Proper data security measures are more essential than ever for small business owners. According to the National Small Business Association, 42 percent of small businesses have been the victim of a cyberattack, which cost them an average of $7,115.26. For those who have had their business banking accounts hacked, average losses amounted to $32,020.56 in 2015, up from $19,948 the previous year.
Commonsense Security Precautions
There are a number of commonsense security precautions that every business should have in place, including using complex passwords, two-factor authentication, firewalls, backups, encryption and anti-malware and anti-virus controls. Business owners should look to minimize the amount of data that they collect and process. It is essential to educate all employees on these security standards via regularly updated trainings that address the latest threats.
The Need for Routine Checks and Fixes
In addition to installing security controls, data security measures should be evaluated routinely. Software and operating systems should be updated whenever new patches or versions are issued. The chances of avoiding the most common cyberattack techniques can be increased by implementing processes for application whitelisting, application and operating system patching, and minimizing administrative privileges.
Updates and patches are especially important to help ensure that there are no security holes or vulnerabilities that could be exploited by hackers. Operating systems and browsers should be updated at least monthly, which is a fairly easy task as most can be set to update automatically. Applications should be updated and patched as soon as possible after a fix is released whenever possible. For those patches associated with a high-risk vulnerability, the timeframe for implementation should be within 48 hours. Some security controls must be checked routinely, such as anti-virus tools that need to be updated at least once a week to ensure that they remain effective.
All internet-facing machines need to be checked regularly to help prevent security incidents and to help ensure that services are running smoothly. An asset such as a web server requires constant maintenance, preferably on a daily basis, with critical content backed up. Security settings should be tested regularly.
There are number of resources to help small and midsized businesses ensure that their data security measures are up to par, including the Federal Communications Commission's cybersecurity planning guide, which is positioned as a planning tool for small businesses.
Every business, no matter its size, can be a target for criminals. It is essential to not only put strong data security measures in place, but also to check and patch them regularly. The stakes are high and constant vigilance is required.
Stay up-to-date on all the latest trends and insights for business owners: Subscribe to our e-newsletter.