January 19, 2017

Small Business Cyber Security: Are You Doing This?

Think a small business is safe from cyber criminals?

In fact, no business is too small to avoid a cyber attack or data breach, wrote Larry Ponemon about the findings of the 2016 State of Cybersecurity in SMB (small and medium sized businesses). The research showed that in the past year, 55% of respondents had experienced a cyber attack while 50% had a data breach.

What’s also important to know is that cyber criminals know that small business network security is often lacking, and that makes stealing data easier, quicker, and less risky.

What are information security best practices for small business?

Identify sensitive data:  Every organization handles a certain amount of confidential information even if it’s simply identification information about its employees. Keep records of this information, where it resides, and who has access to it too.  

Have a small business internet security policy: Create an official security policy that employees can refer to. This shows that the company takes security in the workplace seriously.

Protect all computers: A Computerworld story reported that cyber crooks are targeting small businesses because of their lack of strong authentication procedures, transaction controls, and red flag reporting capabilities. Secure computers with firewalls, antivirus software, and other security software.

Focus on employees: Employees are typically an organization’s biggest security risk so it’s so important to teach them about information security. Use security awareness training to teach them how to make secure choices in and out of the office, and lead by example too. According to the Ponemon study, the most prevalent attacks against small businesses are web-based and phishing/social engineering.  

Tackle social media:  Many employees participate in social media. Empower employees with small business cyber security best practices that include guidelines about social media. For example, define what is confidential and not appropriate for social media postings.  

Mobile protection: There are more mobile devices than ever in the workplace. Many employees keep work and personal data on phones and tablets, and don’t have sufficient security. Encrypt all devices, and provide IT safeguards.

Passwords: Passwords are a critical key to small business cyber security. Be sure everyone uses strong passwords, and keeps them safe. Change passwords if employees leave, or there are changes to third-parties.   

Physical security: Provide physical protection for confidential information. Physical statements that contain credit card data, etc. can be easily recovered from open recycling bins; many legacy devices contain residual data that can be found – and stolen. Proper disposal of information that is no longer needed is important. Both paper documents and hard drives containing confidential data should be securely destroyed. Partner with a reliable shredding company that has a secure chain of custody including locked consoles and on-or off-site shredding and hard drive destruction services.

Choose a security partner:  Partner with vendors and third parties that are committed to security and understand the unique needs of security in a small business environment. Look for companies that have a proven track record in information security and who can provide on-going information about privacy laws that pertain to your industry and business.

A Document Management Policy will help a small business protect its confidential information from creation to disposal.