Build a Cybersecurity Plan For Your Small Business
"Companies are struggling to fend off cyber attacks as hackers get faster, sneakier and more creative." – CNN Money
In an age where 1 million new malware threats are launched each day, small businesses need a better cybersecurity plan. Today, being paranoid is just good business.
A better plan includes:
- • Asking the right questions when assessing cyber threats
- • Implementing both short and long-term fixes
- • Preventing attacks before they occur
Cyber attacks have reached epidemic proportions. Symantec says five out of six large companies were targeted by cybercriminals in 2014. While the Sony and Target hacks get all of the headlines, small and medium-sized businesses (SMBs) are quietly under attack because IT constraints typically cause them to be less secure, and hackers can now launch large-scale, automated attacks at indiscriminate targets, reducing their time and investment.
So, small business is not immune. In fact, we’re experiencing a disturbing trend toward SMBs getting hacked more often than enterprise. A Verizon 2013 Data Breach Investigations report claimed 62 percent of data breaches were at the SMB level.
And SMBs are usually the least prepared to defend against today’s more sophisticated attacks at scale. Even more frightening, SMBs actually cut cybersecurity spending in 2014. What’s the deal? Are SMBs hoping for a truce? Or maybe a silver security bullet?
Yes, SMBs face security challenges large businesses do not. Security giant Kaspersky lists a handful of challenges specific to small business:
- • Limited IT infrastructure budget
- • Absence of IT security policies and procedures
- • Insufficient awareness among employees
- • No dedicated IT specialist on the company’s payroll
- • Outsourcing of security to unqualified contractors or system administrators
Another reason criminals are targeting SMBs is because enterprise has upped its game with multiple levels of security and dedicated security specialists – and they’re still (obviously) vulnerable. With SMBs now considered the low-hanging fruit, it’s time to rally available resources, train and educate, adopt best practices, and build a comprehensive cybersecurity plan full of both short-term and long-term fixes.
It starts with asking the right questions:
- • Assessing my day-to-day operations, which assets are most valuable?
- • Which assets directly affect consumer confidence?
- • Do we have a budget for cybersecurity?
- • Do we have a security policy to distribute to employees?
- • Does IT have specialized software and skills to defend an attack?
- • How are my competitors addressing this problem?
- • Do we have procedures in place to respond after an attack?
Remember, the quality of data is more important to hackers than the size of the company. Health and fitness companies have a lot of valuable data, including credit cards, customer contact information, and even health data.
Also, depending on the number of facilities you have, or the breadth of your services, your business may now be interconnected with a larger company’s supply chain or software system. Therefore, hackers may view your small business as the backdoor, or entry point, to your larger business partner and their treasure trove of data.
Wait, there’s more.
Loss of financial data can have both short and long-term ramifications. Loss of personal data can attract lawsuits and ruin consumer confidence. Loss of vendor, contract and confidential data can kill business partnerships and future opportunities.
Lots to process. We need a solution. So let’s get back to planning.
The long-term fix:
- • Raise employee awareness through policies and communications
- • Maximize spend on security skills and services
- • If necessary, outsource to a proven cybersecurity provider
- • Get top-down support for a security plan and budget
- • Don’t forget mobile devices and social media in your plan
The short-term fix:
- • Keep security software updated. If possible, make the updates automatic.
- • Demand the strongest passwords possible
- • Address both BYOD and WFH
- • Protect and govern confidential information
- • Test, test, test. Good cybersecurity is preventive maintenance.
Let’s hammer home the last bullet. Cybersecurity, by definition, "refers to preventative methods used to protect information from being stolen, compromised or attacked." It pays to reduce exposure and get in front of an attack. Why? Hewlett-Packard’s 2014 Ponemon Cost of Cyber Crime study reported malicious attacks, on average, can take up to 259 days to detect and another 45 days to resolve. Unraveling a year’s worth of problems doesn’t seem worth the risk.
Going forward, ask the right questions, employ short and long-term fixes, and focus on preventing cyber attacks before they occur. Shape a plan that makes the most effective use of your cybersecurity resources.
About CSI Software
CSI Software provides fully integrated, single source health and fitness club management software to health and fitness clubs, campus recreation centers, parks and recreation facilities, wellness centers and hotels and fitness resorts, as well as JCC, YMCA and YWCA organizations.
Protect Your Small Business With a Cybersecurity Plan