It’s not news that small businesses are targets for cyber attacks that compromise their prized data. This can leave their data on customers and employees at risk and cost on average $86.5 thousand in legal compliance matters when there are breaches (e.g., informing those customers and employees, providing identity protection monitoring, restoring corrupted data).
Basic steps
Just a few years ago (a decade ago?), cyber security meant simply having a firewall and good password protection. (ComputerWeekly.com referred to this as “perimeter defense.”) No more. Greater security measures are needed to keep out the bad while maintaining access to information and resources. Some ideas:
- Company policies regarding employees using their own devices to access company data.
- Two-factor authentication (rather than a simple password)
Some firms ban or discourage file sharing in an effort to make their data more secure. However, this may help with security but at the cost of productivity and collaboration.
Using technology
When you think cyber security and technology, you likely think about encryption. However, according to Vera’s The State of Enterprise Encryption and How to Improve It, encryption isn’t the be all and end all. Encryption for data on company computers or stored in the cloud can be useful as part of an overall cyber security plan.
I don’t pretend to know anything about technology used for cyber security, but it’s important to know what’s happening in this area so you can ask your IT people, as I do, whether certain technologies are suitable or needed for your situation. Some things are new (new at least to me) and all are too technical and complicated for me to understand. Examples:
- Software defined networking (SDN). ONF defines it as “the physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices.” From SDN, which began in 2011, other technologies emerged.
- Containerization. TechTarget defines this as “an OS-level virtualization method used to deploy and run distributed applications without launching an entire virtual machine (VM) for each app. Multiple isolated applications or services run on a single host and access the same OS kernel.” This configuration can isolate applications and reduce what can be attacked.
Using outside help
Your business may not have the overhead or knowledge to manage your cyber security in house. You can overcome this by engaging outside help: a managed service provider (MSP) or a managed security service provider (MSSP). Some outside companies (like Omega Technology Solutions, Inc., which I use) are also providing virtual chief information officer (VCIO) services to help ensure that your company has sound security policies in place.
Being insured
Consider cyber liability coverage, which is insurance that protects a business from cybercriminals. Covered incidents can be ransoms when hacks hold data hostage, breaches that steal customer and employee data, or the theft of proprietary information. The policy provides funds for notifying affected individuals, credit monitoring for them, and legal fees and fines that the business may incur after a breach. It also covers the cost of data recovery.
Talk to your insurance company to see whether your business owner’s policy can be expanded to include cyber liability coverage or whether you need a stand alone policy.
Learn more about cyber liability coverage from:
Final thought
January 28, 2019, is Data Privacy Day, an event led in the U.S. by the National Cyber Security Alliance, with Visa and Verizon as contributing sponsors. Let this be a reminder to you to think about cyber security and protecting your company data.
