If large entities such as the Office of Personnel Management, Target, and CareFirst have all been victims of cyber attacks, what hope does a main street business have to secure its data?
The Cost of Inaction
Today the risk and cost of a data breach are overwhelming for small and mid-size business owners. Many owners don’t take action, largely because of these reasons:
- They don’t know where to start.
- The investment in time and money seems daunting.
- They are unwilling to invest in a protection strategy with undefined benefits.
Yet this inaction makes a business more susceptible to cyber-attack. Trustwave’s “2015 Global Security Report” builds a case that cyber criminals can expect a 1,425% ROI. Shouldn’t we all be working to lower that?
Minimizing the Risk with Security Layers
Even if it were possible, it is not economically feasible for businesses to become un-hackable. But all businesses that store customer data should be building layers of security to make it more time consuming, aggravating, and expensive for hackers to access their data.
How can you successfully invest and manage resources to secure your business’ data?
- Develop, implement, and maintain a plan
- Understand what “acceptable risks” remain after investing in the appropriate security layers
10 Affordable Security Measures
Here are 10 things that most businesses can afford and should be implementing.
- Endpoint antivirus
Commercial grade antivirus should be installed with advanced features enabled to scan all email and instant message attachments. It should prevent the automatic opening of attachments and rendering of graphics. - Inbound and outbound email filtering for spam AND sensitive personal and corporate information
Effective filtering will limit mass phishing campaigns. Outbound filtering can prevent the unauthorized and unencrypted sending of personally identifiable information.
- Full hard drive encryption
This encryption makes your data unusable if a device is breeched, lost, or stolen. It is an inexpensive protection included with today’s professional operating systems such as Microsoft Windows or Linux.
- Secured physical server access
Lock up your servers and restrict physical access. A short span of time and a flash drive is all a cyber-thief needs.
- Firewall with content filtering
Filtering web access to pornography, gambling, gaming, freeware, and other non-business or dangerous websites can prevent infections and increase productivity at the same time.
- Centralized network password and access policy management (such as Active Directory)
Implementing and enforcing company, individual, and group policies on data access, passwords, and user rights reduces exposure to data leakage and malicious employee activity.
- Complex password requirement policy
Depending on the sensitivity of your data, passwords should be required to be 8 or more characters with at least 1 number, symbol, upper case, and lowercase letter. They also should expire periodically. - Verified software patch management process
Many vulnerabilities commonly abused by malware can be patched. Implement a procedure to verify that patches were applied successfully to operating systems, Java, Adobe Reader, Flash, and any other applications on the system.
- Automated and verified back-up system
Although this seems obvious, too often there is no backup available or the backup was never tested and didn’t work when needed. - Employee security training
Statistics have shown that for every ten emails sent by attackers, at least one will be successful. Most ransomware attacks begin with phishing, so user awareness is critically important.
Systematic Monitoring
Even after these security measures are taken, it’s important to keep reviewing them. Develop a process of systematic monitoring with a trusted and skilled partner. Establish or review business liability policies to ensure that your insurance picks up where your layered security stops.
Build a Secure Business
Implementing these foundational security steps will make sure that as you build your business, your customers and employees will have confidence in your responsible proactive management of their data.
Start Protecting Your Business
If you’d like to learn more about these 10 affordable security measures, or additional ones that may be required by your industry, then contact us today.
Watch this video to see how we help businesses understand layered security!