It is no secret that the Internet has become a key component of our daily lives for personal and business use alike. Unfortunately, the dependency of the Internet in today’s culture has become quite clear to cybercriminals, making security an incredibly important concern, especially for small businesses. An article on Homeland Security Today explores the risks faced by small businesses and what looks at steps they can take to improve their security posture.
Small businesses often believe they are not at risk of a cyberattack due to their size, however cybercriminals actually target them due to their lack of resources to maintain robust security habits for their organization.
“Cybercriminals use various techniques, including business email compromise, ransomware and extortion, to target small entities for financial gain, disrupt business operations, or even to steal proprietary information.”
Cybercriminals are becoming more sophisticated in their attempts to carry out their attacks. With no sign of cybercrime slowing down, small businesses must get appropriate security measures in place to prevent significant loss to their organization, including potential bankruptcy.
Here are a few steps small businesses can take to improve their security measures:
- Invest in training and awareness programs. Users are often cited as the weakest link in any system, but they can also act as the first line of defense against a cyberattack. Employees should be aware of their role in protecting their company and its data. A report from 2016 by the Ponemon Institute showed small businesses as being more susceptible to incurring cybercrime costs that came as a result of spear-phishing, social engineering and web-based attacks. Aside from monetary losses due to these crimes, organizations are also at risk due to the nature of these attacks, which often obtain an employee’s credentials. Ongoing training should be provided to employees to ensure they stay up to date with current security threats.
In addition, it is important to communicate with employees and ensure that they have the opportunity and feel comfortable reporting concerns, mistakes or incidents before they become much larger issues. In many cases attacks are caused by poor security practices and occur simply by mistake, but that does not mean employees will not cause an incident with malicious intent. For this reason, communication is also crucial between the HR department and Security division to ensure that insider threats are mitigated that may arise from a disgruntled employee.
- Consider low-cost actions. While cybersecurity is not cheap, there are low-cost actions which can help you improve your security, making you a less attractive target to a cybercriminal. Solidifying your network security is a great starting point for improving your organization’s security posture.
“This includes segregating the internal and external network with firewalls, removing sensitive information from public facing portions of the network, maintaining logs and regular system backups, disabling unnecessary services, and, most importantly, regularly updating and patching software and applications.”
- Understand the inevitability of an attack. Despite improving your security measures and reducing the likelihood of an incident, it is important to realize that attacks do occur. Before an attack occurs, it is vital to have appropriate measures in place, such as an incident response plan to ensure that those who play a critical role following an attack know their responsibilities. The incident response plan should also outline the steps you would take to contain and mitigate the threat, allowing you the quickest possible recovery to continue with business operations. There is a tremendous amount of value in having an incident response plan in place. In fact, failing to take the appropriate steps could result in costly mistakes. Fortunately, there are third-party vendors that can assist in the task of getting appropriate security measures in place, including an incident response plan.
“Failure to take these kind of steps has made information loss the most expensive consequence of cybercrime.”
- Develop a relationship with your local Federal Bureau of Investigation (FBI) cyber supervisors. With 56 field offices across the 50 states, it is important to know your respective FBI field office to report incidents when they occur and determine the best course of action.
“Businesses can also engage FBI agents by joining InfraGard (Infragard.org), a partnership between the FBI and private sector members to facilitate public-private collaboration and information sharing.”
With cyberthreats so prominent in today’s society, it is imperative that small business owners take appropriate actions to mitigate their risks of falling victim to an attack. While a healthy security posture will require putting forth some monetary resources, not taking appropriate preemptive steps can cost you much more in the long-run. By training employees, hardening your network security, preparing for an attack and outlining an incident response plan and developing a relationship with your local FBI cyber supervisors you can improve your organization’s security.