It is estimated that businesses will be shelving out an estimated $11.5 billion in expenses due to ransomware in 2019. Cyber-attacks are occurring with increasing alacrity this year, one on average every 14 seconds. The impact of cyber security threats is real. It cripples business enterprise, compromises the integrity of personal data, and shatters the credibility of online institutions and frameworks.
Small business owners may be lulled into a false sense of security thinking that they are not at risk with cyber security threats. However, all the evidence points in the opposite direction. According to the US Congressional Small Business Committee, over 70% of cyber-attacks take place within businesses employing less than 100 people. Most every cyber-attack is geared towards stealing sensitive personal information like IDs, banking information, and credit card details.
Unfortunately, SMBs are at greater risk owing to more ineffective security frameworks. Several other factors routinely contribute to elevated levels of risk within small business operations. These include: inadequate employee training, failure to enforce safe password practices, BYOD issues, compliance with stringent security requirements, and regular backups of data to mitigate the impact of ransomware attacks.
Adequate Employee Training
Employees are the lifeblood of any organization. They are often tasked with performing multiple activities, duties, and responsibilities. It is imperative that all employees using the company’s network are adequately trained to navigate all the necessary security policies and procedures. The increased prevalence of cyber-security threats is reason enough to be concerned.
Employees must be trained to better understand security frameworks, protocols, and best-practice techniques to mitigate the risk of cyber security threats. To this end, it is recommended that employees sign documentation to the effect that they have been fully informed of cyber security threats and they understand the ramifications of not following the company’s security protocols.
Safe Password Practices
It comes as no surprise that username/password combinations remain one of the weakest links when it comes to online security. Multiple studies confirm that weak passwords are easily guessed and remain the biggest threat to network security. Various rules have been developed by industry-leading tech experts to serve as guidelines for creating safe passwords.
These include the requirement that passwords should be replaced by passphrases, preferably in acronym form, the use of fully encrypted, randomizing password managers, no dictionary passwords, and no association between the password and the user. The jury is out when it comes to enforcing a policy of changing your password regularly. Some tech experts say secure passwords should be changed every 60 days – 90 days, others advise against it.
Safe password practices can put a serious dent in the number of data breaches that occur as a result of weak passwords. All ‘bring your own device’ hardware should subscribe to stringent password-protected practices. A combination of uppercase and lowercase letters, numbers, and symbols in random sequence should be used to create a safe password.
Proper Planning for BYOD
Bring your own device (BYOD) setups are increasingly common in the workplace today. We see evidence of this with wearable technology such as the iWatch, Wear OS by Google, hearing devices, smart glasses, and exoskeletons. These devices are increasingly common nowadays. The main security concern with BYOD is that they connect up to the same network.
BYOD programs at work make it difficult to control the hardware on a company’s network. This presents many security strategies and challenges. Corporate networks may suffer malware attacks through personal devices. It’s also possible for confidential information on a company’s server to be downloaded and transmitted through bring your own device or bring your own PC protocols.
Proper planning for BYOD is necessary
to avoid data loss, security breaches, and data copying. Any personal device which stores company data must be 100% secure against hacking activity. This includes USB thumb drives. Companies are rightly concerned about the impact of BYOD theft and how that can jeopardize company safety. Programs on mobile device management are sacrosanct. Companies can boost the security of their systems by employing various measures such as VPNs, Tor, inactivity timeouts, system scans of BYOD devices when they connect to a company network, and use of firewalls and anti-virus software all times.
Compliance with North America ICS Cyber Security Standards
North America ICS cyber-security standards (industrial control systems) are geared towards protecting industrial enterprises from cyber-security attacks. ICS cyber security standards apply to the protection of data, oil, gas, electricity, and water enterprises. An increasing number of attacks on ICS has taken place in recent years, indicating that greater emphasis needs to be placed on compliance with security standards to protect these industrial control systems.
Regulatory compliance ensures a standard of excellence when it comes to protecting industrial control systems in North America. These regulations are designed to provide protection for major networks dealing with nuclear power, electricity, water systems, communication systems, and digital computers. Critical infrastructure systems must set up the requisite protocols to deal with cyber-attacks.
Backup Data to Reduce Damage from Ransomware Attacks
It’s important to regularly backup data because no security system can provide 100% protection 100% of the time. It’s always a good idea to regularly backup financial files, accounts, human resource files, electronic spreadsheets, and other important documents. This will prevent the loss, damage, or corruption of data from taking place.
Once you’ve backed up data in the cloud, or on an external hardware device, it is generally safe from hacking activity. If you are using an external hardware storage device, be sure to check it from time to time to ensure that it is fully functional so that data corruption does not take place.
;
We are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.