Tag Archives: cyber security

Security considerations for small businesses in 2017

Small businesses are not exempt from caring about security. They, too, need to be as invested in what occurs in keeping their data and other aspects of the organisation secure. Though so much of security is often focused on big businesses and major breaches, such as hacking and cyber invasion, there are many aspects to security worth considering. To that end, if you want to be able to protect your businesses from outside interference, in order to actually produce quality work and meet client expectations, it’s important to consider what is happening in terms of security in the future. Businesses must stay ahead of security concerns in order stay ahead of those who would do damage and participate in criminal activities.

Everything is cyber

These days every business understands that being connected is essential. No longer are modern businesses only local, but are branched out into the rest of world. They exist in various forms, communicating through social media, email, website and so on. Even internally, data is stored digitally, people are able to operate and conduct meetings regardless of location. But this internal idea is itself part of the problem. As the American National Cybersecurity Institute noted:

“One of the biggest threats a company has that puts it at risk for an attack or data breach is its internal users. Lack of cybersecurity awareness and training can put organizations at a significantly higher susceptibility to cybercriminals. As Tripwire’s security engineer pointed out, security doesn’t just mean taking measures to prevent the attacks, but providing training and guidance on how to handle incident response in the event that an incident occurs. And this should be done throughout all levels of the organization, especially considering ransomware schemes like spear phishing happen primarily through emailing employees.”

Training is important but so is monitoring. So often when people consider installing, say, CCTV camera or a video wall controller, the assumption that it is to prevent outside interference. But the threats come from inside, too. This can be intentional or negligence. As SC Magazine pointed out:

“[Workers] taking the necessary steps to ensure security in the workplace becomes less of a priority for them as they seek to perform their job functions efficiently. In fact, 40 percent of firms expect a data breach in the next 12 months as a result of employee behavior, and employees indicated a widespread lack of awareness of good cybersecurity practice. The consequence is that over the last year, 78 percent of breaches have originated from within the extended enterprise (including contractors and ex-employees), the report found.”

This is a shocking number. In terms of the future, more businesses must focus on creating policy and training programs to highlight the dangers posed by employees themselves.

Education

Learning new skills and acquiring knowledge is never a bad thing. This is particularly important if, as we noted, employees learn what to do and what not to do in order to minimise any cyber dangers to businesses. Businesses owners must take the necessary steps to help minimise this danger and this means supplying education and courses that can enable their employees to not make any mistakes. Of course, nothing is perfect, but training isn’t about perfection in this case – it’s about reducing the chances of invasion, manipulation and so on from occurring which could threaten the whole company.

For example, you could begin by putting in place policies that minimise or completely restrict mobile devices. As Forsythe notes:  “As smartphones and tablets become constant companions, cyber attackers are using every avenue available to break into them.”

Most of us expect these expensive pieces of tech to be secure. In reality, they are not. With simple equipment, hackers can get in and make use of other, more powerful equipment nearby. For example, says Forsythe, “hackers can gain access to a nearby mobile device in less than 30 seconds and either mirror the device and see everything on it, or install malware that will enable them to siphon data from it at their leisure.”

You can also encourage employers to change their passwords regularly, instituting Two Factor Authentication on all their important accounts. Google, for example, sends a message to your phone when you login to your email from another device or computer. After all, if you suddenly login from somewhere else, that’s a red flag of hacking – since it means someone else is invading your space. But sometimes, of course, it’s just using a new or another device. Sending a quick note to your phone lets you authenticate it. Since hackers don’t have your phone, this is a much more secure method and is recommended by many cybersecurity experts.