Whenever news breaks of a cyber-attack or a data breach, the victim is nearly always a well-known global or multi-national organisation worth billions. This gives the rest of us some pause and to some extent, a false sense of security (if you will excuse the pun), but rarely makes us seriously consider our own cyber defences. If we happen to be part of a small business, we don’t often consider our business at risk from such threats; after all, who would want to hack into our systems? But it is just as important that small businesses have effective cyber security measures in place, not only to protect their own interests, but also their eco-system of partners, who may well be targeted for attack through a hole in a smaller business’ security…
How and why are small businesses vulnerable?
In 2012, there were 300 times more cyber attacks on small businesses than in 2011, and since then, the numbers have been rising year-on-year. Smaller businesses, either limited by strategy or finance, tend to have weaker or lesser cyber security in place, which makes them easier to attack. Moreover, a lot of small businesses have Fortune 500 companies and other large organisations as clients – this means that by hacking the small business, the hackers can gain access to their larger, high profile clients.
Securing small businesses against cyber attacks
That said, cyber security services are becoming much more cost-effective and therefore accessible to small businesses, with many beginning to realise that they can employ reputable security firms to handle their cyber security. While employing these cyber security services is an important step, there are also other practices that small businesses can undertake to make their organisation more secure.
With this in mind, here are my top six tips that smaller businesses need to think about with regard to securing their businesses:
- Understanding the risks
- The first step to securing your business is to learn what threats and vulnerabilities exist, and where these threats could be coming from. You and your security team need to know what’s out there.
- Create and implement a security policy
- The next step is to create a security policy that involves strict protocols, for both everyday security and for situations where your security has been compromised.
- Train everyone on security
- Everyone in the organisation needs to be educated on the potential risks and threats and has to be trained in the business’ security practices. There can be no exceptions; believe me, it takes just one person breaking protocol to give hackers the opportunity they need.
- Maintain physical access control
- While securing your network is important, controlling physical access to networked devices is also critical. An unauthorised person accessing a device could easily compromise your security.
- Password protect and authenticate
- Every system in the organisation must have a unique password and only authorised employees should be in the know. Wherever possible, your vendors must also employ multi-factor authentication to further secure access, and all software that employees install on their systems must be approved by your security personnel.
- Secure mobile and Wi-Fi access
- Every employee is sure to have a mobile device, whether it’s a smartphone or a tablet, and every one of them is likely to want to connect to the company Wi-Fi. If your company culture allows this, I recommend mandating the installation of security apps on these mobile devices, as well as maintaining constant Wi-Fi access control.
These security practices will improve the internal security of small businesses and bolster their ability to combat threats. However, these practices should form only a part of the organisation’s overall cyber security strategy. Surveys reveal that small businesses are often forced to shut down following a cyber-attack because it has caused such irreparable damage to the organisation.
From my perspective, it is vital that these smaller organisations partner with a cyber security services provider to protect their data and ensure business continuity, otherwise they may find themselves the next victim of a cyber attack.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/