11 Apr 7 Things Small Businesses Can Do To Mitigate Cyber Security Incidents
Last March, a jury awarded Irvin-based lender, Mount Olympus Mortgage Co., at least $25 million in a lawsuit involving stolen loan files, personal information, and other sensitive data. The files were allegedly siphoned by former MOMCo employees from the firm’s IT systems in Orange County, CA, to a competitor in Chicago.
While Mount Olympus Mortgage was fortunate enough to discover the data breach, identify possible suspects, and eventually get compensated, not all victims of cyber attacks are as lucky. Some victims fail to detect breaches. And if they do, many of them are unable to recover losses associated with the attack.
Because they normally have no dedicated staff (or officer for that matter) in charge of information security, small businesses are particularly vulnerable to these attacks. In this post, we outline some of the things you can do as a head of small business to minimize the risk of these incidents.
1. Perform onsite and offsite backups
Data backups help minimize the impact of incidents that result in data loss. Some examples of such incidents include fire, natural disasters (e.g. floods, earthquakes, hurricanes), stolen hard drives or computers, ransomware attacks, and certain malware outbreaks. If your main datastore is rendered unusable, you can still retrieve the information you need from your backups and continue doing business.
2. Implement data-in-motion and data-at-rest encryption
Encryption renders information unreadable. This can be very useful for preserving the confidentiality. Even if attackers can somehow get hold of your encrypted data, they’ll find it impossible (assuming your encryption is strong) to acquire the information kept within. Encryption can even serve as a safe harbor for breach notification legislations like California S.B. 1386.
3. Use an updated antivirus
A good antivirus solution can prevent your systems from getting infected by trojans, viruses, worms, ransomware, and other types of malware. Some solutions can detect websites or file attachments that contain malicious code and warn you about it. Notice that we included the word “updated”. Unless your antivirus database is up-to-date, your antivirus will not be able to detect and destroy the latest malware.
4. Do regular software updates/patches
Software patches usually include security updates. These updates are meant to fix known vulnerabilities that existed in previous versions. A lot of cyber attacks exploit known vulnerabilities in order to enter your system, so it’s always a good idea to carry out these updates regularly.
5. Implement a strict password policy
You probably know this by now – you should never use weak passwords. Still, we keep hearing about data breaches involving broken passwords. People just never learn. Bear in mind though that the use of “strong passwords” isn’t the only thing that makes up a good password policy. You also need to incorporate mechanisms that enforce password expiration dates, replacements, notifications, and avoidance of previously used passwords.
6. Educate and train employees on information security best practices
You can have all the greatest, state-of-the-art cyber security solutions and have the most stringent security policies but if you can’t get your people to buy in to your security plan, all your security investments and expenses will just go to waste. You need to help your staff understand the consequences of disobeying policies or circumventing security countermeasures. Likewise, you need to train them in order to reduce risks and maximize the strength of your cyber security infrastructure.
7. Establish an information security plan/program
These are just some of the things you can do to mitigate cyber security incidents. But in order for all this to be really effective without breaking the bank, you need to have an overarching plan or security program that would make all your security solutions, policies, and procedures work in a cohesive manner.
If you don’t have the expertise to put together a sound cyber security plan or program, then hiring someone who does would be your best recourse. Highly trained professionals like our cyber security specialists here at briteCITY can put together a plan tailor made for your organization. A well-thought-out cyber security plan can bring down your risks to the minimum in the most cost-effective way.