Data Security Methods That Are Effective for SMBs to Protect Themselves Against Today's Risks.
Small businesses can no longer consider themselves a small target or low risk when it comes to data security. Every business must make cybersecurity a top priority.
A recent report by the Ponemon Institute provides some sobering stats:
66% of SMBs have experienced a cyberattack this year.
69% of SMBs had their data breached--despite having detection systems in place.
45% of SMBs say that their organizations security is ineffective at mitigating attacks.
70% of SMBs have had employees passwords lost or stolen this year.
These statistics clearly point to a gap in the security business owners have and what is needed to avoid a costly data breach.
What Is Needed To Protect Against Cyberattacks?
The three main things that businesses are lacking is:
1. Effective password management
2. Effective endpoint security
3. Effective employee education
What Do You Need For Password Management?
For password management to be effective, an employer needs visibility into an employees password practices. The first step is being proactive in learning how employees are using passwords in your organization.
If Karen from accounting uses the same password for every financial services platform--that is something that needs to be addressed and corrected.
If John, the CFO, keeps his passwords in an excel spreadsheet--there should be a company policy in place to change that.
We recommend using an encrypted password manager and vault app like LastPass to unify where and how passwords are saved.
The beauty of a password manager is that you can store hundreds of passwords securely, but only need to remember one master password to access all of your logins.
Even Password Managers Need MFA Turned On
We have created several posts about multi-factor authentication. It's the process of setting up a secondary authentication method for proving your identity before a log-in is allowed. It's the system now used by every major financial institution online.
The reason MFA is so important is because it is still the most effective method of blocking unauthorized logins.
The cost of implementing MFA and a password management system is very low when compared to the cost of a breach.
Because Security Is Getting More Sophisticated, Phishing Is Still The Most Common Form of Attack.
Office 365 has anti-phishing protection that keeps getting better, and if you use it you should consider adding Advanced Threat Protection to your subscription-but even that is not foolproof.
You can have the best AI-based security detection programs running, but even they can't account for every human error. Employee negligence is the number one cause of data breaches in the US.
If Beverly the Executive Assistant clicks a malicious link that locks down your network, or Jim in sales believes that spoofed email appearing to be from the CEO requesting an immediate wire transfer to a new offshore account--there is little that AI can do to help.
You need to implement a consistent up-to-date employee cybersecurity education program. Regular phishing tests should be administered and when real phishing attempts are identified, they should be made public across the organization.
Don't Wait To Improve Your Security Strategy
Hackers will always target the weakest links. They will go after the SMBs who haven't invested in protecting their data first.
If you know that your business is in that 45% that is not as secure as it could be, contact an expert today.
Want to take a deeper dive into the state of security today? Download our free cybersecurity e-book.