National Cyber Security Awareness Month
October 10, 2017
October is National Cyber Security Awareness Month
October has come again, bringing with it colder weather, changing leaves, and thoughts of Halloween candy. For those in the IT world, October is also National Cyber Security Awareness Month, a chance to review the past year, with special focus on security concerns and on ways individuals and businesses can help tighten cyber security.
Cyber Security and Small Business
This year has not been a good one so far for small business - or for large ones either. That said, small businesses continue to be most vulnerable. Annually, an average of 44% of small businesses report that they are targeted at an average loss of $9,000 per attack. Unfortunately, small businesses often have elaborate systems with lax security protocols, making them easy targets.
Cyber Security Risk Management
When running a small business, risk is inevitable. That means that risk is something you can - and should - plan for. If your business is connected to the Internet in any way, then you are at risk for a cyber security breach. Think about it this way. You have locks on your door for a reason. If not, someone could and probably eventually will break in. Don't view hackers as a maybe, because without security measures in place, it will happen. Hackers do not know or care how much your business is or isn't worth. They often send out indiscriminate feelers to find vulnerable systems and exploit them, like thieves and other criminals sometimes walk along looking for unattended, unlocked houses or car doors.
A key part of risk management is accepting that not all intrusions can be prevented. Sometimes, having a lock on a door isn't enough. Contingency plans help prepare your business to respond in the event of likely breaches. If hackers try to steal customer data, or take down your web portal, having a contingency plan maps out a way to maintain continuity of business while making your systems secure.
Back-ups should always be made regularly at a different physical location from your main place of business in case of natural disaster. In addition, back-ups must be secure and firewalled from your primary server in case of man-made intrusions. Without back-ups, timely continuity will likely be impossible. With back-ups, continuity of business is often a simple matter of making a phone call or pressing a button.
Create a Continuity Plan
As part of a risk management plan, you should list all possible risks to your business. This will include things like the power going out, that new product line not selling, and of course cyber security. These items may be interrelated: for example, the new product line may not sell if a hacker takes down your web portal. In the event that such an event happens, create a checklist of things to do in order to ensure business continuity. For example, for cyber security intrusion, it would be good to 1) have a secure backup in place 2) have someone or some procedure to activate that backup system and 3) notify consumers of any (hopefully brief) outages or issues in appropriate language. Make sure that employees know about this plan and are prepared to implement it as needed.
The best security plans will not work without proper training in place. If employees manage to find ways to use ‘Password’ as their password, for example, it really doesn't matter how great the security is in your single-sign-on environment. If no one is sure whose job it is to decide if you need to shut down the main server and switch over to backup, that other server won't do you much good when you need it. As part of National Cyber Security Awareness Month, the federal government offers free training materials every small business owner should see and share with employees. The final, critical part of Cyber Security plan is to make sure that everyone in your business knows the plan.
National Cyber Security Awareness Month reminds us that cyber security affects all segments of society. Whether small business, individual entrepreneur, or interested Internet user, any hack has the ability to affect us all. For small businesses with limited resources and minimal security, hacks can be especially devastating. Take the time to find ways to secure your business today.