According to an article by SunTrust, over 71% of cyber attacks are aimed at businesses with fewer than 100 employees. Hang on, let me try that again...
Over 71% of cyber attacks are aimed at SMALL businesses like yours and all of the ones we serve here in the Tampa Bay Area.
Further, the estimated loss to these businesses is $7,100 per violation.
The success of these attacks is attributed to the lack of sophistication in the security practices of these businesses and the failure to implement some of the most basic security practices.
So what are these practices?
- Employee Training: because the bulk of cyber attacks happen via e-mail and target humans, rather than technology, training your team is the top priority. Helping your team understand what attacks look like and the tactics being used can curb most attacks.
- Frequent Technology Updates: it used to be that having a good junk mail filter and a top-rated anti-virus were sufficient. These days, a web content filter and rock-solid firewall are absolutely necessary, among other things. However, of utmost importance are software updates. Everything that connects to the network needs to be updated on a regular basis. This makes the devices, software, and computer less susceptible to attacks that take advantage of vulnerabilities. that can exist in the software that runs them.
- Vendor Communication: despite a small business being on top of security, I have seen software vendors who are extremely lax in their practices. If you have the ability to switch to a more secure software, do so, but stay on top of them for security protections. If you do not have the ability to switch, be the squeaky wheel to that software provider or consult with your IT provider to mitigate the risk.
- Security Policies: everyone needs to know the ground rules for using the technology at your business. Scenarios such as: what will happen to business e-mail accounts on your personal phone after termination, or what kinds of passwords are acceptable must be covered. If the ground rules are in place but are not enforced, they are also useless. Convenience is nice, but security should be the priority.
- Reliable Backups: your backups may be your only recourse after a cyber attack. Do NOT skimp on them!
Taking just these few small steps to protect your business is critical and may mean the difference between staying in business and becoming a statistic. Sadly, most businesses I visit choose to remain in ambivalence and ignore the warnings.
As I get asked to perform assessments for Tampa area businesses, I regularly see ten common mistakes. Stay tuned because I'll be writing about those in the coming weeks.
