While the Internet has leveled the playing field for businesses, not all companies are the same with regard to data protection. Your startup may be able to compete with the bigger players in terms of products and services, but your IT team (if you have one!) isn’t going to have the same available resources to combat fraud and theft.
Let’s first establish how real the threat is for your business, and then we will go through the steps you can take to prepare your business for a cyber-attack!A Real Threat
According to the Federal Communications Commission (FCC), theft of digital information and data is now the most commonly reported fraud, surpassing stolen physical goods. The threat is growing, so much so that the FCC, in conjunction with the Department of Homeland Security, launched the “Stop.Think.Connect.” campaign to raise public awareness about cybersecurity.
If your business has an online presence – this isn’t really an option at this point – it is vulnerable to any number of data and cybersecurity threats. You may be asking “How likely is an attack and how bad can it be if something does happen to my business?” Think it won’t happen to you? A PwC survey of public and private companies found that 79 percent of respondents said they detected a security incident in the past 12 months. And what’s the damage? The Center for Strategic and International Studies estimates that cybercrime and cyberspying cost the U.S. economy $100 billion annually.
Further, many cybersecurity incidents go undetected, as PwC found a significant correlation between the size of a company and its ability to detect these fraudulent activities. What’s worse is the idea that the tools with which to commit cybersecurity are becoming more sophisticated, and technology’s precipitous rise is making it difficult for the authorities to keep up with hackers and Internet criminals.
Protecting Your Business
So, you may be convinced that your business is vulnerable, but you have no idea how to mitigate some of this risk. Let’s go over some steps you can take to limit the potential for a security breach.
First, approach the problem in a similar manner to which you would take for any other issue that arises. Make a plan. Bring in the most qualified people within your organization, start writing out your company’s vulnerabilities, and then take a long-term look at what can be done – within reason and within budget.
While it’s important to address cybersecurity, you can’t overdo it! Sure, your company may be vulnerable, but it’s not worth bankrupting yourself or your business to protect data. Speaking of bankrupting, think about what you want to be held liable for with regard to a hack. If you can avoid grabbing peoples’ personal information during business transactions or the sales process, avoid it! If you need to, have a credit card company or third-party group grab the information – this lets you off the hook.
The World Wide Web of Problems
Beyond that, let’s start with the basic risk: The Internet. Your Wi-Fi network should be password protected, secured, and hidden. You should also safeguard your connection – encrypt information and set up a firewall.
In terms of protecting data and information, you also need to be wary of something crashing, so you should make backup copies of everything that you consider critical. Think about moving some data to the cloud, or putting the more secure information in an offsite location (the cloud is becoming more secure, so you can actually put critical data here).
When talking with a cloud provider or a colocation provider (these are data centers where you can rent space), get assurances as to their security measures and protections! You should inquire about their policies with regard to who is granted entrance to the building, how many people have access to the physical data center, and what measures are in place in case of an outage.
Employees: The Biggest Risk for Your Company
But, let’s get to the biggest security concern: your employees. According to a TrendLabs report, employee negligence puts an organization at risk in many instances.
“The top reasons cited for data loss were SMB employees’ tendency to open attachments to or click links embedded in spam, to leave their systems unattended, to not frequently change their passwords, and to visit restricted sites,” said the authors of the report. “This negligence puts critical business data at risk from datastealing cybercriminals and malicious insiders.”
Your security plan should revolve around your employees. According to the FCC, training workers on cybersecurity principles is paramount to the success of any security plan. Start with requiring strong passwords, then establish Internet-use guidelines that detail the potential penalties for violating the company’s rules. You should also inform them of the importance of protecting customer and client information and data – the key is to make employees think about security, as this is half of the battle. Behavior will change when you emphasize the importance of these rules!
In this vein, tell employees not to ignore those software and antivirus updates that they likely click out of! These are important and can help to protect your computers and data – if you don’t trust your employees to do so, configure the software to install the updates automatically. According to the U.S. Small Business Administration (SBA), you should hold a training session (it doesn’t have to be especially formal) about how to protect their computers and how to post information online. This session should also include details regarding the company’s social networking sites, how to sell without revealing trade secrets, and what types of sites and programs to avoid using.
In this meeting, you should also establish a mobile device policy, and create consequences for those who ignore or skirt this policy. You need to decide if you want to provide employees with technology or install a Bring Your Own Device (BYOD) policy. Weigh the costs and benefits of both approaches and see which works best for your organization. According to the SBA, mobile devices are difficult to manage and can create significant and unique security challenges. Therefore, you should require employees to use passwords, encrypt data, install security apps, and report stolen or lost devices.
The Evolving Criminal
Finally, you, and in turn your employees, need to understand that hackers and cyber-criminals are constantly evolving people. According to Network World, cyber-criminals are now targeting SMBs, and specifically their employees, to commit fraud. This can range from stealing information to emptying out business accounts. Given the nature of business law in the U.S., there are fewer protections for companies than there are for individuals, and, given the money in the business accounts, this makes businesses more appealing as a target.
Payments are a key to business, so make sure to shore up your systems, and talk to your bank and card processors about your business accounts and potential security measures. If you’re working with a big bank, utilize their resources and ask for their help and advice.
Remember, you can’t always protect your business from a hack, but that’s not an excuse to do nothing. Take the measures you can (within reason), educate yourself and your employees, and reiterate the importance of security. If everyone pulls together in the same direction with regard to security, data breaches and risks will be mitigated!