Home Depot and J.P. Morgan Chase have been through it. Apple was shocked that it happened to them. Even Target was hit in the bullseye.
In 2014, these companies, including thousands of others and millions of consumers, were victims of cyber attacks where private customer information was compromised or financial data was stolen. A large company may weather the customer fallout and public relations disaster caused by a security breach, but can your small or mid-size business?
It is estimated that 60% of small businesses will close within six months of a data breach. Your data can be breached by an outsider or even stolen by a disgruntled employee. With increased mobile users, digital applications and abundant wi-fi networks available when employees are outside of the office, the risk of a cybersecurity attack and data breach has also increased for your business.
Don’t wait until you have an issue—right now is the time to shore up your digital fortress and take steps so that a cyber-attack doesn’t happen in your business.
The first and least expensive measure that every business can deploy is education. Teach your employees to never click on anything in an email from an unknown sender and report it to your IT professional immediately. Not only can an email contain a virus that can affect your entire network, but it might also contain ransomware. Ransomware, such as CryptoWall, is a piece of software that, when installed on a computer or your network, will virtually lock up or remove a portion or all of your company data. The person who sends it then demands payment to re-institute your data. There is no guarantee that they will, nor that your complete data will be available and accurate.
Another way to educate your employees to keep your network secure is to have established and written IT security, password and acceptable use policies for using your computers and accessing the internet. For example, if your employees check their personal cloud based email, such as Gmail, Hotmail, or Ymail on a company device, your network becomes vulnerable and you are at the mercy of that provider to ensure that the emails are being scanned for malicious code.
While there are strategies to developing these policies, there is no one perfect document that can be applied to every business. To craft the right policies for your business, consider the sensitivity of information you are protecting, the systems and platforms your company accesses and the overall size of your organization. While you may find it difficult to write a comprehensive policy to cover your entire company’s security needs, your IT professional can guide you through the process. Don’t forget to review these policies annually as part of your disaster recovery plan. As the digital world evolves, your policies will need to reflect those advances.
Another preventative measure to protect your company’s data is to perform a security audit. This audit will scan your network and provide you with information on where your external vulnerabilities lie. Armed with this information, your IT professional can offer solutions to proactively protect your network. Also as part of your disaster recovery plan, a security audit should be performed annually, at a minimum.
The most costly, yet effective, means to secure your company’s sensitive and proprietary information is to protect it. By making the appropriate hardware and software investments, your network will have the greatest security. Installing firewalls, anti-virus and anti-malware programs, and SPAM defense programs will decrease your digital vulnerabilities.
The most important step to ensuring your company’s security is to have your cybersecurity hardware and software actively managed. Only active management guarantees that your programs are updated in real-time as new threats are discovered and patches are available.
One million dollars is the average cost and 32 days is the average time to resolve a cyber-attack, as reported by the Ponemon Institute in 2013. The costs to remediate a serious security breach not only include those to restore your network, operating platforms or data but also the cost of idle employees and the loss of service you could provide to your customers. It is far less expensive to proactively protect your network than having to resolve a cyber-attack. So take action now.
Martin Joseph has been an expert in the IT field for over 26 years and is the president of 360IT PARTNERS that serves Small and Medium Businesses. He can be reached at 360 IT Partners or 757-499-6761.