Click to learn more about author Ben Hartwig
Yahoo. Equifax. eBay. Facebook. Marriott.
These companies all have one thing in common – they suffered a data breach that saw millions of users’ data get exposed. These corporate juggernauts are not alone either, as a literal “who’s who” of large organizations and governments have been the targets of a relentless attack by cybercriminals looking to steal sensitive information.
Small and Medium-Sized Businesses Aren’t Immune
According to Verizon’s Data Breach Investigation Report, small businesses accounted for 46% of all data breaches, and more than half (56%) of all cyberattacks went undiscovered for several months. A separate study from the Ponemon Institute found that 47% of small businesses admitted to having no idea how to protect themselves from a cyberattack. 10% of small businesses that suffered a data breach went out of business after six months, and 25% filed for bankruptcy.
One of the primary reasons why many small businesses have a massive target on their backs is because hackers know that some organizations lack the time and resources to beef up their cybersecurity. For a cybercriminal hell-bent on stealing customer financial data, for instance, a local restaurant with a CRM and stored credit card details are easy pickings.
Cybersecurity Professionals Share a Gloomy Outlook
Another Ponemon study found that many organizations are struggling to maintain a robust cybersecurity posture to keep data breaches at bay. The most challenging aspect is their inability to keep up with essential software vulnerability patching and mitigation. 68% feel that they are understaffed, and a majority (63%) admit that they can’t act on the security alerts fast enough. This presents a significant problem for organizations.
Your Cybersecurity Plan
Data breaches are only going to grow in size and frequency over the next few years. Here are a few tips on how your business can defend against cyberattacks and data breaches.
1. Perform a company-wide security audit to discover vulnerabilities.
There are over 250 attack vectors, including malware and phishing, that could lead to a full-scale attack on your IT infrastructure. The first order of business should be to determine the size of your attack surface or everything that connects to your network. Some of these are things you might not have even thought twice about, such as IoT devices, BYOD, and printers.
Do an audit on all company computers, applications, phones, tablets, routers, servers, industrial control systems (ICS), and anything that can connect to the internet. Exhaust all possible sources for a breach or exploit, including cloud, internal, and third-party assets from your business partners.
2. Use an encrypted database to store sensitive data.
Data Quality Management (DQM) shouldn’t be confined to improving and measuring data. DQM best practices should also include keeping sensitive information in a secure and encrypted database to prevent it from falling into the wrong hands. Enforce multi-factor authentication on all accounts and encrypt everything – trade secrets, employee files, and client information. It would help if you also had off-site backups and cloud redundancies in the event a hacker makes it past your defenses and corrupts all the data.
3. Use enterprise security software on workstations and servers.
Protect all workstations, devices, and servers inside your organization with an enterprise-level security solution from a leading vendor to help mitigate the risk of a data breach. Installing security software adds an extra layer of protection because it can block network intrusions on the router, server, and workstations. Security software can also detect and prevent malware from infecting your system. Companies offer different levels of protection, depending on the size of your business and what level of security you need.
4. Set priorities on what your IT team needs to work on and automate as much as you can.
To shorten the gap between the number of security alerts and resource allocation to deal with them, you need to make a risk assessment to know what problems to fix first (based on severity) and what can be safely delayed. These include security patches, misconfigured devices, and password problems. Using automated tools (included in cybersecurity solutions) for vulnerability detection and asset inventory can help close cybersecurity gaps even further.
Conclusion
Cybersecurity preparedness is critical for all businesses, regardless of type. Cybercriminals aren’t a choosy bunch, and they will attack most vulnerable organizations. Don’t become another statistic, and protect your business today.