Contrary to many people’s assumptions, you don’t need to be a multi-million dollar business to be vulnerable to a cyber attack; many small- and medium-size businesses represent an easy target to would-be criminals – and often have direct connections (as subcontractors) to the networks of larger business partners.
Amy Abatangle, EVP at Untangle, says the biggest mistake a business can make is not thinking it could be a target. Planning ahead is critical.
“While it’s true that big business grabs the headlines when it comes to breaches, it’s a mistake to think that small businesses aren’t vulnerable,” she says. “While a small business may be less likely to be the target of a large-scale, multinational, coordinated attack, they are still rich targets for cybercriminals because often, small businesses don’t have the budgets or the resources to keep up with security best practices.”
While most small- and medium-size businesses follow common sense security practices like using a simple firewall or installing anti-malware packages on their desktop PCs, Abatangle notes these basics are no longer enough.
“Every device that comes onto the network can carry a malware payload,” she says. “Network administrators need to be vigilant keeping threats at bay by protecting their local networks at the gateway to the Internet with modern, next-generation solutions that protect against a number of different threat vectors including viruses, Trojans, phishing attempts and spyware.”
Professor Diana Burley at George Washington University, co-author of the recently released “Enterprise Security Solutions,” says all small- and medium-size businesses should develop an efficient written plan that educates employees on basic security principles.
“It should alert them to established rules and security policies, and provide an action plan for when possible breaches occur,” she says. “I advocate what I call ‘confluence training,’ which puts engaged employees across the enterprise in an integrated cybersecurity training program.”
Jerry Irvine, a member of the National Cyber Security Task Force and CIO of Chicago-based Prescient Solutions, says not to open emails or texts from anyone you do not know.
“Additionally, you should not open attachments, even from someone you do know, if you are not expecting the attachment,” he says.
Here are five tips from leading cyber security experts on the best ways to stay safe.
1) Restrict Remote Access
When permitting remote access to a network for the management of a Point Of Sale (POS) or other system, it’s essential for this access to be secure and restricted. “At a minimum,” says Kevin Watson, CEO of Netsurion, “Access should only be granted to individual (not shared) user accounts using 2-factor authentication and strong passwords. Remote access activities should also be logged so that an audit trail is available.” Netsurion provides cloud-managed firewall solutions to protect the data of small- and medium-sized businesses.
2) Be Proactive Rather Than Reactive
The old adage “time is money” is especially true when it comes to small- and medium-sized business, and a small time investment now can save you huge time costs later. “Small businesses are often faced with tight budgets and tighter operating margins. A breach or outage is a costly, painful lesson that can bring a small business to its knees resulting in damage to its reputation and the trust of its customers.” —Abatangle
3) Be Smart About Web Browsing
Your employees need to be educated on the appropriate use of web browsing and search engines. “They should not go to websites they are not familiar with or use links from search browsers without ensuring the link is real and not a malicious site.” —Irvine
4) Keep An Eye on Employees
Losses due to insider threats, whether through malicious or accidental actions, represent a significant vulnerability. “Small businesses should control physical access to devices, limit employee access to business data and customer records with separate login credentials, and engage in continuous cybersecurity training.” — Burley
5) Keep Anti-Virus/Anti-Malware Software Up to Date
It’s critical for all software to be constantly updated with the latest versions and definitions. “The companies that make anti-malware software monitor threats constantly and regularly update their packages to include preventive measures and improvements to thwart malware seen in other attacks.” — Watson
While all these items are important, implementation of them alone will not assure your IT environment is secure. Multiple security measures, including perimeter based security solutions (i.e. firewalls, IDS), data-centric security measures (i.e. access controls, data loss prevention, etc.) and other intrusion prevention solutions should also be implemented. Don’t wait until it’s too late and you’ve been hacked before you realize how important it is to keep all your business’s information secure—do it now.planning, efficiency, small business, data