You’ve seen it in the news, in the paper, and on social media. Cyber security has been a hot topic and will continue to be as we inch our way into 2019. Security breaches are costing businesses millions, and the threat is continuing to grow. A common misconception about security breaches is that they only affect large businesses. People tend to think that small businesses aren’t at risk for breaches because they don’t have the kind of information that hackers want. According to Verizon, “58% of (breach) victims are categorized as small businesses.” The thought of your business’ data being compromised can be scary, but there are steps that you can take to protect your business.
Secure Your Network Perimeter
Firewalls and web filters are the first line of defense against malicious actors. Firewalls sit in between the user's office and the internet to protect against outside threats. Web filters prevent users from visiting certain websites on their device that you don’t want them to visit. Social media and file sharing sites are two of the most common blocked sources. Another measure that you can take to ensure that your data is protected is installing email filtering. Email filters can help protect users from advanced email-based threats such as phishing emails and ransomware. According to Symantec, “In 2017, 71.4 percent of targeted attacks involved the use of spear-phishing emails.” Email filtering also allows you to blacklist and whitelist certain addresses and domains manually, meaning that you allow emails from certain domains to come through, while blocking others.
Protect Your Endpoints
Anti-malware is a base requirement to provide protection for endpoints. It protects the individual workstations and servers from malicious threats that they may get to from the internet or files that they receive. You should also take initiative to implement encryption on all systems that store sensitive data or are taken out of the office. When your data is encrypted, it isn’t decipherable to the plain eye. If a hard drive on a machine is encrypted and the machine is lost or stolen, the chances of someone getting data off of it is very slim.
Develop and Implement IT Policies
Having a set of guidelines or IT policies will help you protect your business and its data. Having strong authentication as a base requirement should be considered as one of the first policies that you put in place. Authentication is granted to users to gain access to certain machines or applications, for example, putting your password into your computer to log in. Since user identities are so critical in today’s IT environments, you should consider including multi-factor authentication as part of your policy. Another policy to prioritize putting in place would be to require system backups to prevent data loss. Losing data can cost your business large sums of money, customers, and time. If your data is backed up and you experience a security breach, such as ransomware, being able to restore your data as quickly as possible because you have backups is invaluable.
Patch Your Systems
The process of installing vendor updates and security patches for your operating systems and applications should be a key control for your environment. Depending on the operating system, the updates could be done weekly, monthly, or in even longer variables of time. Patching your systems include updates, fixes, and security patches. Patches keep everything running more securely and help prevent vulnerabilities that exploit your machines and applications.
Train Your Users
Training your users on both internal security policies and external security threats can save your business. Internal security policies that your users should be aware of include what to do or not to do on the internet, policies on the use of personal devices on the network, and what to do when they receive suspicious emails or links. Users should also receive security awareness training about threats and attacks that are targeted to end users, such as phishing emails, email attachments, and links found in emails.
It is always best to plan ahead and put procedures, practices, and software in place to protect your business and its data. Your business will never be 100% secure, but taking these five precautions will make a significant difference. Preventing security breaches should always be the goal, so don’t wait. Get started today!