Cyber Security: As Vital for Small Firms as Large Ones
It may be hard to believe, but it’s true — in the last 12 months, half of all U.S. small businesses have had their online security breached.
A 2016 Keeper and Ponemon Institute survey of 600 information technology (IT) leaders at small- and medium-sized companies showed that cyber-attacks and data violations can happen to any firm, regardless of size. Because October is National Cyber Security Awareness Month, it’s a good time to review the risks and the ways you can protect your business from computer invasion and data theft. And it’s worth knowing how the outcome of the 2016 presidential race might affect cyber security.
Market analysis firm Juniper Research projects that cyber-crime will cost the world $1 trillion by 2019, more than four times the estimated cost of breaches in 2015.
Hackers and malicious code writers seemingly never sleep. Juniper’s report calls out the increasing professionalism of cyber-crime as the number of casual hackers declines. These bad actors are constantly developing new computer viruses, spyware, and malicious codes, so cyber defenses must be ever-renewing, as well. Millions of computers are at risk — even to the point of global outages. CNBC listed as 2016’s biggest cyber security threats:
- Machine-to-machine attacks, due to the propagation of connected electronic devices;
- New worms* and viruses** designed to spread to other computers;
- Attacks on the “cloud” (essentially the internet: electronic storage hosted outside your office that allows 24/7 access to your data) and cloud infrastructure;
- Attacks on corporate networks via mobile devices using compromised applications that rely on the cloud;
- “Ghostware,” malware designed to invade networks, steal data, and hide its tracks, making it very difficult for businesses to discover data theft and the magnitude of the loss;
- “Blastware,” code that destroys or disables systems when it’s discovered; and
- “Two-faced malware,” code that appears harmless under scrutiny, but turns malign once it’s no longer under surveillance.
These threats loom over every business, large and small. And the proliferation of connected devices — phones, appliances, cars, etc., called the Internet of Things — makes cyber-crime and cyber-disruption all the more tempting for evil-doers.
Ways to keep your data safe
To help you safeguard your company’s information, we’ve curated a dozen cyber security tips from security experts:
- Protect against viruses, spyware, and other malicious code – Equip all of your computers with antivirus software and antispyware. Configure all software to install updates automatically. Use pop-up ad blockers (ads can contain viruses) on all company computers.
- Secure your networks – Safeguard your Internet connection by using a firewall and encrypting information. Keep your Wi-Fi network secure and concealed, and password-protect access to the router.
- Establish security practices and policies to protect sensitive information – Set policies on how employees should handle and protect personally identifiable information and other sensitive data. Determine consequences for violating company cybersecurity policies.
- Teach employees about cyber threats and hold them accountable – Educate staff on protecting your business’s data, including safe use of social networking sites.
- Require staff to use strong passwords and change them regularly – Use multifactor authentication that requires information beyond a password to gain entry.
- Employ best practices on payment cards – Work with your banks or card processors to ensure the use of the strongest tools and antifraud services. Isolate payment systems from less secure programs and don’t use the same computer to process payments and surf the Internet.
- Review accounts regularly – An account anomaly could be the first clue that something is amiss.
- Back up important business data – Regularly duplicate information on all computers, including word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Back up data automatically if possible, or at least weekly, and store the copies off site or in the cloud.
- Control physical access to computers and network components – Prevent access or use of business computers by unauthorized individuals. Lock up laptops when unattended. Create separate user accounts for each employee and require strong passwords. Give administrative privileges only to trusted IT staff and key personnel.
- Create a mobile device action plan – Mobile devices can create significant security and management challenges, especially if they contain confidential information or can connect with the company network. Require users to password-protect their devices, encrypt their data, and install security apps to protect their devices while on public networks. Establish reporting procedures for lost or stolen equipment.
- Protect all pages on your public-facing websites, not just the checkout and sign-up pages
- Reward security-conscious behavior – When an employee recognizes an intrusion attempt and promptly notifies management, salute that action at a public employee gathering or all-staff email. Consider a small rewards program for employees who regularly sign up for ongoing training (reducing the “mandatory” nature for such training).
All this amounts to creating a culture of cyber security in your company. Proper staff training and reinforcement are essential with any strategy to safeguard key information and business integrity.
Cyber security and the election
On the brink of the 2016 presidential election, what do the candidates say about cybersecurity?
Democratic candidate Hillary Clinton has stated that, if elected, she will “promote cyber security at home and abroad.” She has said the United States should treat “cyber-attacks like any other assault on the country,” and respond with political, economic and military tactics.
Republican nominee Donald Trump has talked about increasing cybersecurity against Chinese hackers, but otherwise his position on electronic protection is vague. As noted in the U.S. political website The Hill, Trump has said “he would ‘be open to closing areas (of the internet) where we are at war with somebody’ but did not lay out a vision for how this might work, given the fundamentally open and interconnected nature of the internet. His position is clearer on the lawful access debate, stating when asked about NSA surveillance that ‘I tend to err on the side of security.’”
Regardless of who next sits in the Oval Office, cybersecurity will pose a daunting challenge to the nation and American business.
*Malware that replicates itself in order to invade other computers
**Computer codes that can copy themselves and can corrupt systems or destroy data