Cybersecurity is a major concern for businesses across the U.S., and big businesses are not the only organizations being targeted for cyber attacks. In fact, a large percentage of small and medium-sized businesses (SMBs) have faced business data breaches, often resulting in six-figure payouts to repair the damage.
A recent research study, released June 2016, conducted by the Ponemon Institute surveyed 598 individuals who were employed at companies consisting of between 100 and 1,000 employees. Their findings were both shocking and not entirely unexpected.
- 55 percent of the businesses surveyed had experienced cyber attacks in the past 12 months.
- 50 percent experienced data breaches resulting in compromised employee and customer data within the last 12 months.
- The businesses that experienced these incidents spent an average of $897,582 as a result of damage or theft of IT assets.
- Disruption of normal operations cost these businesses an additional $955,429.
Later in the study, surveyed personnel indicated that two of the greatest issues with maintaining cybersecurity and neutralizing threats were insufficient personnel and insufficient budget. This lack of investment in terms of personnel and funds for sufficient technology could be the result of two factors: either 1) small businesses simply don’t have the resources to expend or 2) they’re not prioritizing cybersecurity high enough.
Considering the payouts listed above, the former seems to be a moot point, as the cost to deal with the aftermath of a breach will likely be higher than simply preparing for a breach in the first place. The data from 2016 brings up a valid question- What steps should SMBs take to prevent business data breaches and secure against cyber attacks in 2017?
The first steps to improving your cybersecurity begin with understanding the threat. A Business New Daily article listed the following as threats as some of the most common in 2016, though this is not a comprehensive list of attack methods.
- Phishing – An email-based attack, often most effective when the email identically matches those that might come from a trusted source. These can steal login credentials, credit card information, and other sensitive data from your computer or network. This is one of the most common types of attacks, according to the Ponemon Institute study.
- Malware – A general term for malicious software. These programs can be introduced to the computer or system any number of ways and can infiltrate to steal data or cause system damage.
- Password Attack – One of three types of attacks targeting your user password and access credentials. Cyber criminals may use one of the following methods: 1) guess until successful, known as a brute-force attack, 2) utilize a program run through dictionary words until successful, known as a dictionary attack, or 3) use a keylogging program to register the user’s keystrokes prior to attempting to gain entry.
- Inside Attack – When a malicious insider intentionally misuses his or her access credentials to get control of company or customer data. This is one of the hardest attacks to protect against and, according to the Ponemon Institute study, occurred in 5 percent of the surveyed businesses.
There are several other varieties of software-based, web-based, and insider attacks that could occur to your system, including ransomware and other evolving methods. Keeping apprised of the potential threats is a big part of being prepared to protect against business data breaches.
The following are some of the best methods used in 2016 for keeping systems secure and will hopefully continue to work for a long time to come. Keep in mind, however, that cyber criminals are always adjusting their attacks, making constant vigilance a necessity.
- Implement and enforce strong password policies. The Ponemon Institute study found that if the business had a password policy, 65 percent did not enforce it. Effective, strictly enforced password policies, including two-step authentication, where possible, and limited permissions for each employee, are important layers in cybersecurity defenses.
- Keep dedicated personnel on staff to monitor for threats. One of the major conclusions drawn by the Ponemon Institute study was that current technologies are often insufficient to detect or prevent infiltration from certain cyber attacks. For this reason, it is vital to keep IT security personnel on staff who are constantly scanning and checking your system for breaches, otherwise, the criminals could continue siphoning information from your system indefinitely.
- Utilize computer and network protections. Modern cybersecurity systems should include: web application firewalls, SIEM, endpoint management, and network traffic intelligence. At minimum, your IT department should have at least anti-malware and client firewalls in place for protection.
- Encrypt, encrypt, encrypt—and back it all up. One of the highest and best forms of protection for your information is encryption. You should also back up your data to prevent ransomware from becoming an issue, since it can lock down your data and prevent your access. Encryption, on the other hand, is extremely effective for preventing any compromising and costly effects from business data breaches. Since the data will be encrypted and impossible to decode without the right program or key, the information is essentially useless and you will likely not have to worry about as many attacks against your data in the future.
While these methods, when implemented, proved somewhat effective in 2016, a new year brings new challenges. Most importantly, businesses need to take the threat of a breach or cyber attack seriously. One infiltration can have devastating consequences on the future of your business.
As businesses continue to struggle with data breach protection, products like Safe-T are helping manage encryption and tokenization, streamlining the process of compliance while reducing expenses associated with the security effort. Contact Us Today to learn more about Safe-T, a range of easy to implement tools to keep your transactions secure and your business running smoothly.
Plan ahead, be vigilant, and don’t be hesitant to invest in protection protocols, so you can avoid becoming another statistic or cautionary tale for other business owners to learn from.
About the Author – Ashley Choate is a native of Jacksonville, FL where she lives with her son, dog, and three cats. She graduated Magna Cum Laude from Jacksonville University with a BA in English and holds an MAED in Adult Education and Training. She lives for reading and writing, learning and teaching, and figuring out the day-to-day traumas and joys of mommyhood. .
Top Photo Courtesy of Blue Coat Photos @ Flickr CC.