The Biggest Security Threats to Your Business
MCEDC organized and presented an expert panel to address cyber safety for small businesses. Why does it matter? It turns out that 60% of small businesses that suffer a cybersecurity attack go out of business within 6 months and 90% don’t use any data protection at all for company and customer information.
The panel included moderator Susan Prince, a communications strategist at MITRE Corporation, which oversees a collaboration with NIST and the National Cybersecurity Center of Excellence (NCCoE).
She was joined by Ola Sage, CEO of CyberRx and Sapna George, VP of Development & Engineering, Cryptonite NXT with tips for small business owners on protection from cyber attacks.
5 Tips from our expert panel:
Buyer beware: Some small businesses don’t spend enough time considering their needs. Instead, they randomly buy cyber protection products thinking they will help. Our experts suggest taking the time to consider what you really need. Is it your data you are trying to protect? Client data? Other? Careful thought to these answers will help determine more specifically the type of security you may need.
Protect with two-factor authentication: In addition to not sharing passwords, there is another smart way to add an extra layer of protection: two factor authentication. Essentially, it is the process of using a password and receiving a code via text that you need to enter to gain access to particular sites. When the two-factor process is an option, it is highly recommended that you take advantage.
There’s no free lunch and free Wi-Fi may cost you: Insecure free Wi-Fi is too easy for a hacker to hijack and attack – and steal log-in passwords or intercept data that you are transmitting. Our panels recommend finding alternatives to free Wi-Fi at coffee shops or hotels; for example, using a hot spot or other source from your mobile service provider. It is especially important to avoid using Wi-Fi when visiting sensitive sites, like a bank or other financial institution.
Be Social media safety savvy: In addition to changing passwords regularly, it’s important to stay vigilant on social media. Be wary of opening malicious links or other ways for hackers to fraudulently gain access. Train employees to be wary of suspicious links. Ensure that every person in your organization understands the critical important of not clicking on suspicious links and to stay vigilant as a group about potential cyber threats.
Backup and Recovery – In the event of an attack, be sure you have a backup of your system. Keep an active, working back of your important documents and files to avert a disaster.
NIST Cybersecurity Resources
The National Institute of Standards and Technology (NIST) released the cybersecurity framework that provides guidance to every small business to protect their company. NIST has created a graphic and information about the 5 Core Functions that show the lifecycle of an organization’s cybersecurity risk management.
Develop an understanding of their environment to manage cybersecurity risk to systems, assets, data and capabilities.
Develop and implement the appropriate safeguards to limit or contain the impact of a potential cybersecurity event.
Implement measures to quickly identify cybersecurity events. Continuous monitoring is effective in analyzing and preventing cyber attacks.
Should a cyber incident occur, organizations must have the ability to contain the impact. Craft a response plan, define communication lines among parties, collect and analyze information, perform all required activities to eradicate the incident and incorporate lessons learned.
Develop and implement effective activities to restore any capabilities or services that were impaired due to a cybersecurity event. Your organization must have a recovery plan in place.