The 6 things small businesses need to know about security
Entrepreneurs and SMBs can do a lot to build strong shields and mitigate the risk of breaches, in addition to minimising the damage if a breach occurs. To help your company develop a stronger cybersecurity posture, six security professionals provided some of their most useful advice – and you can bet it’s about more than passwords:
1. You're not too small to be targeted: Erik Knight, founder and CEO of SimpleWAN
Many entrepreneurs, startup founders and small business owners might think of themselves as minnows compared to Fortune 500 whales. They assume they’re too small to attract the attention of hackers and cyber attackers. But that’s not how bad actors see it.
Don’t think you are too small to be affected.
“Don’t think you are too small to be affected,” says Erik Knight, the founder and CEO of SimpleWAN. “Every place you have an employee or office is a potential entry point. Take it seriously; if you have something worth taking, a hacker will try to take it.”
Knight says small businesses are easier targets because they often fail to perform security audits, put in the resources to protect themselves or even carry the right insurance coverage. Hackers see small businesses as easy cases to crack.
2. Think of security as a business problem: Vats Srivatsan, president and COO of ColorTokens
Vats Srivatsan, the president and chief operating officer of ColorTokens, warns against thinking of security as a nice-to-have. Security is something that requires 100% investment and effort, not something that can be approached halfway. The truth is that the effects of an attack can be disastrous to any company’s bottom line.
37% of small businesses have lost customers and 17% have lost revenue due to downtime.
Cybersecurity attacks can result in monetary loss, stolen IPs and downtime. “If a small business were to have a data breach, it could create a lack of trust among customers and employees, causing them to switch to a more prominent brand name they think can do a better job protecting them,” Srivatsan says. A recent survey showed that 37% of small businesses have lost customers and 17% have lost revenue due to downtime, proving that security should be considered a business problem.
3. It's not ``if,`` but ``when``: Thomas Supercinski, head of product development at Frogslayer
With the growing rate of data breaches, phishing schemes and other cyberattacks emerging from the coronavirus pandemic, companies can no longer keep their heads buried in the sand. “It is not a question of if you will have an issue, but when,” says Thomas Supercinski, the head of product development at Frogslayer.
Assume your company will suffer a cyberattack, and remember that the detection and response are just as important as prevention efforts. Supercinski says it’s vital to outline how your company will handle security issues once they occur. He says, “Just like anything else, make a plan to address risks, and then work the plan.” That plan should address how quickly your company can detect the issue, the layers of control to minimise the effects and proactive measures to manage your response.
4. Identify your most critical assets: Tony Buffomante, senior vice president and global head of cyber risk services for Wipro Ltd.
Taking a 100% cybersecurity approach might feel overwhelming to SMB owners and startup founders, especially because many owners don’t count cybersecurity as a core competency. Tony Buffomante, senior vice president and global head of cyber risk services at Wipro Ltd., suggests where to start: “Identify your most critical data assets, sometimes referred to as the ‘crown jewels’ of the organisation.”
Once you determine what is most important to you, perform an exercise to determine where this information is residing in your company, then build a keep around those assets.
These crown jewels might be proprietary IP, market share, customer data or other assets. “Once you determine what is most important to you, perform an exercise to determine where this information is residing in your company,” Buffomante suggests. Then, build a keep around those assets. You might already have a good starting place. Buffomante says you might be able to lean on embedded security capabilities on the technologies and platforms your company already uses.
5. People are your best asset – and your biggest risk: Rishi Malik, founder of Backstop.it
During the mass exodus out of offices and into remote work, many companies learned that endpoint users (their employees) can often be the weakest links in a cyber defence strategy. Hackers will look for entry points in employee IoT devices and unsecured home networks.
Yet it’s not all bad news: People can also be some of the biggest assets when it comes to cybersecurity. Rishi Malik, the founder of Backstop.it, suggests identifying those weak points, providing extra security measures there and educating employees about the risks. “Phishing is your biggest risk, so ensure everyone is using multi-factor authentication (MFA) everywhere,” Malik says. “Then ensure you’re running a virus/malware scan on each computer. Finally, ensure you have backups of all your data nightly.”
Malik also suggests “finding the right people” when it comes to cybersecurity partners. He says, “If you can’t talk deeply about your business and how you make money with a security professional, keep looking.” With educated, comfortable employees and the right partners, your company will be much more resilient to attacks.
6. Don't forget about physical security: Clay Gervais, vice president of sales for Digilock
Your company’s culture around security extends beyond its digital footprint. After all, stolen devices have accounted for some of the biggest data breaches and IP theft. In the healthcare industry alone, 68% of data breaches were due to the loss or theft of devices or files. Clay Gervais, the vice president of sales for smart lock company Digilock, says it’s important to build a sense of belonging and safety, even as the workplace becomes more agile and perhaps less physical.
It is important to properly secure connected devices and other items. Workers who decide to hot desk or hotel will need protected places to store their belongings. “From installation to user access, personal storage security should be simple and robust,” Gervais says. That way, your employees will feel more empowered and confident in the workplace’s security overall.
In response to the coronavirus pandemic, businesses and consumers alike have been thinking about what safety means to them. Security is a major investment for all SMBs, and it remains critically important as breaches, phishing and other attacks continue to crawl upward in frequency. Uphold the commitment to safety by protecting your company’s crown jewel assets, your employee’s information and your customer’s data – beyond updating your passwords.
This article was written by Rhett Power from Forbes and was legally licensed through the Industry Dive publisher network. Please direct all licensing questions to legal@industrydive.com.