This article was updated on Oct. 23, 2018.
Proper data security measures are more essential than ever for small business owners. According to Ipsos research, 52 percent of small businesses were victims of cyber attacks in 2017, and in the same year, cyber attacks cost small and medium-sized businesses an average of $2,235,000, per the Ponemon Institute.
Commonsense Security Precautions
There are a number of commonsense security precautions that every business should have in place, including using complex passwords, two-factor authentication, firewalls, backups, encryption and anti-malware and anti-virus controls. Business owners should look to minimize the amount of data that they collect and process. It is essential to educate all employees on these security standards via regularly updated training that addresses the latest threats.
The Need for Routine Checks and Fixes
In addition to installing security controls, data security measures should be evaluated routinely. Software and operating systems should be updated whenever new patches or versions are issued. The chances of avoiding the most common cyber attack techniques can be increased by implementing processes for application whitelisting, application and operating system patching, and minimizing administrative privileges.
Updates and patches are especially important to help ensure that there are no security holes or vulnerabilities that could be exploited by hackers. Operating systems and browsers should be updated at least monthly, which is a fairly easy task as most can be set to update automatically. Applications should be updated and patched as soon as possible after a fix is released whenever possible. For those patches associated with a high-risk vulnerability, the timeframe for implementation should be within 48 hours. Some security controls must be checked routinely, such as anti-virus tools that need to be updated at least once a week to ensure that they remain effective.
All internet-facing machines need to be checked regularly to help prevent security incidents and to help ensure that services are running smoothly. An asset such as a web server requires constant maintenance, preferably on a daily basis, with critical content backed up. Security settings should be tested regularly.
There are a number of resources to help small and midsized businesses ensure that their data security measures are up to par, including the Federal Communications Commission's cybersecurity planning guide, which is positioned as a planning tool for small businesses.
Every business, no matter its size, can be a target for criminals. It is essential to not only put strong data security measures in place, but also to check and patch them regularly. The stakes are high and constant vigilance is required.
SIGN UP FOR THE SPARK NEWSLETTER