We all have heard about cyber security concerns and hackers breaching networks and compromising data from millions of people, but you also might be thinking that it only happens to big firms. In fact, 72% of data breaches happen to companies with less than 100 employees. Data breaches happen to businesses of all sizes – but we usually only hear about the large ones. Small businesses are much easier targets for hackers, and they often keep a lot of personally identifiable information in one place. This makes it easy for criminals to use that data for identity theft, tax fraud, and other financial crimes.
Small businesses spend less money on cyber security and don’t train their employees about what to watch out for. Ninety-five percent of data breaches are caused by employee mistakes like falling victim to a phishing scam or ransomware attack. Mistakes also include losing a laptop or smartphone or sending sensitive information to the wrong recipient. These best IT practices will help keep your network secure!
Security awareness training can help prevent these mistakes that lead to data breaches. It is critical to ensure that employees understand the risks to sensitive information and the threat of data breaches. Phishing and ransomware are the primary methods of attacks. Employees need to know how to spot phishing emails, phishing websites and the dangers of email attachments. A good training program will continually remind employees about the risks of data breaches and how to avoid becoming a victim. Cyber criminals are developing new scams and attacks every day and staff should be made aware of these scams.
Passwords are the key to networks, customer information, online banking and social media. To have the best practice in secure passwords include these things:
- Use strong passwords
- Change passwords every 60-90 days
- Don’t post your password in plain sight
- Consider using a password manager
- Consider using multi-factor authentication
Lost laptops, smartphones and USB drives continue to cause data breaches. Many businesses don’t realize how much sensitive information is on mobile devices. Confidential information could be in emails, spreadsheets, documents, PDF files and scanned images. The best way to protect sensitive information is to use encryption. Under many federal and state regulations, encryption is a “safe harbor.” This means if a mobile device is lost or stolen and the data is encrypted, then the incident would not result in a reportable breach. Customers and affected individuals would not need to be notified.
Backing up data will protect your business from data loss due to damaged servers or malicious code such as ransomware. Fire, flood, explosion or natural disaster can destroy systems that contain valuable information. Having up-to-date data backups and a disaster recovery plan will help recover and restore useful information. It is recommended that automated backups occur that securely copy data offsite. Data backups should be periodically tested to ensure the data can be recovered.
Although criminals are targeting small and medium sized businesses, employing best practices can help protect your company against cyber attacks and data breaches. If you need any help getting some of these practices in place, give us a call (970) 243-3311.