What’s the big deal about cybersecurity? Everyone seems to be talking about it, but a lot of those discussions are from big corporations. The questions for SMBs still stand—should you be concerned about it, and what do you need to get a DIY cybersecurity program together?
Do SMBs need to worry about cybersecurity?
Do you get the feeling that a hacker is just waiting to break into your systems? You might think that because you’re an SMB, you don’t need to worry.
But wait! The truth is pretty scary. For example:
- 43 percent of cyberattacks are against small businesses.
- 48 percent of data breaches are caused by hackers, while human or system failures account for the rest.
- Think you don’t store data that a hacker might want? Consider that 68 percent of SMBs store email addresses, 64 percent store phone numbers and 54 percent store addresses. This is just the type of information hackers love to get their hands on.
- And, it gets worse. In one study of SMBs, 55 percent of companies said they’d had a cyberattack in one 12-month period.
- Do you wonder what happened to those companies? They spent an average of about $880,000 to fix the problem.
- In fact, 60 percent of small companies close their doors within six months of being attacked by hackers.
Are you ready for DIY cybersecurity?
If you recognize the problem, you know you need to get a DIY cybersecurity strategy in place. Here are the things you’ll need to do that:
1. Secure your networks
It’s critical that you secure your network with firewalls, encryption technology, limiting physical access to the network, securing your Wi-Fi network and more.
Start with a security risk assessment. One thing you may notice immediately is that your company, like most other organizations, doesn’t employ people with the skills you need to do a good job of securing your networks. You’ll need a number of different skill sets, including specialists in:
- cloud security
- network security
- data security
- security engineering
- identity and access management
- application security
- endpoint security
Once you’ve acquired the expertise you need, you can identify where your important information is located, organize it based on its source or usage, and develop and implement a strategy for securing your networks.
You’ll need to put some protective measures in place and start doing security monitoring. One really important thing to keep in mind is that you’ll need to make sure you’re in compliance with all the rules and regulations that apply to your industry.
Regulators that publish regulations like the Health Insurance Portability and Accountability Act of 1996 (HIPAA) rules for health insurance, and the Payment Card Industry Data Security Standard (PCI DSS), have no sense of humor when it comes to non-compliance.
2. Make sure your employees understand security rules and follow them
Your employees are your biggest source of cyberattack vulnerability. Why? Because 90-95 percent of cyberattacks start in your email inbox. Phishing emails account for such a large portion of cyberattacks because companies fail to teach employees about the danger, the hackers are getting better all the time, and fooling an untrained employee is often dead easy.
Train your employees on how to keep your data secure.
Provide them with actionable steps like creating strong passwords. Do you know what the most common passwords were in 2017? The list starts with 123456, number two is 123456789, and the word “password” comes in at number eight. If that doesn’t motivate you to insist on strong passwords and make sure your employees change them often, nothing will!
3. Backup, backup, backup and recovery
If after all your work, you do get hit with a successful cyberattack, you’ll want to recover as fast as you can. To do that, you need to enhance your DIY cybersecurity with a good backup and disaster recovery plan. It’s no longer just a way to get back online after a tornado or flood—it’s a critical piece of your cybersecurity strategy. You need to prepare with:
- Backups and data storage that exist off-site
- A written disaster recovery plan
- Regular tests of your plan to ensure it’s always working
4. Keep hardware and software up-to-date
Current hardware and software will help you protect yourself against the most recent threats. You should check your technology on a regular basis, including operating systems, web browsers, application software, desktops, laptops and mobile devices.
Where do you go from here?
If you haven’t covered at least the most critical DIY cybersecurity issues described here, you need to get going—fast. If the list is longer than what you can handle in a short amount of time, consider working with a managed IT services provider.
The latest statistics indicate that using the cloud, and a managed service provider, can be the best way to protect your organization without a lot of upfront costs for new hardware and employees.