The rate of cyber attacks targeting small businesses has been mounting since 2011. Symantec, the global web and system security company in its 2016 Internet Security Threat Report has showcased how cyber security issues for small businesses have increased in the recent years.
https://smallbiztrends.com/wp-content/uploads/2016/04/cyber-attacks-850×638.png
A handful of reasons suggests why small businesses are aimed by hackers and cyber criminals.
- They do not have resources to invest in enterprise-grade security features
- The employees are either not trained or have little security awareness
- The databases are hosted in shared domains or servers which can be easily penetrated
- Small business owners do not appreciate the need for antivirus security software
These are the reasons which contribute to the increasing levels of cyber security attacks against small businesses.
Luckily, help is within quick reach. There are proven security measures which small scale businesses can deploy to fortify their organizational data and customer records.
For convenience, we can segregate the security measures at different levels:
- Data level
- Employee level
- System level
These are the three pivotal areas which get hit in the event of a security breach.
Data – Personal records of customers, banking credentials, credit or payment credentials of customers, etc. etc. leaked, made public, destroyed or stolen by hackers.
Employee – Payroll information, entity information and mission-critical data (as in federal projects) etc. stolen by hackers
System – Access to user systems, servers, websites, etc. being usurped by hackers
Now, let us discuss in detail how each of these areas can be strengthened using various security measures.
Data-level security measures
3 major ways how small businesses can protect their organizational data from cyber security threats:
1. Update latest software patches
Outdated or obsolete software leave loose ends that hackers can exploit to force backdoor entries into a network of systems. Small businesses, for a variety of reasons, including the sheer amount of work involved, often ignore the need to constantly update their software patches.
By updating all software used in the organization and keeping it updated at all times, the risk of a security attack can be kept to a bare minimum.
2. Data backups
Anything is lost, when it cannot be recovered. That is why data backups are critical checkpoints in a small business cyber security checklist. Data backups ensure, preferably in an offline medium, ensure that the business is able to get back on its feet even after a security breach.
The data backup can be used to restore operations back to normalcy. Cloud servers, data centers, storage devices, etc. help keep periodical data backups that keeps the business on its feet at all times.
Employee-level security measures
60% of data security professionals interviewed for the the Managing Insider Risk through Training & Culture Report responded that employees are the weakest links causing data breaches.
Hence, securing data perimeter for employee usage is critical to small business cyber security. The same can be done with the following tactics:
3. Password hygiene
Easy to guess passwords, passwords that have not been changed for a very long time, repeated passwords, etc. are common behavioral traits amidst employees.
Making them aware of password hygiene, that is, the need to have unique, complex and frequently changed passwords is the first step towards ensuring business data security from employee dimension.
4. BYOD security measures
While enterprises appreciate the mobility and cost-efficiency that BYOD is bringing, the risk of company or client data being lost remains their primary concern.
The BYOD work philosophy can be made hack-proof by instilling features like registering all BYOD devices to a secure network. Unauthorized devices brought by employees can be barred from accessing the network. The attached devices can also be scrutinized for possible existence malware or spyware that can infiltrate the system.
5. Protection against phishing
Intel conducted a phishing quiz to observe how proficient users were in identifying a phishing mail from an ordinary one. The quiz brought out a staggering result that 97% respondents failed to recognize a phishing mail from an original.
The image below summarizes Intel’s finding:
http://www.photoxels.com/photography/wp-content/uploads/2015/05/phishing-survey-infographic-600.jpg
The bottomline is, employees need to be warned to abstain from clicking on any link or attachment in emails that comes from unverified sources.
System-level security measures
Finally, the system used by the organization needs to be prepared to withstand any possible security threat. Here is how it can be done.
6. Set up Firewall
The firewall is a turnkey software which regulates the flow of information between the server system and the Internet. It ensures that no unauthorized elements are getting into the server environment. Firewalls are the first line of defense that helps thwart common security issues that small businesses have to face.
7. Antivirus software
While firewalls keep the Internet connection secure, user systems also need to be insulated from virus attacks. USB thumb drives, external hard disks and mail attachments can spread virus programs that can destroy the system health.
The solution is to be an antivirus software that will block all virus programs from entering the system from external sources.
8. HTTP encryption
HTTPS encryption came to the foray of web security in the recent years. Along with Google, even CMS platforms like WordPress are pitching for a safer web environment made possible with HTTPS encryption.
A wildcard SSL certificates can help users identify secure websites that are safe to transact with it. In fact, studies have proven that websites that display trust seals of SSL certificate providers enjoy a higher conversion rate than websites with HTTP encryption.
HTTP encryption can give the dual benefit of user security + conversion rate improvement.
In a Nutshell
Data breaches happen primarily at three levels: data, employee and system. Securing these three dimensions can make a small business less prone to cyber security threats.
The article has also outlined how each of the dimension can be secured for maximum cyber security.