Protection to Perfection: 5 Considerations for Securing SMBs
Cybersecurity threats can't be reasoned with, they can't be bargained with. They don't feel pity or remorse or fear and they absolutely will not stop, ever. Until your company’s data is gone. Okay, so that’s a bit over-dramatic, but an increased focus on information security and cybersecurity threats has forced corporations to put more and more resources—including people, technology, and budgets—into protecting themselves. As a result, large organizations have become more difficult for malicious hackers. So the cybercriminals are turning their unwanted attention to businesses they consider to be softer targets. Unfortunately, small & medium businesses (SMBs) fall into this category. Budget and resource constraints often leave information security at the bottom of the list of priorities. It’s true that there is no easy, one-time solution to information security – it takes time and careful consideration with all relevant stakeholders.The situation has gotten so serious, the government has even stepped in. A new Cybersecurity Small Business Act recently signed into law requires the National Institute of Standards and Technology (NIST) to issue guidance and a consistent set of resources to help SMBs identify, assess and reduce their cybersecurity risks.The thinking is that while businesses rely on the Internet to run more efficiently and reach more customers, they are also becoming more and more susceptible to hackers. Large businesses have the resources to fight cybercrime and protect themselves, SMBs do not. The Cybersecurity Act gives SMBs the tools and resources to help firm up their cybersecurity infrastructure and fight online attacks. Ultimately, a strong information security program will help any organization gain and retain customers, employees, and business partners. It’s just good for business in an online world. Customers have an expectation that their sensitive information will be protected from theft, disclosure, or misuse. So protecting your customers’ sensitive information is a clear example of good customer service.To help SMBs prepare to protect their content, we’ve put together a list of five things to consider:1. Identity and access managementMalicious hackers often masquerade as legitimate users, developers or partners to gain access to sensitive content. Poor access control enables unauthorized access to content and potentially catastrophic damage to organizations or end users. With financial resources, reputation, and intellectual property on the line, businesses must ensure that the right people have the right access to the right content for the right reasons. At all times.2. Awareness of regulatory compliance An increased focus on privacy is complicating the legal and regulatory environment. Laws such as Europe’s General Data Protection Regulation (GDPR), and similar local laws like the California Consumer Privacy Act, give increasing privacy rights to individuals but also place increasing burden on businesses to identify, manage, protect, and report on protected data. Amazingly, nearly 20% of SMBs in the UK and Germany are not aware of GDPR. And for businesses outside the EMEA, nearly 50% are unaware1. SMBs are not exempt from regulatory compliance and must stay on top of these changes or suffer the fines and brand damage. 3. Malicious and not-so-malicious insiders Insiders – employees or others who work for a business – are one of the main sources of security incidents. Because they are already known, trusted, and have been given access to important business information and systems, they can easily harm the business (deliberately or unintentionally). Unfortunately, these types of events can be difficult to detect. Currently, Machine Learning (ML) can address narrow, well-defined problem sets like data classification and predicting user behavior. As technology grows, it will be leveraged to stop malicious or accidental insider breaches before they happen and become an integral part of business security practice. 4. Data breaches These may result from a targeted attack, human error, or poor security practices, and are the top concern for most businesses. Critical data breaches at large companies are in the news on a regular basis these days. A single breach can result in massive losses, both in money and reputation. However, data breaches at SMBs don’t usually make the headline news but can be equally devastating. Customers become angry, you lose trust, and your entire business can be jeopardized.5. Do the right thingIt all comes down to people, process, and technology. Start with your people. Define who is charged with security and compliance, whether they are the right people, and whether they have the right tools and work together effectively. Determine the roles, responsibilities, and accountability and assess the need for changes. Developing a good roadmap and checklist for your people, processes, and technologies will yield the greatest chance of success.When it comes to processes, remember that security is about prioritizing risk. So first focus on the processes that are most integral to your business and that handle the most important data. Assess whether that data is adequately protected end-to-end. Identify the gaps and weak spots and determine the options for addressing them. Make security a key element when building new processes in addition to effectiveness and efficiency. When looking at technology, address both the systems and applications that are part of your business processes and the security technologies you use to alert on and remediate issues. In order to add the most value to your business, every application or solution needs to be cost-effective; easy to deploy, update and use. Any SMB that thinks their business is not on the radar of cybercriminals, think again. There is no business too small for a cyber attack. On the bright side, help is available to businesses that want to firm up their cybersecurity infrastructure and fight online attacks. Avoid getting hacked. Check out our blog 10 ways to get hacked. Visit the Egnyte website for information on data governance and protection. Sources: 1- IDC Worldwide SMB Preparation/Plans for GDPR-2018 Doc #US43650018