According to the ISF, the top security threats businesses will face in 2014 include bring your own device (BYOD) trends, data privacy in the cloud, brand reputational damage, privacy and regulation, cybercrime and the continued expansion of ever-present technology. It is more important than ever that small businesses are prepared and informed on cyber security. So, where do you start? An easy place to begin is within your organization. Often times, employee or contractor negligence is the cause of data breaches.
Owners and employees at small businesses often wear several different hats. More than likely, your business does not have a dedicated IT or security person watching out for threats and advising on how to stay on top of potential security risks. Don't worry-there are several steps you can take to ensure your small business is secured against the most common threats. We've outlined the top 6 below.
- Install antivirus and anti-malware programs on all company devices. You can't detect a potential security threat if you're not looking for it. Make sure all company computers have antivirus software installed and are actively scanning for threats.
- Train your employees. Tell them when not to open attachments, click on links, download programs or visit certain websites. Have a written Internet security policy that you can give to all new hires to be sure they have received the guidelines, and emphasize the importance of following them. Employee education is a crucial part to securing company networks and avoiding cyber-attacks. Essentially, small businesses that want to take advantage of BYOD without the risk of security breaches must ensure that users take personal responsibility for how their actions can affect a company's network.
- Secure your mobile devices. Consider requiring password protection on all devices that can access company information, and use tracking software or apps to locate or wipe a lost device. Create a written BYOD (bring your own device) plan for employees who use personal devices for work.
- Password-protect all wireless networks. Even if your office isn't in a busy public area, it's still very possible that it can be accessed by those outside your company. Consider also hiding the network name for added security.
- Back up everything! Even if the worst-case scenario occurs and data is stolen or erased, you can still restore it. Use either an off-site storage solution or the cloud. Add up the total number of records you could lose in a data breach, and this could spiral into the millions.
- Have a contingency plan. In the place of a data breach, have a plan in place. Make sure you are able to remotely wipe any stolen or lost devices. Also, make a list of contacts to notify first, including credit monitoring companies, lawyers and communication agents. The plan should identify who has access to certain information, how data is stored and how it is backed up.
With these tips in mind, you can prepare your organization for the worst-or even prevent it altogether. It's important right from the start that you select an anti-virus program with features robust enough to protect your small-to medium-sized business.