October is National Cyber Security Awareness Month. Businesses, small and large, are at risk of cyber attacks on a daily basis. Cyber attacks include hacking, malware, cyber abuse, breaching of hardware, defacing websites and committing fraudulent activity of a company’s network. With the stress of possible cyber attacks, there are security measures that can be taken to assist in preventing the reality of these threats.
Businesses today are reliant on the Internet. 97 percent of small businesses use email and 74 percent have websites. According to the 2012 National Small Business Study, 77 percent of businesses say their company is safe from cyber threats, yet 83 percent of them do not have a formal cyber security plan. Cyber attacks are increasing annually. The 2013 Internet Security Threat Report indicates there was a 42 percent increase in targeted cyber attacks in 2012. Also in 2012, Verizon did a study showing that 70 percent of all data breaches were aimed at companies with 100 employees or fewer. With small businesses tending to be the main target of these threats, the National Small Business Association (NSBA) reported that 44 percent of all small businesses have been victims of a cyber attack. The NSBA also determined the average financial hit these companies take is $8,699.48 when a victim of an attack.
Cyber attacks are preventable. The level of unpreparedness tends to be what makes companies vulnerable to an attack. Small businesses are not at a disadvantage in protecting themselves from threats, as there are cost-efficient ways to piggyback off cyber security plans of large corporations. Along with cost-efficient plans, there are simple steps small businesses can take to help prevent and decrease their chances of being a victim of an attack.
- Implement password length/strength that requires 8+ characters, containing upper & lower case letters, numbers and special characters
- Don’t use identical passwords for multiple pages/accounts
- Require frequent password changes/updates i.e. every 90 days
- Advise employees to keep password in secure location
Log off policies
- Instruct employees to log off company pages while away from their desk
- Implement a session time out function to company hardware
Limited employee access
- Allow employees access only to necessary information having to do with their job description
- Restrict access to important data and employee information
- Daily backup important company information from network in case of a breach
- Regularly verify the data has been restored properly
Steps to implement as your business grows
- Designate a job/person to handle security and preparedness
- Control network access using administrator account, firewall and proxy server, while updating software regularly
- Secure computers and data with antivirus software and update frequently
With the advancement of technology, comes heightened technological risk. Cyber attacks are increasing at an alarming rate, targeting almost 3 out of 4 small businesses. By putting a security plan in place, a company’s level of threat decreases dramatically. October raises awareness for these risks, but it’s ultimately up to us, as businesses, to implement cyber security and protect our brand.
Image by Kiwi Commons