Every week, citizens of the world learn of a large company or government agency suffering a successful cyber-attack. What hardly ever gets reported is the hundreds of cyber attacks that succeed against small and medium-sized businesses. The security issues facing these companies is ever-growing. In 2014,60% of all online attacks were against companies. That same year, the average cost associated with a breach, for additional hardware and software to protect data was $8700. Three years later that cost has risen to nearly 10,000. And, that doesn’t include so-called soft costs such as public relations, credit monitoring for customers, defending against a potential lawsuit, loss of business, and more.
Small & Medium-sized Businesses Attractive to Attackers
While large companies can be more lucrative for cyber criminals, Businesses are often targeted because it is much less work for a cyber criminal to successfully attack a company than a large company. With many attacks on companies, they gain the amount of information with less effort.
On the flip side, Businesses have proactive measures they can take that are the Best IT Security Practices for Business.
Best IT Security Practices for Small and Medium-sized Businesses
Jeff Foresman, a consultant with Rook Security, an Indianapolis-based computer security company noted that many companies don’t understand or are ignorant of the risks facing them from cybercrime or how they can protect themselves.
“They don’t know what they don’t know. They don’t understand the sophistication of these attacks,” Foresman says
Following are five of the most prominent best practices that are easy to implement and highly cost-effective.
The Federal Communication Commission (FCC) urges businesses to install excellent firewall protection on company computer systems. Because so many employees work from home, it is an accepted practice to offer or mandate that employees install firewall software on home systems to secure them and the company links and data they have on them.
Develop and publish to employees a password policy that specifies the length and the composition of passwords. Also, the policy should mandate how frequently passwords should be changed.
Two Factor Authorization
2FA is shorthand for two-factor authorization. In addition to a username and password, 2FA uses another authorization factor. It could be a PIN number or a biological marker or even a nearby device. 2FA is quickly becoming the standard for sensitive information and system security.
Companies are allowing employees to “Bring Your Own Device” (BYOD) to work or on the road. Establishing clear security policies for BYOD is essential to security efforts. Mandating 2FA on these devices and equipping them with “wipe clean” software that can be activated if a device is lost or stolen keeps your company data safer.
Inform and Educate Employees
Although security starts with top management, all employees need to be educated and informed about the dangers lurking on the internet waiting to attack your company. Employees should never download a link from an unknown email address nor open links or downloads from unknown sites.
You Need Help
Most companies have limited time or staff to address computer system security requirements and keep system security up-to-date. For them, the best solution is a knowledgeable managed services provider (MSP).
Where To Start in San Francisco can be reached firstname.lastname@example.org is such a company. Contact them for more information on computer security.