1. Introduction: Taking a Multilayered Approach
When you think about cyber security, it’s easy to get wrapped up in firewalls, malware, and other technical terms. To build a comprehensive security strategy, Brian Moran, a business consultant in Baltimore, Maryland, believes you should start with a different picture in your mind--your house.
“No one wants to sleep in a house with broken windows, unlocked doors, a leaky roof, or cracks in the foundation,” he says. “It’s an open invitation to criminals, animals, rain, and other forces of nature. If you value your business like you value the contents of your home, protect it. Otherwise, buy an umbrella and sell your valuables.”
When it comes to cyber security, those “leaky roofs” and “broken windows” come in many forms. The only way to protect yourself against ever more complex and severe cyber-attacks is with a multilayered approach to security, and that approach should take into account both technology and people issues.
2. Understand the New Threat Landscape
You can only successfully protect your business if you have a firm understanding of the types of criminals and cyber-attacks you’re protecting against and the data stores you need to safeguard. Surveys indicate cyber-attacks are increasingly targeting small businesses, in large part because they often have lax safeguards compared to large firms.
“In the last six to nine months, I’ve seen a tremendous increase in the attacks against small businesses; it has really spiked,” says Mark Gilmore, president of Wired Integrations in San José, California. “And the attacks are different than they were three to five years ago. Before, the attacks were designed to be malicious and cause havoc. Now they are very targeted and go after specific types of information, such as financial information.”
A cyber-attack can result in lost sales, interrupted cash flow, inability to deliver services, and damage to your reputation. “You need to understand the real risks of cyber-attacks,” says Aaron Hanson, product marketing lead at Symantec. “In many cases, a data breach costs a small business a month’s worth of profitability. In the worst case, the damage can be so severe it puts you out of business. In fact, six in 10 small businesses are out of business within six months of an attack.”
3. Determine Where Your Business Is Vulnerable
Businesses have different needs when it comes to protecting themselves. Some businesses accept credit cards and need to be PCI compliant; other companies work with legal or confidential documents and must set up additional measures of protection for them.
“I speak to dozens of business owners every month--in all shapes and sizes,” Moran says. “Very few of them, probably fewer than 15 percent, are fully covered and prepared if disaster were to strike.”
For example, he says one critical area that almost all business owners overlook is their customers and vendors. What if your business gets hacked or hit by a natural disaster? What happens to your business if you are shut down for a week, a month, or even permanently? Are you current with your accounts receivable? Do your top two or three clients represent more than 30 percent of your overall revenue? Are you located in the same area of the country as your customers (in the event a disaster hits that area--think Hurricane Sandy)?
Given all those complexities, a good starting point for understanding your risks is a complete security audit. “More and more small businesses are conducting security assessments and audits of their environments,” Gilmore says. “And that means a step-by-step examination of your technology--your servers, your applications, your mobile devices--and your processes, to identify your specific risks and the safeguards you need.” A Google search can help you find a local resource to help you perform a security audit.
4. Focus on the Human Element
While technological safeguards are critical, many data breaches are due to human error. For that reason, you should implement policies for how your employees should conduct themselves online; for example, they should not click on unknown links, and they should use strong passwords that include letters and symbols.
It’s equally imperative to educate employees about the reasons for these policies and about the risk cyber-attacks can pose to the business. Stress the importance of protecting mobile devices, systems, storage devices, and the confidential data these contain, from loss or theft.
In addition, the business owner should be a security role model. “If the business owner doesn’t care and is loose with security policies, you can’t expect the employees to care and follow them,” Hanson says.
5. Think of Security In Layers
With cyber-attacks becoming increasingly complex, small businesses need the latest technology protection, just as larger enterprises do. “Sometimes, small businesses use free or consumer technology, like antivirus software,” Gilmore says. “And too often they don’t realize they need commercial-strength technology, until a virus strikes, and their business is paralyzed for days because their computers have to be rebuilt, and they can’t access the Internet.”
The key is to think of security as a series of layers which work together to provide your business with the greatest protection against the increasingly diverse array of cyber threats. The protections include backup and recovery, a firewall, website trust markers, and endpoint security.
To understand the importance of a multi-layered approach to security, think back to the “house” analogy. In that case, you put a fence around your property, locks on the doors and windows, and an alarm system in case you are breached. In the case of your small business:
- A firewall is like a fence for your network, blocking unwanted malicious intrusions into your network.
- An endpoint security solution (which protects computers, laptops, servers, and other devices) is like the locks on your doors. It will block unwanted malware on your endpoint computers.
- A solution that monitors your computers is like the alarm system that can warn you if something penetrated your network.
- A backup and recovery strategy that can help you recover your files and systems in case of disaster is like having a homeowner’s insurance policy.
- SSL certificates--a critical safeguard for credit cards and other important digital information--authenticate the identity of your business and show customers that your site is secure. Indeed, trust markers displayed in search results can improve customer confidence and increase traffic to your site. It’s like a house displaying a seal of protection, which conveys you’ve taken the steps to ensure your business is safe and is being monitored on a regular basis.
As you can see, protecting your small business is not a matter of employing a single solution; rather, it’s the layers of protection that can keep you safe.
6. Make Security an Ongoing Process
Cyber-attacks are relentless, and criminals are always thinking of new strategies. This means that your defenses also must be ongoing and evolving. For example, endpoint security solution is only as strong as the latest update--you should regularly update your systems and scan your website for malware and vulnerabilities.
One way to accomplish this is to automate security. For example, you could purchase security subscription services for all employees and devices. Cloud-hosted security services are easy to install and easier to manage, and they automatically provide many safeguards--patching and properly configuring--that are often overlooked if being done manually. Remember: when it comes to protecting your “house,” it only takes leaving one window open once to suffer a terrible loss, so always make sure every door is locked and every lock is bolted.
Build the Right Security Solution for Your Business
The right security system should be robust yet easy to implement and manage. Symantec Endpoint Protection Small Business Edition features multiple layers of protection to protect your network and endpoint computers, and continuously monitors your environment to block the latest threats. Available as a cloud-managed service, it sets up in just minutes with no hardware needed, and it includes 24/7 support to keep you covered at all times, so securing your business is simple and quick. Interested in taking Symantec Endpoint Protection Small Business Edition for a test run? Sign up for your risk-free trial today!