In the wake of continued high-profile data breaches, safeguarding intellectual property, financial records, and consumers’ personal information has become more critical than ever. Although news headlines tend to highlight wide-scale attacks against large organizations—think J.P. Morgan Chase, Target, and Anthem—most attacks aren’t on such a grand scale. In fact, 77% of global cyber crime is targeted at small and midsize businesses (SMBs). Adding insult to injury, business disruptions average around $940,000 per breach, a cost that can devastate an SMB.
Why are small and midsize businesses prime targets?
Targeting SMBs is more enticing than it might seem. For starters, cyber criminals are looking for a low risk with a high return. Only 10% of police-reported data breaches result in conviction. Additionally, unlike their larger counterparts, small to midsize businesses typically have a fraction of the resources to address cybersecurity.
What can you do to protect your data?
Businesses need to take a proactive approach to preventing data breaches before they occur. Here are some pointers to equip your organization to handle cybersecurity threats.
Identify your most sensitive data
Defending your IT system starts with identifying your most valuable assets, including intellectual property, customer information, and financial data. Ask yourself a simple question: What’s our most sensitive data? Once you’ve answered this question, you can put controls in place to ensure that all categories of data are handled appropriately.
Raise employee awareness
One of the main factors leading to data breaches is lax employee security protocol compliance. Something as basic as employees neglecting to turn off their computers before going home, losing their mobile devices, or unknowingly falling victim to phishing scams and divulging sensitive information via a website link or email response can result in devastating data leaks.
It is essential to educate employees about their role in protecting your organization’s data, as is holding employees accountable for complying with your business’s Internet security policies.
Develop a security platform across departments
While it’s well and good to charge someone with overseeing information security, it may end up being little more than a check-the-box approach if the appointed person doesn’t engage other departments, too. IT, HR, finance, risk, and legal departments need to communicate in order to ensure a successful security strategy.
Based on the industry—and how highly regulated it is—internal audit, marketing, and vendor management departments may need to be involved as well. Communications, investor relations, and business unit leads can also provide critical support, particularly in developing response plans. Whatever your structure, cybersecurity should be a truly organization-wide function.
Have a crisis plan ready
Never underestimate the importance of being prepared. Have a well-considered plan in your back pocket with several contingencies based on likely scenarios. Once you’ve devised a plan, run an incident response exercise with key members of your security team and the rest of your staff.
Simulation exercises should identify and focus on real-time strategic decision-making from a technical, business, legal, and internal/external communications perspective. It's a useful strategy not only for getting the attention and involvement of top managers, but also for educating them about how prepared your organization actually is and to identify potential gaps.
Get professional help from experts
While all of these proactive steps significantly lower the threat of a data breach, working with an outside cybersecurity expert is a sound investment. Many SMBs simply lack the internal resources and technology to protect their systems from increasingly advanced threats, like hacking and the rise of ransomware. In these cases, a service provider with a solid reputation and extensive experience can augment your cyber defenses. Innovatix members have access to online security services from a number of proven contracted suppliers, including ASI System Integration, Best Buy, PC Connection, Saberpoint, and Zones.
Cybercrimes represent a very real and very serious threat for all businesses, regardless of size. However, with the right preparation, internal protocols, and external assistance, businesses can lower their risk of dealing with a data breach and its damaging effects.