This article was updated on Sept. 10, 2018.
As time goes on, more small and mid-sized businesses are being targeted by cybercriminals. According to Ponemon Institute, 61 percent of small businesses dealt with a cyber attack in 2017 — up from 55 percent the year before. As a business grows and its operations become increasingly complex, it becomes more important that they have a robust cybersecurity plan in place.
Smaller companies tend to have smaller security budgets and fewer resources than their larger counterparts, which makes them a favorable target for opportunistic attacks such as phishing and ransomware. Additionally, hackers look to smaller businesses to provide a conduit into the larger organizations with which they partner and interact.
Thankfully, you can help protect your business and its confidential information by building a strong cybersecurity plan. A robust program will meet the three qualifications below:
1. All the Necessary Controls Are in Place
You must ensure that each of your corporate devices has at least a minimum set of security controls, including antivirus and antispam filters and firewalls. Set the expectation with employees that they should install any and all updates and patches as they are released.
2. All the Necessary Policies and Procedures Have Been Established
In order to have an effective cybersecurity plan, you must compile an outline of policies and procedures that detail the specific responsibilities of each of your employees. For example, you should establish a policy stating that all default passwords, such as those used to protect routers and other equipment, must be changed during the setup process. In addition, you should require that all sensitive information be encrypted, both when at rest (in storage) and during transmission.
You should pay special attention to mobile devices, the data they contain and the apps that are installed on them. Blacklisting and whitelisting technologies can limit application exposure, which can be controlled through mobile device management technology or services. It's best to deploy granular access controls, with stronger authentication required to access sensitive information. You should back up all of your data on a regular basis, storing copies offsite or in the cloud.
3. All Employees Receive the Necessary Security Education
A thorough cybersecurity plan dictates and standardizes the security practices of all individuals within the organization. To help ensure that employees are aware of their responsibilities, you should provide security training on a regular basis. These trainings should focus on specific threats and how to avoid them. For example, a phishing awareness session can help prevent staff members from clicking on malicious links or opening up malicious attachments. You must also educate your employees regarding the dangers of using insecure connections, such as Wi-Fi hotspots, and of exposing too much information via social media.
Useful Sources of Information
Cybersecurity is too important to be left to chance. Every organization, no matter its size or industry, should consider itself a potential target and plan accordingly to help safeguard its operations.