Data security has never been more critical to business than it is in today’s technology landscape. Have you ever wondered; is your data safe? Well, it’s likely not! According to the COO of the National Cybersecurity Institute, “Fifty percent of small to medium-sized business have been the victims of cyber attacks and over 60% of those attacked go out of business.”* Scary statistic. The reality is that sensitive data is the new currency, and if nefarious actors want your data, there is little you can do. Your best bet: just cancel your internet.
OK, plunging back to the dark ages is not an option. International organized cybercrime networks, and malicious foreign states have many techniques at their disposal. Phishing attacks, CEO fraud, social engineering, ransomware and fund transfer fraud are among of some of the most widely used ones.
Much of the advice you read about is intended for large enterprises. What can a small to medium-sized business do to keep their data safe? Start with simple data classification. Focus on data assets are most important to your business. We call these your company’s “crown jewels,” your most prized data possessions. Whether it is your company’s financial data, intellectual property, or the one spreadsheet that runs your entire business, protect that data like it is the gold within Fort Knox. This is the data that requires the most focused investment.
There are certain technologies, processes, and barriers that you can put in place to ensure that your company’s “crown jewels” are less accessible. Security awareness training is a crucial component to ensure your employees are less “hackable.” Having a security-minded culture must start at the top of an organization. So you must set the example by participating in and advocating such training. Most small to medium businesses simply don’t think it will happen to them or do not make the investment in the right technology and processes for their IT Solution. Or perhaps, even worse, they do not have that trusted IT advisor or Managed Services Provider (MSP)/ Managed Security Services Provider (MSSP) to help them make an educated decision on what direction they need to take with their data security strategy.
In reality, there are many different ways to address data security and a balance of usability, investment, and awareness is crucial to success. Your IT security strategy should not be overly cumbersome. Striking a balance between security and usability is important to ensure continued efficiency in your business. The first step is truly identifying the data you need to protect. If your IT Department, IT Guy or Managed Services provider is not having this conversation with you, then you should initiate it or seek an outside advisor that will.
Think your IT has what it takes? Think again.
Managing Partner, Director of IT
*“Small Business, Big Threat: Protecting Small Businesses from Cyber Attacks,” Statement for the Record: Dr. Jane LeClair, Chief Operating Officer,
National Cybersecurity Institute at Excelsior College Before the United States House of Representatives Committee on Small Business, 4/22/15, http://smbiz.house.gov/UploadedFiles/4-22-2015__Dr.__LeClair__testimony.pdf