CYBERSECURITY 101
Several recent reports, including Price Waterhouse’s 2015 US State of Cybercrime Survey and Verizon Communications 2013 Data Breach Investigations Report, show that cyberattacks on small and midsize enterprises (SME’s for short) are steadily increasing.
Because larger companies have more money to lose, and more to spend, they are increasing security spending and, therefore, are now harder targets to hit. As such, SME’s are becoming increasingly more attractive targets. Although SME’s may seem less appetizing, it’s not about size; it’s about volume. The most common incidents of cybercrime—those from malware, phishing, network interruption, spyware, and denial-of-service attacks—are now automated, and hackers can attack thousands, if not millions, of companies with the click of a button from their basement. Also, because SME’s may lack the time, money, knowledge, and resources of larger companies, their online security is weaker and, therefore, easier to breach.
SME’s need to implement effective cybersecurity policies just as much as larger companies do. The Small Business Administration (SBA) defines cybersecurity as “the comprehensive effort to protect computers, programs, networks, and data from attack, damage, or unauthorized access through technologies, processes, and best practices.” Sounds expensive? But it may be more expensive to forego cybersecurity policies. A successful cyberattack on your company may cost more than money; it may cost your company its business reputation and consumer confidence.
You don’t need a $1 million dollar budget and an entire cybersecurity department. A few simple steps will help you better protect your company from threats.
- • First, identify the risks to the company and what needs to be protected. This will help determine where the focus should be.
- • Do you or your employees use cell phones for work-related purposes? Turn on your cell phone’s pass lock function, and make it a company-wide policy so that your employees do, too.
- • Password protect all your devices, including your desktop. And don’t use simple or silly passwords; use a combination of letters (upper and lower case), numbers, and symbols. Also, consider having different passwords for each device you use.
- • Encrypt your data. Most devices encrypt date by default, but you should confirm that the company’s proprietary or sensitive information is encrypted.
- • Make sure that your security software is being updated routinely, and run scans after each update.
- • Control physical access to computers and servers. The most vulnerable devices are laptops, which are easy targets for theft. There should be company-wide policies regarding the storage and safety of laptops.
- • Wireless networks should be secure and hidden. Passwords should also be required to access these networks.
- • Don’t keep unnecessary client records. Don’t keep sensitive information on mobile devices such as laptops and cell phones. Consider storing highly sensitive information and documents as hard copies instead of digitally.
Finally, remember that technology is always evolving and you should likewise stay updated on current trends in cybersecurity. Both the SBA and the Federal Communications Commission (FCC) offer great resources on cybersecurity for small and midsize companies. Check-out the FCC’s Small Biz Cyber Planner 2.0, an online resource to help small business create and customize cybersecurity plans, and its Cybersecurity Tip Sheet, a quick, one-page resource for creating a mobile device action plan and for payment and credit card security. The SBA even has a 30-minute online course titled “Cybersecurity for Small Business.”
Check it out at https://www.sba.gov/tools/sba-learning-center/training/cybersecurity-small-businesses.
Like it or not, having cybersecurity policies to secure data is essential for the success of your business in the 21st century. A few preventive steps now could save you from painful recovery efforts later on.
Business Insights is hosted by the Law Firm of Kumar, Prabhu, Patel & Banerjee, LLC (KPPB).
Hunter Street is of counsel to KPPB Law and is a business, real estate, and corporate lawyer.
Disclaimer: This article is for general information purposes only,and does not constitute legal, tax, or other professional advice.
Enjoyed reading Khabar magazine? Subscribe to Khabar and get a full digital copy of this Indian-American community magazine.
