23 Mar How to Protect Yourself From Cybercrime: Tips for Small to Mid-Sized Companies
Cybercrime undoubtedly poses a real and growing threat to the United States, and it’s not just a government or big business problem. Increasingly, it is small and mid-size firms that make very attractive targets for cybercriminals. Why? Because not only are their defenses generally weaker, but smaller companies provide an entry point into larger firms with whom they do business.
According to the Verizon Data Breach Investigation Report, 61% of cyberattacks were aimed at small business. Another study reports cyber-attacks cost small business between $84,000 and $148,000, and yet found that 90% of small businesses don’t use any data protection at all for company and customer information.
The problem is not going to go away; it’s just going to get worse. So, how can your business defend itself against cybercrime? Below are 7 steps to building a strong defense:
“The truth is that small and mid-sized businesses are less likely to have the time, budget and expertise to adequately defend against an attack; but given the trends, it’s more important than ever that small businesses know the risks and employ effective strategies to protect themselves and their customers.”
The truth is that small and mid-sized businesses are less likely to have the time, budget and expertise to adequately defend against an attack; but given the trends, it’s more important than ever that small businesses know the risks and employ effective strategies to protect themselves and their customers.
1. Restrict Access to Your Network
Only those who need access to your network and its information should have it. This means that you should physically lock your server and other technical equipment to eliminate unauthorized access.
- Provide employees access to information on a need-to-know basis.
- Only authorized employees should have access to sensitive data.
- Limit administrative access to trusted IT staff and key personnel.
- Password protect computers and other network equipment. Check out our 6 password tips to protect your data.
- Restrict third-party access to the network.
- Physically lock your server and other technical equipment to eliminate unauthorized access.
2. Employ Network Defenses
Your network defenses encompass the protective measures that use computer networks to detect, monitor, protect, analyze and defend against network infiltrations. It starts with using proper networking equipment, such as firewalls, to impede network access, but there are many other things you want to include to protect yourself from cybercrime:
- Monitor activity on your network using effective intrusion detection and prevention tools.
- Secure remote access to the network via Virtual Private Networks.
- Maintain up-to-date software, malware, virus, and spam-filtering services on all computers and servers.
- Apply software updates as they’re issued and have a process in place to update and patch third-party software.
- Use strong authentication procedures (consider multi-factor authentication) to limit access to data.
- Disable user credentials after a number of failed log-in attempts.
3. Establish Effective Security Protocols
Security protocols entail the various processes and methods used to ensure the security and integrity of data in transit over your network connection, and there are quite a few!
- Enforce strict password guidelines, and require employees to use complex passwords that are changed at least every three months.
- Back up data daily and test backups to ensure recoverability.
- Don’t open emails from unknown or suspect sources or click on links embedded in suspect messages.
- Address security vulnerability reports in a timely manner.
- Verify that any vendors who have access to sensitive information have secure method for storing and transmitting it. Put security standards in contracts and verify compliance by vendors.
4. Secure Transmission of Data
Although it may seem obvious, you make sure personal or sensitive information is transmitted securely at every point. Use strong cryptography along with widely used, industry-tested methods to secure your data. Additionally, make sure your encryption technology is properly configured.
5. Protect Physical Assets
Keep your physical media and devices safe by keeping them in a secure location. Implement a clean desk policy to ensure that documents are stored securely to safeguard sensitive and confidential data. If you have to get dispose of any data or equipment, make sure you do so properly and securely by shredding, burning, pulverizing, or wiping as necessary.
6. Train Employees
Your employees, in many ways, are your first line of defense as users of your systems. Provide routine security awareness training to them. Explain your security protocols and, most importantly, enforce them.
7. Test Your Defenses
You’ll want to make sure you perform “penetration tests” on a regular basis. This is where you, or your advisor, attempt to penetrate your network to test your defenses. You should also plan to conduct an independent security review at least once a year, depending on the size and scope of your technology.
Now you have the tools you need to protect yourself from cybercrime and build a solid defense against the multitude of cyber threats. You can operate your business with peace of mind that its systems are secure. Unfortunately, you’ll never have complete peace of mind because cybercriminals are continually trying to come up with new ways to penetrate your defenses. Keeping up to date with the latest threats and re-visiting what your vulnerabilities are will be a constant challenge, but by staying vigilant so you can make adjustments in your defenses and fend off cyberattacks.