2016 is finally over and, after a number of high profile security breaches this past year, cybersecurity is at the forefront of many people’s minds for 2017. While there were a few enormous breaches that affected millions of people last year, businesses should note the number of smaller breaches that also occurred.
A security breach at a large company can involve the private data of millions of people, and the damage to the company’s reputation and the cost of dealing with the aftermath can be staggering. For smaller companies, the scale of the damage is generally smaller — but relative to their size and to the amount of resources available to them, the consequences are often more severe. Many SMBs never recover from a data breach that is too small to even make the local news.
Luckily, there are a few guidelines that businesses of any size can follow in order to reduce the risk of a serious cybersecurity event, and to mitigate the consequences should one occur.
Social Networking Protocols
With the growing BYOD trend in modern workplaces, it is becoming more and more common for employees to access social networking sites from the same devices they use for work. This poses an obvious security risk. Employees need to be taught to treat everything they post as a public post, regardless of their settings, and not to post any information that could be used in a phishing attack against them.
Cybersecurity Training
Employees need to receive training in the different types of cyberattacks, including phishing scams, and how to avoid falling victim. They should be made aware that not everyone they meet on the internet has the best of intentions, or is even who they say they are.
Encryption and Authentication
Encryption methods that are functionally unbreakable to outsiders and effective multi-factor authentication techniques have been commercially available for many years now, yet it is shocking how few businesses actually make effective use of them. An important part of cybersecurity is using the tools that are already available.
Install the Updates
Most software development companies produce regular updates to their products. Sometimes updates add new functionality or improve a user interface, but most often they are a response to security vulnerabilities that have been discovered in their products. Failure to update software is akin to refusing to close a secret back door to the bank vault when everyone (including criminals) knows it’s there.
Lock Down the WiFi
WiFi is wonderful, but there’s a bit more to keeping corporate WiFi secure than just picking a good password. To be truly secure, it needs to be on a firewall, and it’s probably a good idea to turn off SSID broadcasting.
Follow the Leaders
There is a great deal of cybersecurity assistance to be had from the Department of Homeland Security in the form of the NIST cybersecurity framework, and the Critical Infrastructure Cyber Community Voluntary Program. DHS has also committed to providing a certain amount of technical assistance in implementing the framework.
Contact us today to discuss your business’s specific cybersecurity concerns.