When you hear the terms “data breach” or “cyber attack,” your mind probably goes straight to big business.
Whether it’s Target, Sony, or now Arby’s, the high-profile hacks of the past few years may lead you to believe that the risk is largely with multi-million dollar corporations – but you would be sadly mistaken.
Today’s small to mid-size businesses are a modern cyber-criminal’s bread and butter.
They’re often less prepared for attacks and are easier for hackers to target and enter.
SMBs are, statistically, low hanging fruit. Often having fewer resources and less security expertise, today’s hackers are going after small businesses more and more – and no one is safe. In fact, just recently, our team was brought into a ransomware situation with a local church, showing that no organization is immune to cyber attacks.
To combat this growing threat to your business, we’ve compiled an entry-level crash course on modern cyber security practices.
Your Cyber Security Checklist
- Ensure your compliance with any regulations unique to your business or industry.
- Run a cyber security audit focused on attack surfaces and points of entry. Identify where your sensitive data is and map it against your access points, both internally and externally. Determining how hackers can “get in” and what they would have access to will help you prioritize your threat level and next steps.
- Confirm that your operating systems have the latest security products and updates, including programs that can detect breaches and threats within your network. That firewall protection is only going to be effective when it’s running the most current version.
- Define your data access permissions across your organization. Establishing clear role settings and enforcing restricted rights will reduce your risk of human error leading to a data breach.
- Establish password protocols, including regular refresh cycles. Encourage staff to avoid passwords comprised of proper nouns, common digit replacement techniques, or keyboard patterns. Instead they should opt for a meaningless combination of letters and numbers for optimum security, or employ this “perfect password” strategy.
- Invest in industrial strength firewall and end-point protection, anti-malware, and anti-viral programs to thoroughly establish your business’s defense-in-depth security strategy.
- Safeguard your sensitive data with encryption protocols.
- Educate your team. At the end of the day, your people are your greatest weakness. Human error was 2016’s top data threat. Train team members on the latest social engineering tactics so they do not undermine your organizational security by absentmindedly opening a malicious email, attachment, or link.
- Determine what data you want available outside of your business walls. While cloud computing is ultra-convenient for today’s mobile workplaces, there may be information that you do not want accessible remotely. And while SaaS solutions are a great choice, there are some cons to the cloud.
Looking for more tips?
Ultimately, if you don’t feel confident in your organization’s internal ability and bandwidth to conduct exhaustive security testing, look externally. Your data is not a gambling chip. Cyber attacks are growing in prevalence, and these steps are not simply recommendations but basic requirements for business today.
Mike Arvidson is the executive leader of Eide Bailly Technology Consulting’s Infrastructure Services. With more than 20 years of experience in the IT industry, Mike’s wealth of knowledge includes network systems implementation, integrated new technologies, and information security.