The month of October is the tenth anniversary of National Cyber Security Awareness Month. (NCSAM) This is a great time to take a look at your business practices regarding computer security, network security, web site security, and data protection. A great place to start is the StaySafeOnline.org website provided by the National Cyber Security Alliance.
On this web site you can find tips on how to:
- Assess your risks
- Monitor threats
- Report cyber attacks
- Implement a security plan
- Protect your customers
- Train your employees
Smaller businesses are attractive targets for cyber-criminals because they generally have fewer defenses, and they generally have no formal policies or training in place for employees relative to computer and network use or network security. The web site reports:
- 77% do not have a formal written Internet security policy for employees.
- 63% do not have policies regarding how their employees use social media.
- 60% say they have a privacy policy in place that their employees must comply with when they handle customer information.
- 52% have a plan or strategic approach in place for keeping their business cyber secure.
- 45% do not provide Internet safety training to their employees.
- 67% allow the use of USB devices in the workplace.
- 59% say they do not require any multi-factor authentication for access to any of their networks
- 50% say that all of their machines are completely wiped of data before disposal.
You cannot afford to be one of these small businesses any longer. A couple of recent cases reported on this blog illustrate what can happen to the unprepared. Please read Escrow Firm Loses $1.5M In Cyber-Heist or NC Fuel Company Loses $800K to Cyber-Thieves for some disturbing examples of what can happen to your business if it is improperly secured.
A good start is to team up with a company that specializes in providing IT security services to small businesses. A security audit, vulnerability scan, or penetration test can uncover weaknesses in your cyber security that you and your system administrator or computer support provider can address. Doing nothing and hoping for the best is not a good choice.
Share
OCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com