Today’s post was written by the Community Outreach Coordinator for HP’s Small Business Solutions.
Small Businesses are now being targeted by hackers more than any other business segment, according to a recent report from cybersecurity firm Symantec. With almost 50% of SMBs experiencing a data breach in 2016, having an understanding of cybersecurity and how potential breaches can affect your business is critical for companies of any size.
Maintaining a strong cybersecurity policy keeps your data safe and your customers happy. Check out a few easily-implemented tips on keeping your customers’ data safe and secure!
Control Your Information Access Points
Verizon’s 2016 Data Breach Investigation Report found over 10,000 instances of Insider Privilege misuse and over 170 data breaches stemming from internal access abuse. Not only are insider attacks prevalent, they’re also much harder to discover than outside hackers, with discovery time often taking months instead of days.
There are a few key ways to mitigate unauthorized insider data access, typically involving data permissions. Creating a unique account for every user makes it much easier to trace the source of internal breaches.
It also allows your security team to assign different levels of data access to users; if a user doesn’t need access to a dataset, they shouldn’t have access. Maintaining individual accounts allows for privilege granularity to keep data access tightly controlled.
Take Advantage of Multi-Factor Authentication
Multi-Factor Authentication (MFA) is a critical security feature that protects unauthorized data access even when user credentials are compromised; many prominent tech companies such as Google have now integrated MFA into their login systems. The security comes from requiring two different components to access a system, described in a Cisco white paper as: “something you have (a security badge), and something you know (your ID and password).”
By splitting up the required access information, this ensures that information remains secure even if one component is compromised. Another key aspect of MFA is the ability to use a diverse range of login credentials, including physical tokens, passwords, or even biometric factors like facial recognition scans or fingerprints.
Many professional machines, like business laptops from HP, now offer built-in biometric security features alongside traditional login options. Requiring multiple factors for account access becomes especially useful if your organization falls victim to password theft through unauthorized access or phishing attempts: just make sure to enable MFA before a breach occurs.
Educate Your Employees
Phishing attacks have been in the news a lot recently, perhaps most infamously through the successful email hack of John Podesta, Hillary Clinton’s presidential campaign manager. Phishing attacks occur when a target receives an email containing a compromised link or attachment; if the target clicks through or downloads the file, attackers can gain access to their email account or local computer.
Despite the danger, currently only 3% of phishing attempts are reported to IT or management. Educating employees on how to identify + report potential phishing attempts is one of the most effective ways to combat phishing attacks. Another key area of education is not only creating password policy but holding employees to it; the Ponemon Institute’s 2016 State of Cybersecurity report found that 65% of SMBs did not strictly enforce their password policies.
Employee passwords need to be strong and unique; using the same password for multiple accounts can cause breaches to spiral out of control as one credential set can be used to infiltrate several different accounts. Maintaining adherence to password policy is an essential part of any SMB’s cybersecurity strategy.
Cybersecurity is a critical component of business infrastructure for companies of any size. Maintaining systems, updating tools, and migrating to the latest technology are all essential aspects of a strong security policy, and implementing these tips will help strengthen and protect your SMB from outside (or inside) attacks.
Above all, stay engaged and up to date on the latest information and cybersecurity information; with new vulnerabilities exposed every day, your company needs to be aware of the latest threats to your data and your customers’ trust.
Katherine Luk is the Community Outreach Coordinator for HP’s Small Business Solutions team, focused on sharing information with small businesses and tech best practices. Katherine is passionate about learning new information about the latest in digital innovation, promoting small business cybersecurity policy, and engaging with the tech community.