Which businesses are most frequently the victims of a cybercrime? Most of us immediately think of the massive cyber breaches of Target, Neiman-Marcus, Blue Cross Blue Shield, CVS, and Walmart to name a few. According to Verizon’a 2013 Data Breach Investigations Report, 71% of the data breaches investigated by the company’s forensic analysis unit targeted small businesses with fewer than 100 employees. Of that group, businesses with less than 10 employees were the most frequently attacked. Small to medium sized businesses (SMBs) are now a major target for cyber attacks.
Our friends at Atiwa Computing Inc. have provided an eGuide – Combating Cybercrime on a SMBS Budget. We have selected the excerpts below from their publication to share with you.
To Stay Secure an Good Defense is the Best Offense
SMBs must understand that the time has come to get serious with their security. Sadly, many small businesses have a false sense of security. In the McAfee/ Office Depot joint survey of 1000 SMBs, over 66% were confident in the security of their data and devices despite admitting to obvious flaws.
Cybercrime is only one cause of compromised data. There are 3 primary causes of breached security at businesses according to the June 2013 Symantec Global Cost of a Data Breach study. Only 37% are attributed to malicious attacks. The remaining 64% are human error and technology errors.
Data breaches aren’t always about bad people doing bad things. Many are the result of good employees making mistakes or of technology failure. SMBs don’t necessarily need a large budget or dozens of employees to adequately protect sensitive data. A secure environment is possible even on a SMBs budget. Here are a few steps to improving data and network security.
STEP 1: KNOW ALL DEVICES CONNECTING TO YOUR NETWORK
Keep a frequently updated list of every device that connects to your network. This inventory is especially important given today’s BYOD (Bring-Your-Own-Device) workplace where employees can access your network through several different devices. Knowing what these devices are and ensuring they’re all configured properly will optimize network security.
All it takes is a regularly scheduled review to add or remove any devices and affirm that every endpoint is secure. Much of this process can be inexpensively automated through a Mobile Device Monitoring (MDM) tool. A MDM tool will approve or quarantine any new device accessing the network, enforce encryption setting is sensitive information is stored on such a device, and remotely locate, lock, and wipe company data from lost or stolen devices.
STEP 2: EDUCATE & TRAIN EMPLOYEES
Every employee should participate in regular general awareness security training. This will not only reduce security breaches directly tied to employee error or negligence but also train employees to be on the defense against cybercrime. Employees are critical to your security success and the prevention of data breaches. Hackers commonly break into networks by taking advantage of unknowing employees. Phishing attacks – legitimate looking emails specifically crafted to mislead recipients into clicking a malicious link where they’re asked to provide their username and password - are still successfully used by hackers to capture login credentials.
If a large company makes the news for a data breach tied to an infected email, be sure to share that news with employees with a warning. Come up with fun ways to teach employees how to identify spearphishing email attempts and better secure their systems and devices.
It is also important to have a security policy written for employees that clearly identifies the best practices for internal and remote workers. For example, password security is critical and passwords should be frequently updated to a combination of numbers, lower case letters and special characters that cannot be easily guessed. Security policy training should be integrated into any new employee orientation. This policy should be updated periodically. More important than anything, this security policy must be enforced to be effective.
STEP 3: PERFORM AN AUDIT OF SENSITIVE BUSINESS INFORMATION
If you want to keep your most sensitive business information secure, it’s important to know exactly where it’s stored. A detailed quarterly audit is recommended.
STEP 4: USE CLOUD AND MANAGED SERVICE PROVIDERS
Overall, the cloud is likely a more secure data solution for small business. Any conception that the cloud isn’t safe is outdated. Most of 2013’s security breaches were the result of lost or stolen devices, printed documents falling into the wrong hands, and employee errors leading to unintended disclosures. It’s fair to speculate that many of these breaches wouldn’t have occurred had this information been stored in the cloud rather than computers, laptops, and vulnerable servers.
SMBs with limited budgets are actually enhancing their security by moving to the cloud. Since there is no way a SMB can match a large enterprise’s internal services, moving services like emails, backups, and collaborative file sharing to the cloud not only reduces total-cost-of- ownership, and gives access to top-level security to better defend against internal and external threats.
Meanwhile, a Managed Service Provider (MSP) can assume responsibility for security measures like the administering of complex security devices, technical controls like firewalls, patching, antivirus software updates, intrusion-detection and log analysis systems.
MSPs are also capable of generating a branded risk report for any potential client or business partner reviewing your security measures. This third-party manual assessment of your network security can instill confidence in prospective business partners by proving to them that any possible security risks or vulnerabilities will be properly managed and addressed.
ATIWA Computing Inc. is ready to answer your cyber breach prevention questions. We hope that the information in this article will be useful in protecting your business.
At Dean & Draper we are your source for information and choices for your cyber breach insurance protection. We welcome your calls.
Dean & Draper is a Trusted Choice insurance agency representing over 200 insurance companies. For over 35 years we have offered a trusted freedom of choice to our clients. ContactUs.
The recommendation(s), advice and contents of this material are provided for informational purposes only and do not purport to address every possible legal obligation, hazard, code violation, loss potential or exception to good practice. Dean & Draper Insurance Agency specifically disclaims any warranty or representation that acceptance of any recommendations or advice contained herein will make any premises, property or operation safe or in compliance with any law or regulation. Under no circumstances should this material or your acceptance of any recommendations or advice contained herein be construed as establishing the existence or availability of any insurance coverage with Dean & Draper Insurance Agency. By providing this information to you, Dean & Draper Insurance Agency does not assume (and specifically disclaims) any duty, undertaking or responsibility to you. The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.