The Identity Theft Resource Center said the number of data breaches reported in 2018 dropped 23% compared to 2017, and yet the number of sensitive consumer records exposed increased 126% year-over-year.
Small businesses especially are increasingly under attack because hackers know they often have less resources to defend themselves.
According to a recent Symantec security threat report, almost 90% of small businesses don’t feel at risk of experiencing a breach.
Unfortunately, the security issues are often compounded by employees who are unaware of the actions they take at work that can affect the security of their company’s data. Uninformed or careless employees’ use of technology is often responsible for cybersecurity incidents.
The first step is to focus on a few important ways you can tackle offenses in the workplace.
HACKING THE HUMAN
There are always viruses and other malware floating around, just waiting to do harm. It’s surprisingly simple to make a virus. The art of “hacking the human” is becoming more and more common.
For example, you get an email from someone who tells you they have hacked your system and give you a password you have used, or maybe still use. They then proceed to encourage you to send them some amount of bitcoin as a threat to release unfavorable information.
An employee needs to know it is important to tell you, but it can be so alarming they may avoid the issue. The good news is this kind of activity is easy to solve with the right technology.
You would think if you have the right anti-virus program, you are safe. In a perfect world, you’d install it and forget it. Actually, that’s what a lot of folks do. I think the biggest issue with anti-virus is people assume it’s a miracle worker that can protect you from everything and requires nothing on your part.
Be sure your employees understand what anti-virus programs you have, as well as what their responsibilities are to maintain and report issues on their office and mobile equipment.
USE BETTER PASSWORDS
Be sure to talk about passwords, and how to manage them. According to a Verizon report in 2017, 81% of hacking-related breaches leveraged either stolen and/or weak passwords. Passwords like your birthday, “12345” or “Password1” are not good choices.
The Wall Street Journal recently published a list of the most used passwords – and it is scary. If you have a password that is on this list, change it. Employees may even be recycling their passwords, but they should not use the same one again. Microsoft has a helpful set of password creation standards you might want to use as a guideline.
IN STORY 300×250
/ IN STORY 300×250
UNDERSTAND THE CLOUD
Make sure you and your employees understand cloud storage. Applications like Google Drive, Dropbox and iCloud are becoming a regular part of business, but these file-sharing services typically take data outside the local IT environment where you don’t have control of the company’s privacy settings.
The best way to avoid risks to your data is encryption.
The cloud gives you and your employees access to your data anywhere with a network connection. This all sounds great, right? It is, but as with anything on the internet, these services need to be used responsibly. You need access controls so just anyone can’t access your data.
Google and other search engines actively search every nook and cranny of the internet and index whatever they find. If you upload data that can be found, it will be found.
Employees often want to use their own devices at work, yet this can create significant security risks if not handled properly.
What if a device is stolen, lost or misused? Your business data may now be in the hands of a third party that could breach your company’s network and take valuable information. Discovering a data breach on an employees’ devices is difficult without tracking and monitoring, just as you do your own company’s assets.
The growth of phishing attacks in both frequency and sophistication is an important reason to make sure employees are aware of threats and how to avoid fake email. It is human nature to click on a link when someone offers you a “good deal” or scares you with anything related to money.
Be sure when employees are using their spare time to check email, they are not filling out forms with personal data or opening an email from a sender they do not know. When we download an attachment sent by an unknown person, it can be from a hacker or other attacker who is planning to download malware on our computer.
Be sure employees know it is better to copy a link and open it in a new browser.
These reminders barely touch the surface of the many tasks of small businesses to keep their important information safe.
Small businesses need to create a security culture. This means providing written, reasonable security policies and ongoing training.
Breaches will always be different and always require up-to-date prevention. Making your security culture a permanent focus just like you would your other business goals will save money and time.