In the digital age, myths and misperceptions are difficult to dispel. Bill Gates, Floyd Mayweather and Eminem aren’t giving away large sums of money on Facebook. A dying English boy doesn’t want your business card. A Nigerian prince isn’t going to transfer his family fortune into your bank account.
Here’s another one: You aren’t safe from cyberattacks because your business is too small for hackers to notice.
A recent survey by Nationwide Insurance found that in the past year alone nearly 60 percent of small businesses were victims of a cyberattack. Nevertheless, few small to midsize businesses (SMBs) take adequate IT security precautions. In Nationwide’s survey of 1,069 business owners with fewer than 300 employees, 76 percent reported they don’t have any type of cyberattack response plan, 57 percent don’t have a plan to protect employee data and 54 percent don’t have a plan to protect customer data.
Fact is, SMBs are attractive targets precisely because they’re small — hackers understand that even the best-prepared small businesses don’t have the security resources of Amazon or General Motors. What’s more, SMBs that provide goods or services to larger businesses are potential gateways into these larger targets.
SMBs often cite budget restrictions and scarce resources as factors limiting their ability to maintain effective security controls, and those are legitimate issues. IT security is a complex process that is continually evolving, and few SMBs can afford dedicated security professionals to deploy and manage all the latest tools.
However, there are a number of critical precautions SMBs can take that will have negligible impact on the budget. Chief among these is simply making security a core value with continual emphasis on employee awareness and preparation.
An explicit and comprehensive security policy should guide the actions of everyone in your company. The policy should establish the roles, privileges and responsibilities associated with IT systems and data, the types of employees who are allowed to assume various roles, and policies and procedures for assigning and revoking roles. The plan should also include processes for periodic review of roles and access rights.
Employee education should be a key element of the policy. Employees need to understand potential threats and the steps they should take to prevent a security breach. Your security policy should include both an onboarding process for training new hires as well as ongoing education to provide guidance on evolving security threats.
Maintaining software is another key. Regularly check to make sure your antivirus software is up-to-date with the most recent virus definitions. Additionally, be sure to promptly install patches for any other applications you’re running — not just the Windows operating system, but apps like your web browser and PDF reader.
It’s also important to monitor the network constantly for potential security threats, respond quickly to alerts, and regularly review the log files of systems and security devices. If you don’t have the expertise or manpower to do this in-house, consider partnering with a reputable managed services provider.
No business is too small to be hit by cyberattack. While resource limitations are realities for SMBs, good security practices don’t have to bust the budget. A qualify managed services provider can implement a comprehensive suite of security measures for an affordable, fixed fee. Give us a call to learn how Verteks can help you improve your security footing.
