5 Tips to Manage your Small Business Cyber Security Risks
Vice President and ID Theft Practice Leader
With all the headline news about data breaches and how employee and customer information is lost or stolen every day, small businesses need to stay current in managing their cyber security and identity theft risks.
Most businesses - especially small to medium businesses or SMBs - receive, transfer and save many types of personal information, and as a result, have different cyber security needs. Based on the above, here are my five critical basics that I recommend to every SMB:
- Create an information-security and governance policy
- Put your information security and governance policy into a written plan
- Update your plan annually and on an as-needed basis when major threats are revealed
- Test your policy at least annually, including penetration testing and a simulated data-breach event
- Quarterly employee education should be the number one priority. Current and former employees, vendors, contractors along with social engineering - not hackers - are the cause of most data breaches
Once you complete these five critical tips, you're not done. For example, if your information security and governance plan is two years old or more, chances are your business is five to six years behind the cyber threat landscape.
In addition, and regardless of the size of your business, your plan should include an information-security and governance committee - where department heads and not just "IT" lead the information security policy and planning. If you own a small business, you should include business partners and/or key employees to support your information-security objectives.
Managing your company's cyber-risk depends on your staying up-to-date on current and future threats and trends.
What's a recent example of the current threat landscape? According to the FBI, there has been a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives at the victim firm. Their goal is to initiate unauthorized international wire transfers. This is known as the "business email compromise" and thieves have stolen nearly $2 billion in such scams from more than 7,000 victim companies in the U.S. since 2013.
Another trend that I have personally seen with business clients (and consumers) - especially small businesses - is the general complacency of business owners and employees concerning information security.
Whether it's online risks or risky behavior including phishing e-mails, smartphones, social media, the use of public Wi-Fi hotspots - both businesses and consumers are underestimating how vulnerable they are to today's cyber threat environment including the Internet of Things.
Do not follow in the footsteps of high-profile giant organizations such as Target and Equifax that have experienced a data breach event. A breach in your business - especially if it's a small business - can be devastating, including putting you completely out of business.
To conclude, follow my five cybersecurity basics of data breach risk management by having an information security and governance policy; put your policy it in writing; update your policy annually; educate your employees; and then be vigilant by testing your policy (including penetration testing) regularly.
To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.
Small Businesses Can't Hide from Cyber Criminals
By BBB of Los Angeles & Silicon Valley. May 14, 2018.
Cyber criminals are growing bolder by the day. We constantly see headlines about attacks on banks, energy utilities, schools and local election systems. With all this talk of disruption on a large scale, it's no wonder small business owners often think cyber threats are an issue for governments and large corporations.
Paul Rosenthal writes in ITProtocol, "it is tempting for small businesses to believe they are irrelevant to the new scale cyber terrorists. But this is a big mistake."
Small business owners need to know they can't fly under the radar. While they may not be the direct target of cyber criminals, hyper-connected systems mean they can still get tangled in a web of cybercrime.
According to Rosenthal, small business owners face challenges finding the right defense against cyber crimes. Security products designed for large businesses can be too complex to understand and manage, while those designed for individual users are not sophisticated enough.
Anti-virus software is relatively easy to find and use, but Rosenthal says encryption solutions are lagging, especially for small to medium sized businesses.
Every business should take steps to protect its digital infrastructure, because it is the heartbeat that keeps everything running. The US Small Business Administration offers these tips:
- Protect against viruses, spyware, and other malicious code
- Secure your networks
- Establish security practices and policies to protect sensitive information
- Educate employees about cyberthreats and hold them accountable
- Require employees to use strong passwords and to change them often
- Employ best practices on payment cards
- Make backup copies of important business data and information
- Control physical access to computers and network components
- Create a mobile device action plan
- Protect all pages on your public-facing websites, not just the checkout and sign-up pages
More details of the SBA cyber security tips are on its website, and the Department of Homeland Security (DHS) has a helpful downloadable tip sheet that you can print out. The Canadian government also has a GETCYBERSAFE guide available for small and medium businesses.
BBB and the National Cyber Security Alliance also urge everyone to perform "spring cleaning" on their personal computers and mobile devices.
For more tips on how to avoid scams, check out BBB.org/scamtips. In addition, if you've fallen victim to this type of scam, you can help others avoid being scammed by filing a report BBB.org/scamtracker.
If you have been the victim of identity theft, go to identitytheft.gov for a personalized recovery plan from the Federal Trade Commission.
Courtesy of the Better Business Bureau - for more information visit: http://www.bbb.org/phoenix/news-events/.
If you believe your identity has been stolen, call 866.SMART68 today!