Small and medium-sized businesses (SMBs) often don’t have more than a few hundred dollars to spend each year on cyber security and may think they need to pay a premium for advanced security protection. Time to revisit that assumption.
It’s not always easy for small businesses to understand what they need to protect their assets from a cyber attack. So, if you’re running a business with 1 to 100 employees, here’s what you ought to consider as you pull together the elements of a cyber defense plan.
Improve Identity and Password Protection
Employees regularly use the same passwords to access both their business and personal apps and data. That’s a mistake, especially given how criminals have become smarter at cracking them. In an age when a Fortune 500 firm gave up the personal information of 145 million people, and large city governments are being held hostage for cyber ransom, SMBs clearly need better ways to properly check identities before anyone can gain access to their precious emails, files and other sensitive data.
There are effective - and secure - ways to validate identities without breaking the bank. As the business owner, you should require two-factor authentication (2FA), which essentially sends a message to your cell phone asking, “Is this you trying to access this computer or file?” This adds a significantly stronger layer of security than relying on only a password. After you enter the password, 2FA will assess your location, behavior and other analytics, before allowing access. It’s one type of biometric security that many organizations are adopting. SMBs ought to follow their lead as 2FA provides an inexpensive, enterprise grade layer of protection.
Protect the Endpoint
That iPhone and laptop you carry around are essentially what cyber security professionals refer to as “endpoints.” These are arguably the last line of defense preventing criminals from accessing your data by compromising the devices used by you and your employees - including mobile and desktop devices. If cyber criminals get past your service provider's network, or that unprotected router attached to the Wifi, then you need software that shields your laptop, smartphone, Windows server and PC from attack. And I am not talking about the free stuff that comes loaded or advertised when you buy a new device. For a few bucks per month, you can add significant and secure device protection by downloading a public app that attaches to a threat intelligence network to keep your data safe.
Keep Employees in Check
What if an employee started forwarding a bunch of business emails to their personal Gmail or Yahoo account? Wouldn’t you want to know about it? If they got a phishing email that contained a malicious link to a fake Office 365 page, wouldn’t you want to prevent them clicking on it?
Technologies that inform the business owner of a potential breach and takes the measures to prevent it, do exist. Some say they are only for bigger enterprises, but after interviewing SMBs about what these types of attacks would cost them, I believe that it easily justifies making the investment. No matter how much security training an employee receives, the risk is too great for them to make a mistake (whether deliberate or not) by clicking once, entering their username and password, then giving access to someone who wants to hold your business for ransom or expose information that only you should see.
The good news is that protecting your business is simpler than you might think. It’s a matter of how much of your cyber risk you want to mitigate. In fact, Symantec is working closely with telecom service providers (e.g. Comcast, AT&T, British Telecom), and cable operators to make the cyber process easier and cost-effective. With our support, you can consider them a resource to discuss the protection you and your business need to operate safely.
For more information, visit your service provider's website or send me an email: [email protected]
If you found this information useful, you may also enjoy:
We encourage you to share your thoughts on your favorite social platform.