Small and medium-size businesses face mounting risks to their data security. Data breaches at large corporations such as Sony Pictures and Morgan Stanley make headlines. But many smaller organizations are typically more vulnerable to threats because they lack the technical and financial resources necessary to properly protect sensitive data.
There are a number of reasons why. Many SMBs are unaware of cybersecurity best practices, according to the National Small Business Association. In a survey, the trade group said that nearly half—44 percent—of respondents experienced at least one cyber attack. SMBs also often have little understanding of the type and volume of data residing in their systems. And they may lack strong leadership expertise in data privacy risk management.
The good news? A whopping 97 percent of all data breaches can be prevented with basic security measures, according to a Verizon Data Breach Investigations Report. Here are a handful of simple strategies that SMBs can take to significantly improve their security posture:
1. Perform a security assessment. Bringing on a knowledgeable expert to conduct an assessment doesn’t have to be costly, and it can help identify critical weak points and practices.
2. Stay updated. Off-the-shelf antivirus software can be highly effective if it’s kept up to date and used judiciously.
3. Train employees. Basic education for employees on how to follow security best practices and spot potential data exposures can boost an SMB’s security profile and be instrumental in minimizing damage if a breach does occur.
4. Control access. Manage physical access to computers, as well as access to networks and protected data. Enforce strong user names and passwords. Reduce the number of privileged accounts, reduce privileges of authorized users, and record all logons and activities.
5. Manage risk with coverage solutions. SMBs can manage their risks with cyber liability and data breach policies that account for business interruption, forensic investigations, notification procedures and other potential post-breach costs.
For a data security consultation or if your business has experienced a breach, please visit CyberScout's consulting team. Our consultants provide practical solutions to help businesses avert, prepare for and respond to a data loss incident.