The Best Practices In Cyber Security For Small-To-Medium-Sized Businesses
Today, like never before, businesses face a barrage of spear-phishing attacks, new forms of creative and nasty malware, and the risk of infected laptops coming and going behind their firewalls.
Cyber-crime is growing at a tremendous rate. It’s become an organized big business opportunity for criminals, and is projected to grow to $600 billion this year, larger than any other form of crime. But why should small-to-medium-sized businesses (SMBs) worry about being targets? After all, they’re not Bank of America or Home Depot.
“Cyber criminals don’t discriminate,” warns Gary S. Miliefsky, founder of SnoopWall Inc., a counter-intelligence technology company. SnoopWall offers free consumer-based software to secure personal data on cell-phones and tablets. “In fact, cyber criminals find SMBs easier targets because their defenses are often not as advanced as those of larger businesses.”
Let through one piece of ransomware and you might very well be out of business. “Some of the latest ransomware exploits will not only encrypt your laptop or desktop, but they also look for file servers and do the same, automatically,” Miliefsky warns. “Then you will no longer have access to your own files – or even worse, your customer records – until you pay the ransom.”
Things are so bad that the FBI now recommends paying the extortion fees! “But we can’t let ourselves become victims. It’s time to get proactive and make sure we’re one step ahead of the next attack,” says Miliefsky. “It all starts with best practices. These are things you do, steps you take, actions and plans that can protect your company in the face of cyber threats. For example, if you do frequent daily backups and test those backups, then if you’ve been victimized by ransomware, you won’t need to pay the extortion fee. You could simply wipe the infected computer, re-image it, and restore the latest backup.”
Miliefsky says there are several “must-do” best practices for increasing cyber security in your small business:
- Create corporate-security policies and make sure all employees commit to them.
- Train employees in key areas – acceptable use, password policies, defenses against social engineering, and avoiding phishing attacks.
- Encrypt all records and confidential data to be more secure from cyber attack.
- Perform frequent backups and keep a copy of recent backup data off premises.
- Test backups by restoring your system to make sure the process works.
- Carefully screen potential employees to reduce the risk of a malicious newcomer.
- Defend your network behind your firewall – and make sure you can block rogue access. You don’t want the cleaning company plugging in a laptop at midnight!
- Deal with the bring-your-own-device dilemma by standardizing security protocols.
“Still,” Miliefsky warns, “you need to remember that most breaches occur behind firewalls. How many times have you heard of a trusted insider falling for a phishing scam or taking a phone call from someone who sounded important who needed ‘inside’ information? Realize that some employees will browse websites they shouldn’t, gamble online, or chat using instant messenger tools. Educate your staff about acceptable use of corporate resources, and demand careful adherence to security protocols.”
Anyone can fall victim to even very obvious scams. Employees may not know your password policies or why they shouldn’t open an attachment that says “Congrats! You’ve just won a million dollars – click here!” It’s essential to train all your personnel on how to avoid cyber breaches.
Miliefsky suggests that you teach your staff the do’s and don’ts of instant messaging as well as other cyber security protocols. “If you are logging email for legal purposes, let them know that you are doing so, and why. Give them real-world examples about what they should do in an emergency. Teach them why you’ve implemented a frequent-password change policy, and why their password should not be on a sticky note under their keyboard!”
You should also perform your own security self-assessment against the best-practices recommendations above. Network security is a process, not a product. To do it right, you need to frequently self-assess, and make adjustments as needed.
Boards, CEOs, CFOs and CIOs are under extreme compliance pressure today. Not only are they charged with increasing employee productivity and protecting their networks against data theft, they are also being asked to document every aspect of IT compliance. “I recommend, whether or not an outside firm is performing IT compliance audits, that you begin performing measurable compliance self-assessments. You’ll need to review federal regulations that affect your organization,” Miliefsky notes. He adds that some states have their own regulations, too. “In California, for example, if there has been a cyber breach regarding confidentiality, companies are required to publish this information on their websites. They also must notify customers if personal information has been compromised.” The easiest thing you can do to prove that you are in compliance is to document the steps your company is taking to protect data.
By taking a strong proactive approach, setting measurable goals, and documenting your progress, your business will be more secure in the months and years ahead.
This article was written by Kate Harrison from Forbes and was legally licensed through the NewsCred publisher network.
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.