As a small business owner or a mid-sized business manager you already have enough on your plate to have to deal with cyber security issues. Unfortunately, recent statistics show that 61% of small and medium sized businesses suffered a Cyber Attack in 2017, up from 55% in 2016 according to the Ponemon Institute. The same report noted that the average cost due to damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053. The average cost due to disruption to normal operations increased from $955,429 to $1,207,965.
Even worse, according to Inc. as much as 60% of hacked small and medium-sized businesses go out of business after six months.
The risk is real and the likelihood is that you will be attacked. So the first thing you need to do is prepare your team and educate them on how to protect themselves and your company as the #1 vulnerability is negligent employees and contractors.
- Start with the basics -
- Strong passwords and biometrics continue to be an essential part of the security defense. Require strong passwords that need to be changed on a regular basis. Move towards single sign on and most importantly, ban the use of post it notes!
- Use centrally managed firewalls, anti-virus, intrusion detection and adaptive threat detection software
- Educate Your Employees
- Malware often comes in through links in spoofed e-mails and other phishing methods. Teach your team not to click on unsolicited offers or links, review the source of the e-mail and not just the content.
- Have your employees use complex passwords and ensure it is not the same password with an incremented number each time.
- If they are ever uncertain whether something may have created a vulnerability, have them change their password and report to someone within the company without fear of retribution.
- Protect Your Data
- Having a backup is not good enough if it is on the same network as your data.
- Use offsite or cloud backup services for redundancy
The secrets to surviving the inevitable attack include:
- Segmentation and isolation –
- The more you can separate parts of your network with virtual local area networks (VLAN), proxy servers, and other techniques, the more likely the attack can be isolated before it permeates your entire network. The less it spreads, the less damage it does.
- Isolate your backups from your regular network, so if you are attacked, your backups are safe.
- Isolate public facing machines on your network and from your key corporate data
- Plan and Prepare
- If you have a disaster recovery plan, test it. If you don’t have one, create one.
- Get cyber security insurance. There are companies who specialize in offering this coverage and they have assessments which may open your eyes to the practices you need to have.
- Outsource Risks
- E-mail continues to be a major source of malware. Why maintain your own servers when Microsoft, Google and others can do it for you.
- Consider your corporate IT strength to determine what else could or should be outsourced.
The biggest obstacle to implementing policies to protect small and midsized companies is lack of expertise or funds. This is one of the reasons why managed service providers and outsourcing to the cloud continues to grow in popularity.
To learn about outsourcing opportunities at I-BN, contact Bob Tobey at 678-627-0646 ext. 231