Cyber threats are very real and present dangers to any small-to-medium business. In fact, 62 percent of businesses hit by ransomware in 2016. Yet, as noted by the 2017 State of Cyber Security Study by ISACA, 80 percent of respondents are not prepared for the imminent cyber threat facing their business. Part of the struggle is the ability to understand cyber security and threats to SMBs.
Most companies depend on their IT departments to handle this area, while the rest of their employees are just as likely to be a cyber threat to the business. Altogether, SMBs can and should do more to protect their data and systems. Here are a few easy-to-implement preventative measures to improve your cybersecurity this week.
According to the Harvard Business Review, your employees are your biggest threats when it comes to cyber security. In a 2016 survey, IBM discovered that 60 percent of cyber attacks came from inside the office. More surprisingly is the fact that 25 percent of employees did not even realize they were creating a threat. The main areas of concern to focus on when updating your company’s cyber security are employees who:
- Access their social networks while in the office open up the cyber gateways for hackers to disrupt systems via malware and phishing attacks
- Fail to protect their passwords weaken the IT infrastructure
- Do not report stolen hardware, suspicious emails, missing documents, etc., all of which can lead to cyber theft
By focusing on the employee threats, you can strengthen your SBM’s cyber security today. These are all simple areas to address in the protection of your IT system and server, as well as your customer, client, and employee information.
Enact Security Policies
Start by developing employee policies that reflect your company’s security practices. The main premise of these policies is to protect the sensitive data within your company. As noted by the SBA, policies to develop include setting boundaries of cyber security, along with disciplinary consequences of crossing these boundaries. Areas to cover in corporate policy should include, at a minimum:
- Password protection
- Use of social media at work
- What to do if an employee feels their cyber security is compromised
Cyber Security Training
Once you have policies in place, it is time to start training your employees on how to follow procedure. During these training sessions include up-to-date information on best practices for protecting data and dealing with online threats. In addition, employees should be educated on how to avoid sharing private or proprietary knowledge associated with your company online.
Consider hiring a cyber security specialist to provide employee training. The National Conference of State Legislatures offers a list of cyber security training agencies in each state. This is a good place to start your search for a viable trainer candidate.
Implement Multi-Step Identification for Passwords
Your company needs to address the security risks associated with passwords and any use of social media while in the office. There are times when employees have a lapse in judgment or simply make mistakes. How can you protect your company in these instances?
PC Mag recommends using a multi-step identification system that requires employees to use more than just a password to access onsite data and computer programs. Along with a username and password, the employee may need to enter a PIN number and their telephone number, birthdate, or date they started working for you.
Protect Hardware and Devices
If your employees take home laptops or use company mobile phones, then you need to have a way of protecting these forms of hardware. If you do not have a recording system that identifies which devices are with whom, it is time to set that up. Update your records on a routine basis by manually checking the ID codes on hardware and devices being used by employees.
Also, require all employees to use an individual account and multi-step identification for passwords. Maintain a log of all of this information in a hard copy file secured in the office. As for administrative privileges to laptops and devices, only provide these to the IT staff and leadership personnel as noted in your cyber security policy.
Utilize Protective Software
Ever since the first computer viruses started showing up, computer users have begun using anti-virus software. However, a single anti-virus program is no longer enough. Other types of protective software to consider include:
- Access control
- Anti-subversion software
- Cryptographic software
- Anti-tamper software
Check with your IT department to see which of these solutions would be viable for your company. Another option is to update to a computer system that has the most security. The MIT Information Systems and Technology program, one of the forerunning colleges in technology services, recommends MIT students and faculty use Apple, Dell, or Lenovo computers.
There you have it, a simplistic plan for helping protect your SMB from potential hackers and cyber attacks. By implementing these solutions, your company will be on the right track with cyber security.