Every week, citizens of the world learn of a large company or government agency suffering a successful cyber-attack. What hardly ever gets reported is the hundreds of cyber attacks that succeed against small and medium-sized businesses. The security issues facing these companies is ever-growing. In 2014,60% of all online attacks were against companies. That same year, the average cost associated with a breach, for additional hardware and software to protect data was $8700. Three years later that cost has risen to nearly 10,000. And, that doesn’t include so-called soft costs such as public relations, credit monitoring for customers, defending against a potential lawsuit, loss of business, and more.
Small & Medium-sized Businesses Attractive to Attackers
While large companies can be more lucrative for cyber criminals, Businesses are often targeted because it is much less work for a cyber criminal to successfully attack a company than a large company. With many attacks on companies, they gain the amount of information with less effort.
On the flip side, Businesses have proactive measures they can take that are the Best IT Security Practices for Business.
Best IT Security Practices for Small and Medium-sized Businesses
Jeff Foresman, a consultant with Rook Security, an Indianapolis-based computer security company noted that many companies don’t understand or are ignorant of the risks facing them from cybercrime or how they can protect themselves.
“They don’t know what they don’t know. They don’t understand the sophistication of these attacks,” Foresman says
Following are five of the most prominent best practices that are easy to implement and highly cost-effective.
Use Firewalls
The Federal Communication Commission (FCC) urges businesses to install excellent firewall protection on company computer systems. Because so many employees work from home, it is an accepted practice to offer or mandate that employees install firewall software on home systems to secure them and the company links and data they have on them.
Password Policy
Develop and publish to employees a password policy that specifies the length and the composition of passwords. Also, the policy should mandate how frequently passwords should be changed.
Two Factor Authorization
2FA is shorthand for two-factor authorization. In addition to a username and password, 2FA uses another authorization factor. It could be a PIN number or a biological marker or even a nearby device. 2FA is quickly becoming the standard for sensitive information and system security.
Mobile Devices
Companies are allowing employees to “Bring Your Own Device” (BYOD) to work or on the road. Establishing clear security policies for BYOD is essential to security efforts. Mandating 2FA on these devices and equipping them with “wipe clean” software that can be activated if a device is lost or stolen keeps your company data safer.
Inform and Educate Employees
Although security starts with top management, all employees need to be educated and informed about the dangers lurking on the internet waiting to attack your company. Employees should never download a link from an unknown email address nor open links or downloads from unknown sites.
You Need Help
Most companies have limited time or staff to address computer system security requirements and keep system security up-to-date. For them, the best solution is a knowledgeable managed services provider (MSP).
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”