who often own considerable amounts of company stock. The ongoing federal investigation of three Equifax C-suite managers for insider trading arose due to alleged stock dumping prior to the revelation of the company’s catastrophic cyber-attack.
Equifax underscores the tension between a public corporation’s responsibility to its board, shareholders, and customers, and the financial implications of both the breach itself and legal requirements governing its reporting and remediation.
On the other, while private companies aren’t under the same legal obligations in terms of disclosure, and while the short-term consequences may be less impactful, these companies still face long-term pitfalls, such as lost trust and tarnished brands. Moreover, a medium-sized business may not have the capital or reserves to recover reputationally or financially after a major data breach the way a multinational corporation can.
Additionally, the moderate scale of many private companies sometimes instills a false sense of security. Middle-market businesses often assume they’ll be overlooked by attackers, whether due to a large number of similar companies, or a lack of enticing assets. After all, isn’t it the bigger fish that stockpile the type of data and info that hackers tend to target?
Be prepared
A lack of proper preparation only exacerbates the panic once an attack does occur. Attempting to deal with an attack on the down low can earn private enterprises a reputation as easy marks, and provoke subsequent attacks. Further, if the rearguard strategy backfires, or is exposed by the press, this can amplify the damage to a company’s brand and leadership, not to mention potential legal consequences if a court can prove negligence.
In terms of the bigger picture, the lack of reliable data pertaining to attacks on private companies leads to lopsided analysis regarding the multifaceted aims and motives driving these attacks, resulting in a sort of half-finished portrait of the threat landscape.
While cybersecurity prevention could be vastly improved by greater information sharing, some surveys of CSOs indicate that only one in seven attacks are reported to authorities. Alas, as it stands, adequate event modeling, and risk and security assessments, are being stymied by a lack of shared intel on private company breaches, effectively hampering the development of comprehensive prevention and management strategies.
This lack has precipitated the introduction of numerous cyber-security regulations around the world, and though the regulatory ecosystem is in a state of flux, the global trend is invariably toward greater transparency. CNBC notes that “governments around the world are introducing legislation which will force more companies to disclose data breaches,” a reach that already extends to private enterprises.
Regulatory environment
Both private and public companies are compelled to comply with local, national and global disclosure regulations, including Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPPA), and the EU’s General Data Protection Regulation (GDPR).
The GDPR, which regulates the collection and storage of customer information and data, and can levy fines of up to €20 million, requires that private companies disclose if they have a footprint in Europe, or otherwise handle the information of European citizens.
In the US, Sarbanes-Oxley (SOX) indexes the responsibilities of both public and private companies, including rules pertaining to compliance with federal prosecutors, and criminal penalties. Further, HIPAA governs how any company, public or private, handles personal health information.
Though public companies, traditionally, may have shouldered an inordinate amount of the fallout from disclosure, this has left them better readied for the implementation of legislation designed to enforce transparency. Even more advantageous, public companies now have hard-won practice mitigating the financial risks and ramifications resulting from disclosure.
Private companies, by contrast, are less aware and agile in terms of prevention and response; protecting their brand, for example, or proactively communicating with clients. Simply put, having been in battle, public CFOs are stepping up and getting more involved with cyber-security, while private CFOs, hovering on the sidelines, appear far more circumspect.
Make no mistake: this problem is only getting worse. The situation could improve rapidly if execs from companies of all stripes and sizes shared details of attacks with the larger corporate community.
Whether you are a CFO of an international, publicly-traded conglomerate, or a mid-sized regional business, it is well within your portfolio to do everything possible to properly prepare for the threat. Engage with the board, secure funding for proper security controls, and encourage leadership to be forthcoming when not if, your company’s cyber attack occurs.
About the Author
Andrew Douthwaite has over 17 years of technology experience joining VirtualArmour in 2007 as a senior engineer. Now as Chief Technology Officer, Andrew focuses on leading growth in the managed security services business and ensuring VirtualArmour is a thought leader in the security industry.
Safety is paramount to the success of your business, which is why larger companies dedicate entire departments to protective measures. Small business owners don’t always have that luxury, leaving them to handle unique risks without a massive amount of protective resources. That creates a real challenge, one that can often lead to digital, physical, and even legal issues most are unprepared to handle.
So, what can you do? Before leaving your failsafes and security protocols to the wind, check out these tips to help make protection a top priority at your small business. From simple office rules to management tools, here’s the ultimate safety strategy.
Get Rid of Personal Devices
Step one to your plan of action should be eliminating personal or bring-your-own devices in the workplace. This reduces the risk of weak links in your security plan, helping to keep the lid tight on your operations.
While this isn’t always possible, there are workarounds to achieve the same result. Instead of removing these devices from your place of business, adopt a universal security package for your employees. The usefulness of managing and auditing your entire IT infrastructure’s user access rights with a tool like SolarWinds can’t be understated.
Malware Matters
As tight as security may be on your employee end, the world of the web is a malicious place. Malware protection is a vital safeguard for your business, manning the front lines while data enters and leaves your servers. It’s still important to train employees on security and safety measures, but this set-it-and-forget-it protection is something you can’t do without.
Unique Passwords
While this 90’s rhetoric shouldn’t need restated in 2018, the number of hacks from even seemingly airtight corporations in the past few years suggests that it hasn’t set in just yet. With a single data breach costing upwards of $1 million on average, this is one area of security you literally can’t afford to overlook.
Ensuring every member of your staff uses a strong password is crucial these days. Have them keep the word used unique, add numbers, and make sure they utilize symbols if possible for the best results. Also, it helps to have your employees change their password every six months to a year.
Physical Security
It isn’t something most business owners want to think about, but individuals within your operation can be just as dangerous as those on the outside. While it is important to trust your employees, it never hurts to utilize cameras and locks when possible. Plus, these tools are an excellent means of theft prevention.
Backup Your Data
From contracts to daily sales, today’s businesses record almost everything online. Technical malfunctions happen at the most inconvenient times, which is why backing up your data is essential. Instead of opting for pricey equipment, consider cloud storage as a frugal yet secure alternative. There are numerous cloud storage services available that can help you create “hard” copies of important information.
Insurance
Even if you’re in the earliest stages of operation, business insurance can save you an enormous headache. Depending on what your business entails, you may need varying types of insurance. Public liability, home business, and indemnity are a few popular examples. Regardless of which kind your business needs, protecting yourself in the event of a worst-case scenario is vital.
Other small business insurance needs include:
Physical Protection
No, not bodyguards. Physical protection and security come in a wide variety of forms. Each of which is equally as important as the digital ones you’ve set in place. A simple example would be ensuring that your brand is unique to avoid any litigation or legal ramifications.
Another example would be the use of physical documents for contracts and agreements. Aside from creating a professional look, it further protects agreements made between you, your employees, and your clients with a hard copy. Adding arbitration clauses to those contracts is another physical security measure that can prevent legal ramifications down the road.
Finally, physical protection for a small business can be as simple as creating a safe work environment. Working to prevent accidents and encouraging non-discrimination as well as non-harassment policies might not be the first thing on your mind when the word protection comes to mind, but they are just as important as cyber security measures.
Protecting Your Business
Security isn’t something to take lightly in any business venture, but you don’t have to shell out your earnings on an entire department just to make sure your organization is protected. By following the tips and advice above, you can keep every aspect of your small business from digital to physical secure while keeping things affordable.
There are few businesses that don’t rely on the transmission of sensitive digital data in the course of their day to day operations and because of this, cyber security is an ongoing concern. Unfortunately, the businesses that are caught in the crosshairs are small to medium size enterprises, or SMEs, since most lack the financial resources to employ full-time IT staff. For those companies looking to keep their data secure in 2018, it helps to become familiar with what is trending in cyberspace security.
From there, owners and directors are in a better position to know how to protect their company’s sensitive data and that of any clients or customers who may also be harmed by even a single breach. Are you concerned over the data held on your computers and connected devices? If so, it pays to understand what you are up against.
Compliance with GDPR Regulations
Probably the biggest trend in cyber IT security is the newly launched GDPR regulations which are to be strictly adhered to by any member state of the EU. Also, anyone who does business with residents in the EU must be in compliance or face a stiff penalty. But, what are these regulations and why are they in place?
The first thing to understand is that the GDPR (General Data Protection Regulation) is in place to provide necessary layers of security to digital data, especially during the transmission of this data. With such a growing concern over data breaches and dangerous system hacks, the EU devised a set of requirements which member states and anyone doing business with member states must adhere to. Summed up, these regulations include:
You will notice that “certain companies” are required to appoint a DPO and it will be this person who oversees the internal IT support necessary to keep data secure. However, SMEs are probably ‘exempt’ from this requirement based on size and company worth. This leads us to the next top cyber IT security trend.
Managed IT Services to Ensure Data Protection
Since it isn’t typically possible for small to medium size businesses to afford full-time IT support staff, a growing trend is to contract IT support providers that specialise in cyber security. Not only is it essential to keep a network up and running but the integrity of data is of ultimate importance to ensure compliance with GDPR. This is a growing trend, second only to understanding the basic guidelines which are to be followed. Even though most companies understand the rules, they are also unprepared for the technical applications which ensure compliance.
Another of the benefits of contracting IT support providers is that they can match your cyber security needs in a bespoke manner. Not all companies have the same needs and so a team of professionals can tailor your cyber security to the type of information stored, the places it is likely to be transmitted and keep any ‘risk’ factors to a minimum based on your system.
Putting AI to Work
Here is one specific task which will almost always need the services of IT professionals. Artificial Intelligence, AI, is on the cutting edge of cyber security. Now IT professionals are using AI to help them quickly identify possible threats without human intervention in order to prevent attacks before they happen. Bear in mind that cyber attacks happen so quickly that by the time anyone is aware that your system has been breached, it’s most often too late.
Then it becomes a matter of making patches to areas through which the hackers were able to gain access to your data. Unfortunately, there is a down side to this as well. There is some amount of concern that hackers will begin using AI because, as is the case with defense, machine learning can assist cyber criminals to find weak spots where doorways can be created. To date, no AI attacks have been noted, so cyber security teams are still one up on would-be criminals.
A Growing Emphasis on Patches
If there is anything the WannaCry ransomware attack taught us it would be the need to keep up to date with patches as they are released. In fact, statistics prove that there are more than 4,000 ransomware attacks daily and that WannaCry was responsible for at least 230,000 computers being attacked in a single day across more than 150 nations. The reason this particular ransomware attack was able to reach that many systems is because they failed to download and install the patch Microsoft released after recognising the hole.
These companies either didn’t understand the need for staying current with security patches or simply failed to do so based on time constraints of staff. When no one is in charge of IT security, someone needs to step away from their job to find a fix. This is often insufficient due to lack of knowledge and experience, so here again, it pays to use the services of IT support pros.
A Growing Need for Real Time Defense
Somehow the gap continues to grow between known malware and viruses and what anti-virus and anti-malware tools are able to protect in real time. As mentioned above, mutations of known malware and viruses are being released daily and it is almost impossible to keep up to date with the tools needed to guard against attack. However, that being said, IT security teams provide defence at the end-point so that they can check criminal behaviours before they impact your computer. Malicious behaviours are identified in real-time and stopped dead in their tracks before they are able to penetrate your computer.
Connected Devices Are a Growing Concern
Something else to look for in 2018 and beyond is a growing concern over the vulnerability of connected devices that are rolling out by the billions each and every day around the globe. The IoT is a wonderful boon for anyone seeking ease of use or remote access, but when it comes to the potential for hacking, they can be a real risk. Since each device is connected to your computer and through your computer to the network, hackers can now target the device in order to find a back door into your system. You will see a growing emphasis on IoT (Internet of Things) security in the coming years, but this one area is of high importance in 2018.
Business Programs