Cybersecurity often doesn’t get the attention it deserves within small businesses. According to a 2012 joint study by security firm Symantec and the National Cyber Security Alliance (NCSA), 83% of small businesses do not have a formal cyber security plan, and 69% are without even an informal plan. Like most accidents and misfortunes the assumption often is that “it only happens to the other guy.” However, cybersecurity IS serious business and a security breach can and will happen to your organization if you don’t take proper precautions; it’s only a matter of time! If your organization doesn’t have a security plan in place then it needs to implement one immediately.
Let’s continue with where we left off in part 1 by outlining some further steps you can take today to mitigate the risks to your business posed by cybercriminals.
DON’T pickup lost USBs/thumbdrives: Hackers need only one vulnerable point of entry into a company network. A trick that has come to light recently is for a hacker to drop a spyware infected USB drive or thumb drive in the parking lot of a company. When an unsuspecting employee picks it up and installs it into their computer the malware gets unleashed through a phishing attack and the hacker gains the needed access point to exploit company assets.
Secure your network: A common point of vulnerability that hackers use to gain entrance into companies is through unsecured or poorly protected Wi-Fi networks. Some important measures to hack-proof your network are 1) enable WPA2 wireless encryption 2) create a strong SSID network name and 3) select a lengthy pre-shared key with a combination of letters and numbers.
Adopt a personal encrypted VPN service: VPN was once the luxury of big enterprise businesses, but now there are many personal VPN vendors such as WiTopia and StrongVPN that cater to small businesses and which run as little as $10 a month. The advantage of a personal VPN is that it provides a layer of encryption at the router level that protects all the network traffic entering or leaving your computer. This extra protection makes it very difficult for hackers to break through and steal information.
Guard against phishing attacks: A common means hackers use to capture private data is through spam or fake emails that purport to be from legitimate corporations, banks, or other institutions. Never click hyperlinks in suspicious or unverified emails, especially ones requesting information or payments. Keep in mind that legitimate institutions that offer payment options will always have HTTPS websites equipped with SSL protection. Implementing desktop and network firewalls and anti-spam email software also will reduce the likelihood of these kinds of attacks.
Schedule a penetration test: This procedure seeks to actively exploit vulnerabilities in your company’s infrastructure to determine the real-world effectiveness of current security protocols against skilled hackers. Experienced service providers such as Redspin can help organizations protect critical data, maintain compliance, and reduce overall risk.
Small businesses today are in an extremely vulnerable situation as most have no formal cybersecurity plan. Again, it bears repeating that if a retail giant like Target could experience such an epic security breach then small businesses should do everything in their power to protect, prevent, and defend against security breaches by adopting clear cybersecurity strategies.
Don’t feel that you have to tackle everything at once, but work deliberately and clearly with key stakeholders and business leaders to establish milestones and benchmarks for the implementation of the above measures. Establish clear goals on the road towards “compliance.” Introduce your employees to the topic and ensure that they understand the benefits of cybersecurity. Make 2014 the year your organization adopts cybersecurity best practices and advances its pledge for a safe and secure future.