As the frequency of attacks against medium and small businesses increases, cyber security is more important than ever before. According to Small Business Trends, 43% of all cyber-attacks are currently targeted towards small businesses. These attacks don’t have to be particularly sophisticated.
From phishing attacks against organizational email to exploitation of web application flaws, or mining from a lost or stolen device, it doesn’t take a world class hacker to access passwords and critical data from a small business.
Despite this escalated risk, small businesses are behind the curve or completely unprepared for the implication of these attacks with their cyber security. With minimal or non-dedicated IT staff, shared passwords, and BYOD without policy to govern data security, it’s easy for issues to slip through the cracks. Let’s look at some of the most common challenges faced by small businesses and how you can act right now to address them for your organization.
Lack of Basic Cyber Security Procedures
Most businesses grow from one or two people into a small team rather quickly. And in those early days, you’re just trying to get things done. Whether you have a CTO overseeing the implementation of new technology or everyone is working remotely on personal laptops, it’s easy to overlook some very basic procedures that can protect your data, including:
• Administrative Right Management – Administrative rights should be carefully managed on all devices in an office, to make it harder for malware installation or remote access.
• Password Management – While a good password management system is highly recommended, you should also have a policy in place for immediately replacing default and blank passwords on all devices, including IoT devices like your printers or infrastructure devices like your routers – these are often the easiest to hack. Frequently changing passwords is another must, even with a management tool in place.
• Security Patch Updates – A patch update policy is incredibly important. Missed security updates are exactly what made the Wannacry attack so widespread earlier this year. Stay up to date with software on all devices.
Train All Staff in Basic Cyber Security Procedures
For a dedicated CTO or Sysadmin, basic security procedures are a no brainer, but for the average employee, it’s not something they often think about. Basic training should be included in employee onboarding materials, covering:
• Email Habits – Remind employees about opening or clicking on unknown links or strange files they don’t recognize.
• Machine Access – Have a clear policy in place for turning off and restarting devices, taking them out of the office, or using them on public wireless networks.
• BYOD Policy – BYOD makes a lot of sense in the gig economy, but it’s also a potential security blackhole, so make sure basic procedures and precautions are in place to avoid potential breaches through unattended devices. Whether it’s smartphone access to cloud storage of business data or a more robust policy that requires mobile-device management software, know where you stand and can allow from a risk management perspective.
• Training for Software – If you have software in place to protect your data and infrastructure, make sure every member of your team knows how to use it properly. From basic on-boarding and access controls to ongoing updates and security supplements.
Machine and Access Control
Even after removing administrative rights from most machines, there are additional cyber security steps you should take to manage who has control of what at any given time.
• Detailed Access Rights – It can take time and potentially outside software, but carefully allocating access to key pieces of data and resources can make it not only easier to establish a chain of custody if there is a breach, but also to minimize access to sensitive information.
• Destroy Old Hardware – Old hard drives, phones, tablets, or devices that are no longer going to be used should not be thrown in storage as is. They should be carefully cleaned using designated software or destroyed and recycled if they will never be used again.
It may seem like only large companies stand to be targeted by cyber criminals, but an increasing number of small businesses are being hit, and the trend will only continue if those businesses remain unprotected while increasingly relying on connected technologies.
Take some time to establish basic security procedures, train your staff, and implement software that makes it all as easy as possible for everyone involved. This is where TeamsID comes in – providing a team-oriented solution for password management that fully integrates with Google Apps. As easy to use as Slack and as secure as your business needs to protect vital data, it’s the perfect solution in an increasingly data-driven world.
Want to implement key security measures for your business without overburdening staff or running into issues of scale. Learn how to implement a lean cyber security plan with our Lean Security Checklist.