Is your Business Data Safe?
Cybercriminals don’t want my data! We are too small, we don’t have any data they would want! This mindset is common among small to medium size businesses. According to several studies, small to medium size businesses are at a great risk of an attack.
The US Congressional Small Business Committee noted that over 70% of cyber-attacks happen at businesses with fewer than 100 employees. Additionally, the Internet Crime Complaint Center within the United States Department of Justice recorded 298,728 cybersecurity-related complaints in its most recent report, with reported losses in excess of $1.3billion.
In another study, Verizon Data Breach Investigation Report, data breaches of small businesses accounts for 61% of all breaches. As if that number was not scary enough, a recent USA Today story and Ponemon Institute breach report noted:
- The average cost of a data breach worldwide is more than $3.5
million and cyber crime is projected to cost the world over $6
trillion annually by 2021
- 60% of companies go out of business within six months of
an attack, due to costs or loss of reputation
- 90% of small businesses don’t use any data protection at all for
company and customer information
The threats, are real for all businesses and not just the large corporations. As small to medium size businesses reliance on information technology products and services grows, they are facing an even greater threat. We have seen that the attackers are not concerned about the size of the business, instead they are concerned about getting the data, quickly and effectively. As a result, all companies, especially small businesses, need to focus specific attention on protecting their business from cyber related attacks.
One of the most common questions asked is what steps should a business take to avoid or limit the potential of a successful attack? We have compiled a list of 10 best practices to consider:
- Employee education
- Up-to-date software practices
- Strong password management measures
- Encryption usage
- Strong user security controls, access rights, & limit administrative rights
- Effective data backup measures
- Strong perimeter security postures
- Mobile device security
- Third party provider reviews
- Preparation for a security event
While the list is not all inclusive or a one-size-fits-all way of protecting against a cyber related attack, these are a few of the areas we find most important. Each environment is different; thus, the cyber defense strategy should be geared specifically towards your individual environment.
Article written by Jeff Johns of Financial Outsourcing Solutions, a Herbein subsidiary.