Cyber Security: Top Concern for Small Businesses?
Do you have a plan for how to continue when the Internet is down? What happens when your network is held hostage by ransomware, or a virus causes your systems to stop working?
Cyber security attacks against small businesses are increasing.
According to Symantec, 43% of cyber attacks specifically target small businesses. And 83% of small businesses have no cyber security plan. How bad is it?
Cyber Security Stats
Here are a few statistics from the 2016 Symantec Internet Security Threat Report:
- Spear-Phishing Campaigns Targeting Employees increased 55% in 2015. Imagine every employee in your company receiving a legitimate-looking email from Amazon or FedEx with a link to info specific to your company. How confident are you that NONE of your employees will click the link?
- More than 75% of all legitimate websites have unpatched vulnerabilities.
- Over Half a Billion Personal Records were stolen or lost in 2015.
- Crypto-style ransomware increased 35 Percent in 2015. These attacks encrypt your data (may also include network data) until you pay a ransom.
- Mobile vulnerabilities are up 214% from 2014-2015.
- One in every 220 emails contains malware. What’s the chance one of these will slip past your defenses and be opened by an employee?
Cyber Security Help
- Identify your most important assets. What data/systems could take your company down if compromised?
- Enforce a strong password policy. I suggest 12 character passphrases that include uppercase, lowercase, numbers and special characters.
- Make sure you have a good backup plan and test it frequently. Backups are one of those things you don’t think much about until you have to — and then you are Very Grateful that you did.
- Use good security tools. The SANS Institute has a great poster that categorizes several security tools against the Center for Internet Security top 20 controls.
- Keep systems up-to-date. Most attacks still take advantage of known vulnerabilities. Keep your computers and security software on the latest releases.
- Keep your employees informed. Social engineering attacks are one of the most-used methods. Even the FBI fell victim to this, so it can easily happen to you!
- SANS has an RSS feed for their Security Tip of the Day – add it to your employee intranet for free/easy tips.
- See the full list of tips on the National Cyber Security Alliance website.
If you’d like to create a cyber security plan, check out the FTC Cyberplanner here as a starting point. Better yet, work with a trained cyber security professional to perform an assessment and map out a strategy for improvement.
Assessments are a great way to kick start your cyber security initiative. But be sure to work with someone who will transition the ongoing work of security to your in-house team. Security requires continued diligence. It’s best if you can embed it into your employee culture.