Data Security at SME’s are targeted by cyber attackers for their lack of resources or expertise to effectively protect their data. Managed security services provider Alert Logic estimates that small businesses make up 58% of malware attack victims, and that 94% of these attacks are carried out through malware or phishing emails disguised as bills, invoices, email delivery failure notices, and package delivery notifications.

A study by technology conglomerate Cisco reports the top three security issues from small business respondents: targeted attacks against employees, ransomware, and advanced persistent threats.

In terms of cost, CyberSecurity Ventures estimates that these cyberattacks will set businesses back $6 trillion annually by 2021, a steep climb of $3 trillion from 2015; and the toll includes “damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.” 

Data Security practices that can save you

1. Use a firewall.

The Federal Communications Commission (FCC) recommends that all SMEs set up a firewall as one of their first lines of defense. To round out your firewall protection, install internal firewalls to reinforce your standard external firewall. If you have staff working from home, require them to install a firewall on their home network—even better, provide firewall software and support for home networks.

2. Document your data security protocol.

Data security is one area of your business operation that requires proper documentation. Here are references you can check out to make sure you you’re doing it right: 

  • Online training, checklists, and information on protecting online businesses c/o the Small Business Administration’s cybersecurity portal 
  • Cyberplanner 2.0 (Federal Communications Commission)
  • C3 Voluntary Program for Small Businesses (which offers a detailed toolkit for determining and documenting cyber security best practices and policies)

3. Educate the entire organization.

Because SMEs’ size often entail multitasking and multiple roles, it pays to train all employees on your company’s network security best practices and policies, and to back up that training with regular updates in concurrent with evolving policies. 

Finally, instill a sense of accountability through a signed document stating that each employee has been informed of the policies and of the actions that may be taken if they go against security policies.

4. Perform regular data backup. 

Regardless of the extent of your precautions, your data can still be breached. SBA recommends backup for the following: 

  • Word processing documents
  • Electronic spreadsheets
  • Databases
  • Financial files
  • Human resources files
  • Accounts receivable/payable files 

All cloud-stored data must also be backed up, with backups stored in a separate location in case of fire or flood. Backups have to be checked regularly to ensure proper functioning of the most recent files.

5. Include mobile devices in your security measures.

Create a BYOD policy focused on security precautions that cover such wearables as smart watches and fitness trackers with wireless capability. Norton by Symantec advises small businesses to require employees to set up automatic security updates, and that the company’s password policy apply to all mobile devices accessing the network.

6. Implement safe password practices.

If your company is still using passwords? if you are, hopefully, it is as part of a combination of authentication methods such as two-factor authentication (2FA). Then ensure that your employees strictly adhere to your password management guidelines (which should include safe storage) and implement regular password change. 

7. Install anti-malware software.

Phishing attacks can involve installing malware on an employee’s computer. When a link is clicked installing malware software on all devices and the network. Phishing attacks also often target specific SMB employee roles, use position-specific tactics as part of your training. Therefore it is recommended to install Anit-Malware. As well as provide training on phishing attack methods.

8. Adopt passwordless multifactor authentication (MFA).

It’s truly time to replace passwords and all the threats that come with them. Therefore beef up your security with passwordless multifactor authentication.  MFA is a form of identity confirmation utilizing a as many as four elements from either of the following categories:  

  • Knowledge (PIN, username and password, if you still prefer to use them) 
  • Possession (token, USB key, magic link, or card) 
  • Inherence (biometrics—e.g., fingerprint, voice, iris scan) 
  • Location (determined through GPS tracking)
  • Time (considered the fifth element, which prevents attacks by verifying employee IDs against work schedules. Or against the time it takes to get from one location to another, both of which show up as places of transaction/activity)

While stepping up your cybersecurity will take resources. It is worth it in the end to avoid the far steeper cost of recovery of data, replenishment of capital, and rebuilding customers’ trust.

Use your resources to grow your business rather than react to an attack that could potentially spell the end. Level up and choose enterprise-class security to ensure you are truly protected. Explore TraitWare’s passwordless security solutions now.