What’s the big deal about cybersecurity? Everyone seems to be talking about it, but a lot of those discussions are from big corporations. Questions for small businesses still stand—should you be concerned about it, and what do you need to get a DIY cybersecurity program together?
Do small businesses need to worry about cybersecurity?
Do you get the feeling that a hacker is just waiting to break into your systems? You might think that because you’re a small business, you don’t need to worry.
But wait! The truth is pretty scary. For example:
- 43 percent of cyberattacks are against small businesses
- 48 percent of data breaches are caused by hackers
- Human or system failures account for the rest
- Small business stored data is like candy to a hacker
- 68 percent of small businesses store email addresses
- 64 percent of small businesses store phone numbers and
- 54 percent of small businesses store addresses
- According to a study, 55 percent of companies said they’d had a cyberattack in one 12-month period
- Those companies spent an average of about $880,000 to fix the problem
- 60 percent of small companies close their doors within six months of being hacked
It’s easy to see that small businesses need to work hard to get their cybersecurity systems in place. You don’t need to be Equifax or Disney to have a cybersecurity problem.
Are you ready for DIY cybersecurity?
If you recognize the problem, you know how important it is to establish a DIY cybersecurity strategy. Get started now following these steps:
1. Secure your networks
It’s critical that you secure your network with firewalls, encryption technology, limiting physical access to the network, securing your Wi-Fi network and more.
Start with a security risk assessment. One thing you may notice immediately is that your company, like most other organizations, doesn’t employ people with the skills needed to secure your networks properly. You’ll need a number of different skill sets, including specialists in:
- Cloud Security
- Network Security
- Data Security
- Security Engineering
- Identity & Access Management
- Application Security
- Endpoint Security
Once the needed expertise has been acquired, you can identify where important information is located, organize it based on source or usage and develop and implement a strategy for network security.
Protective measures will need to be put in place and security monitoring will need to begin. It is very important that you remain in compliance with the rules and regulations that apply to your industry.
Regulators that publish regulations, like the Health Insurance Portability and Accountability Act of 1996 (HIPAA) rules for health insurance and the Payment Card Industry Data Security Standard (PCI DSS), have no sense of humor when it comes to non-compliance.
2. Employees MUST understand security rules and follow them
Employees are your biggest source of cyberattack vulnerability. Why? Because 90-95% of cyberattacks start in your email inbox. Phishing emails account for a large portion of cyberattacks because companies fail to teach employees about the danger. Hackers are getting better everyday, and fooling an untrained employee is often extremely easy.
Train your employees how to keep your data secure
Provide them with actionable steps like creating strong passwords. Some of the most common passwords in 2017 were 123456, 123456789 and the word “password”. If that doesn’t motivate you to insist on strong passwords, and make sure your employees change them often, nothing will!
3. Backup, backup, backup and recovery
If after all your work, you get hit with a successful cyberattack, you’ll want to recover as fast as possible. To do that, you need to enhance your DIY cybersecurity with a good backup and disaster recovery plan. It’s no longer just a way to get back online after a tornado or flood—it’s a critical piece of your cybersecurity strategy. You need to prepare with:
- A written disaster recovery plan
- Backups and data storage that exist off-site
- Regular tests of your plan to ensure it’s always working
4. Keep hardware and software up-to-date
Current hardware and software will help you protect yourself against the most recent threats. Check your technology on a regular basis, including operating systems, web browsers, application software, desktops, laptops and mobile devices.
Where do you go from here?
If you haven’t covered at least the most critical DIY cybersecurity issues described here, you need to get going—fast. If the list is longer than you can handle in a short amount of time, consider working with a managed IT services provider like Hill Country Tech Guys.
Latest statistics indicate that using the cloud, and a managed service provider, can be the best way to protect your organization without a lot of upfront costs for new hardware and employees.
Contact Hill Country Tech Guys for a full-service cyber security workforce that will always have your back!