Strategies to Help Your Business Thwart Cyber Attacks, Protect Systems and Secure Digital Assets

In a matter of a few years, the internet has consolidated itself as a very powerful platform that has changed the way we do business and the way we communicate. It has also opened the door to vulnerabilities of staggering proportions. Public- and private-sector organizations alike have been victims of cyber thefts of sensitive information, breaches of privacy, cybercrime, and cyber disruption (e.g., denial-of-service attacks).

If you think your industry or company is exempt, you should think again!

Cyber attacks against small- and medium-size businesses (SMBs) have skyrocketed by 72% in the past 18 months according to Symantec, a leading provider of SMB and enterprise-class security solutions. Cyber criminals are now starting to focus more on soft targets, especially small businesses, which typically have less protection and fewer resources.

Indeed, after a spate of high-profile cybersecurity breaches at major companies like Target and, more recently, Home Depot, JPMorgan Chase and Sony, the biggest players generally have strong protections, both in terms of technology and staff, to secure their proprietary information. But smaller companies and vendors, who can’t afford expensive security measures—and yet store some of their larger client’s sensitive data—are now in the crosshairs of sophisticated hackers. The result has been a digital arms race between cyber attackers, who look for new ways to circumvent the security solutions that companies put in place, and vendors and end-users, who are perennially on the lookout for new ways to improve the security of their solutions and policies.

Securing a business against increasingly sophisticated and frequent cyber attacks, computer viruses, hacked websites, or even a well-intentioned but careless employee can seem daunting, particularly if an organization is of modest size and does not have a “crack team” of cybersecurity experts on staff.

Protecting systems and digital assets requires a holistic, company-wide methodology to minimize an organization’s exposure to cyber criminals. While there are established, but constantly changing, best practices and low- or no-cost solutions for SMBs, the emphasis should be first and foremost on prevention and mitigation strategies, such as internal security policies, employee training and continuing education, system patching and protection, and use of best practices (safe internet, email, and desktop practices).

Most cyber incidents are caused by lack of education and training or human error. In fact, internal threats posed by an unqualified or disgruntled employee with trusted access to a sensitive system and information cause 80 percent of small business security problems. While technological solutions are vital to protecting information and systems, their efficacy is limited if it is not effectively adopted and implemented by the management team and used by skilled employees who follow well-defined processes.

Don’t assume that employees already know everything they need to know. All employees should receive proper training and periodic re-training. Other ways to keep employees up-to-date with the latest threats and make sure that they don’t sidestep basic standards of best practices is by distributing pamphlets, posters, newsletters, and videos; rewarding them for good security practices; and employing regular phishing security tests (PST). Statistics show that companies with employee cybersecurity training programs experience 50 percent fewer cyber incidents caused by their own personnel.

Disaster recovery planning represents another important aspect of protecting a company’s overall brand and value. Every company should do more than just having data backed up on a tape. There should be a well-documented and well-exercised disaster recovery plan.

Building a comprehensive DR plan before a breach happens is fundamental because even all the prevention measures that you can put in place are never going to protect you all the time—you need to know what you’re going to do in case of a cyber incident. This should include identifying, locating and backing up all the critical files in your system; testing restoring procedures regularly; setting up offsite storage for the system’s backup; having well-defined business continuity options; and knowing who is in charge of the DR plan.

For today’s SMBs, cybersecurity solutions and services can be outsourced, especially in light of budgetary constraints and lack of internal resources that many businesses experience while still needing to be on the lookout for an escalating number of threats and increased complexity of cybersecurity.

Leave a comment