It’s fairly easy for SMBs to tune out the seemingly daily headlines of massive data breaches—many SMBs simply think that a data breach is not a small business problem. But, it’s not just large corporations on the receiving end of targeted attacks aimed at stealing valuable business information; SMBs are the unfortunate victims of their fair share of data breaches too. And it’s costing them to the tune of $214 per lost record.
If even the big guys are falling victim, what’s an SMB, with limited budgets and fewer IT resources, to do to protect against such costly attacks? SMBs, it’s time for action. As the age-old sports mantra goes, ‘the best defense is a good offense.’ And, National Cyber Security Awareness month is the time to make sure your offensive line is in shape.
Symantec recommends the following to get you playing at a championship level:
• Know what you need to protect: One data breach could mean financial ruin for an SMB. Today, small businesses’ critical information lives beyond the walls of the office on laptops and mobile devices. Look at where your information is being stored and protect those areas accordingly. To ensure the business is protected, focus on protecting your confidential information wherever it resides, as opposed to protecting the device.
• Enforce strong password policies: Maintaining strong passwords will help you protect the data stored on a laptop if a device is lost or hacked. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?). Have employees change their passwords on a regular basis, at least every 90 days.
• Secure email and Web assets: Select a mail and Web security solution that can help mitigate spam and email threats so that SMBs can protect sensitive information and spend more time on day-to-day activities. Backup and recovery is also a critical component of complete information protection to keep SMBs’ desktops, servers, and applications running smoothly in case of disruption.
• Encrypt your information: Implement encryption technologies on desktops, laptops and removable media. With encryption, your confidential information is protected from unauthorized access, providing strong security for intellectual property, customer and partner data.
• Use a reliable security solution: Today's endpoint protection solutions—whether delivered as software or hosted services—do more than just prevent viruses. They scan files regularly for unusual changes in file size, programs that match the software's database of known malware, suspicious e-mail attachments and other warning signs. It's the most important step small businesses to protect your information.
• Stay up to date: A security solution is only as good as the frequency with which it is updated. New viruses, worms, Trojan horses and other malware are born daily, and variations of them can slip by software that is not current. The good solutions make this seamless, but if you want to alleviate this burden all together, you can also use a hosted service, which will automatically update occur transparently over an Internet connection to help keep employee systems current and consistent with policies whether they are in the office or on the road.
• Educate employees: Develop Internet security guidelines and educate employees about Internet safety, security and the latest threats, and what they can do individually to combat them. With October dedicated to cyber security awareness, now is the perfect time for SMB owners and IT professionals to open up a dialogue and establish policies for employees to help mitigate security threats—whether they are spam, malware, phishing or any combination.