Your cybersecurity practices shouldn’t be treated like a game of chance unless you are 300% certain you’re going to win. What can you do to make sure your business isn’t the ultimate loser?
Is technology today the endless cycle of cat-and-mouse, with the bad guys always one step ahead? A quick search for “cybersecurity best practices” will yield millions of results, all with their ideas of what you can do – but does any of it make sense? Someone busy running a company faces a complex dichotomy: Being too busy running their company to worry about something that won’t directly generate revenue, but not giving enough time and attention to something that could directly impact revenue. Those are two very distinct and different thoughts, but still closely related.
Not only is cybersecurity a critical focus of business today, but it’s also the easiest way to fail. Cybercriminals – hackers – are usually one step ahead of us good guys, but that’s the “cat and mouse” game to them. We respond to cybersecurity breaches that make the news with preventive measures to avoid the same fate and do our best to have enough safeguards in place to protect every element we can.
Hackers seek a cybersecurity vulnerability to exploit to their advantage. Their reasons don’t matter – it’s the result that affects their victims. Why do we still have vulnerabilities when we know better?
Myth: Half of small businesses think they’re “too small” for a hacker to target.
Truth: Small businesses make easier targets for many reasons. They often don’t have the tech budgets that the Fortune 500 companies do in order to take every precautionary measure to avoid being hacked.
Smartphones are major targets of hackers now, given more than half of all web traffic is reported to take place via mobile devices. Smartphones don’t have the same level of protection, making them easy targets, and therefore easy points of entry to a cybersecurity vulnerability. Imagine pressing a thumbtack into a hairline fracture on a porcelain plate – this one weak spot has the potential for this singular action to shatter the plate into thousands of pieces. Now, imagine this plate is your proprietary data, and this thumbtack is a hacker. Can you see the potential damage?
Myth: Employees of small businesses know more about the company and are more invested in its success, therefore take the time to safeguard their actions.
Truth: The dedication of staff to their employer has nothing to do with cybersecurity.
Modern cybercriminals are targeting critical data: consumer information, accounts with intellectual property, financial information about both the company and consumers. Three out of every four small businesses have no formal cybersecurity policies or protocols in place for staff, nor training to discuss the latest threats and how to thwart them. Hackers know this – oh, yes, they know – and they also know the small business is less protected than those Fortune 500 companies. This is a lethal combination.
Nearly two-thirds of small businesses have yet to address security regarding mobile devices or enact formal policies for mobile device use as it pertains to professional operations.
Myth: Small businesses can bounce back faster after a breach.
Truth: Half of all small businesses don’t have a disaster preparedness plan in place for recovery should they be impacted by a cybersecurity threat, a “data breach”.
It’s reported that less than half of all small businesses back up their data weekly. Let that sink in. The data loss in the event of a hack could have catastrophic results for as many as half of all small businesses. In the event of a breach, companies of any size consider the data loss and downtime to have the greatest impact, followed by the revenue loss – but most of the time, the impact to a company’s reputation isn’t considered until already in clean-up mode.
If you’re ready to win at “Tech Truth or Dare”, here are the new rules of the game:
Do you know what needs to be protected?
What data do you store? How is your data stored? What protective measures and security protocols are in place? Where are the “holes”? This last question is the most important, and it’s a smart decision to hire an expert to help you with this one.
What formal policies need to be updated – or put in place?
Every business needs an official cybersecurity policy. This policy should also be updated annually, at the minimum. Formalizing a policy can make sure everyone that has access to your data follows the same procedures and the strongest safeguards are in place.
This should include:
– Password protocols: Passwords should be unique, complex, and changed regularly
– System updates: Check for the latest updates to all applications and security releases
– Privacy settings: Verify that users have the most secure privacy settings on their desktop and laptop computers, and smartphones and mobile devices
What is your plan for how to handle a disaster?
Perhaps an extension of the previous question, but no less important is how to handle a hack or breach should one occur. You’ve taken all the necessary steps and precautions, but you still had a disaster – now what? Best practices include daily back-up of your critical resources – which you’ll need to identify – and then test the process to ensure it’s sufficient, just in case.
Talk to experts.
You are an authority in what you do, and your sales pitch to your customers focuses on your expertise. Why wouldn’t you hire experts to protect your business?
Is your training sufficient?
Make sure your staff is aware of the steps needed for Internet safety, email security, network threats, and how to detect and protect in the event of each. Equally important is what need to be done if something happens and they suspect a threat.
Prevent your business from becoming a victim of a hacker this year and win the game!