Stop thinking the small size of your business will protect you from cybercriminals. It won't.
Too many small and medium businesses believe that they aren't a target for hackers and cybercriminals.
If that statement describes your view of security, you're wrong.
Cybercriminals target businesses of every size and in every industry. They're looking for easy pickings. After all, why try to rob Fort Knox when the houses down the street all have their doors unlocked?
Here are eight things every SMB must know about cybersecurity.
1. You ARE a target.
43% of cyberattacks target small business, according to Symantec's 2016 Internet Security Threat Report.
The Ponemon Institute's report, The 2016 State of SMB Cybersecurity, show how exposed small businesses are to cyberattacks:
- 50% of SMBs have been breached in the past 12 months
- 55% report being attacked
- 59% of SMBs have no visibility into employee password practices
- Web-based and phishing/social engineering attacks are the two most common attacks on SMBs
2. Educate your employees.
If you don't educate and train your employees on security best practices, you'll always have a hole in your security strategy. Teach and enforce best practices in passwords. Periodically remind everyone to be wary of phishing emails and not to click on suspicious links (or anything from Nigerian princes offering a cut of their inheritance!).
3. Have a security policy.
Securing your data and network isn't optional, it's a standard function that every business must do. Obviously, if you need to comply with HIPAA, security is a large component of compliance. Other industry-specific regulations also require a security strategy for compliance.
It's not just enough to have a policy. Share it with your employees. Train them. Enforce the policy. You need to keep it up-to-date as well. Technology changes and your policy needs to keep up.
4. ANY hard drive connected to a network can be hacked – and more things than you think have a hard drive.
Don't forget to include your copiers and printers in your security strategy. Read more about this potential security issue in these posts:
- Why Digital Copiers Are a Security Time Bomb
- Copier Security in a Healthcare Environment: Biometrics and HID Cards
5. Let's get physical.
Paper documents can be stolen, so restrict access with locked filing cabinets or even file rooms. Place company services in a locked room. Be sure to secure access to your offices too with keycards, locks, and surveillance. Security breaches can happen if someone posing as a delivery driver gains access to your office.
6. Security is never “done” and never 100%.
Update your policy regularly to address changing technology. Don't think that because you have a sound security strategy, a great managed network partner, and well-trained employees that you're 100% secured. All you can do is the best you can do. There's a constant struggle between cybercriminals and security professionals – and unfortunately the criminals win sometimes.
Use different passwords for work and for personal life. Create password with a combination of letters, numbers, symbols, and uppercase letters. DO NOT keep your passwords on a sticky note on your computer monitor on in the top right drawer on your desk (where many people keep them and where those fake delivery drivers I mentioned above know to look to gain quick access into the company network). Change them often.
Many password hacks are from brute strength attacks – using computer power to put letters, numbers, and symbols together to find the right combo. Longer passwords with a larger the mix of symbols, numbers, and uppercase are more secure. Twelve characters is the minimum today. Finally, if you're still using pet names, important dates, the default password, or 123456 . . . well, you deserve to be hacked for being dumb!
8. Managed Network Services.
Even the best SMB IT teams will have a hard time keeping up with managing the network, keeping patches updated (the WannaCry ransomware attack struck many companies earlier this year because they hadn't applied a patch that had been available for three months), and supporting other staff. Security expertise is also hard to come by and there's a looming shortage of cybersecurity skills. It's going to be hard to keep IT staff experienced in security as demand for their services increases. Outsourcing to a managed network services partner is one way to overcome this issue.
There are other issues in information and data security, of course. However, if you understand these eight things, you'll be in better shape than most other SMBs and no longer easy pickings.