3 STEPS FOR BETTER CYBER SECURITY THAT WON’T BREAK THE BANK.
The internet has been a huge boon for
business in recent years, helping companies
reach unprecedented levels of productivity,
profitability and visibility. Yet, along with
the internet’s many benefits comes the
growing threat of cyber attacks. They can
put a business’s revenue, reputation and
customers in peril.
Small and midsize businesses (SMBs)
are particularly vulnerable, victim to
60 percent of all cyber attacks in 2014,
according to Symantec’s 2015 Internet
Security Threat Report.; That trend is
expected to continue.
This may surprise SMBs who believe
hackers wouldn’t waste their time on a
business their size. But cyber criminals
can now launch automated attacks on
thousands of businesses at once and
profit from economies of scale.
SMBs make easy targets because they
often lack the robust security that can keep
hackers at bay. Putting their assets at risk
and providing an electronic gateway into
the networks of larger business associates.
The risk can be significant. And SMBs may
lack the resources to invest in technologies
and internal programs that large
businesses can more easily a;ord. But even
with a limited budget, there are three steps
SMBs can take as a start.
1. Build a security-aware organization.
Cyber security isn’t just about preventive
technology. It requires the awareness
and participation of everyone. That calls
for a top-down approach, beginning with
policies and procedures sanctioned by
senior management. Ideally, employees
will follow their lead in a collective e;ort
to;protect the company’s assets.
Security-aware organizations have the
following key components in place:
• A written information security plan that:
• Identifies security policies, goals and
• Sets forth policies for network;security;
use of company email, social media,
instant messaging and the internet
• Specifies the handling of proprietary
company information; and activities
that are prohibited on company-owned
devices, networks and other resources.
• Establishes internal policies for
employees, but also demonstrates that
security is a priority to state regulators
and customers if a breach does occur.
• An inventory of the business’s core
• Access control. Limit access to
assets and sensitive data, where it’s
stored and which employees have
authority to access it. Include personally
identifiable information (PII) for
employees and customers (such as
Social Security numbers), bank account
data, company intellectual property
and any other information that could
damage the business if breached.
computers, company networks and
confidential data based on an employee’s
need to know.
• Employee training programs. Workplace
security depends on a breach-savvy
workforce. Training on basic security
practices and policies is essential.
Phishing awareness exercises can
further help employees recognize and
avoid email, websites and phone calls
designed to infiltrate company systems
or steal personal information.