Your sensitive client data is highly valuable on the dark web. Is your data security and management strong enough?
Personal identification information (PII) is a goldmine for bad actors. It’s critical that each company take appropriate measures to protect client data.
And yet, many small business owners still believe they are too small to be a target, despite annual cyber crime reports that consistently show the opposite.
Automated cyber attack tools scan for the most common weaknesses in servers, networks and cloud accounts - and then hone in. Taking the most basic steps like antivirus alone is not enough anymore.
This guide outlines the real threats and outlines tips for protecting sensitive client data for small business.
Need help with your cyber security?
Book a discovery call for options & an estimate.
Cyber Criminals Want The Data Your Small Business Holds
In email. In software. On your server. It's gold to bad actors.
The importance of protecting any proprietary data is obvious to most businesses. Yet many businesses still underestimate the value of protecting the confidential, sensitive data of prospective and existing clients.
Your business is a hub of information cybercriminals could use to steal funds or identities.
Simply consider the number of different accounts someone could access or open by confirming they are your client using that ill-gotten birthdate and address.
We each have a duty not to reveal client information without that person’s informed consent.
Depending on your niche, and who your clients are, that stolen data could also be used for blackmail purposes.
All of this increases your liability as a business owner. You need cyber security to protect yourself and your clients.
Hackers know small businesses spend less on cybersecurity, so they often make a better target than Fortune 500 enterprises.
Small businesses are attacked at an alarming rate.
In fact, 71% of data breaches logged in recent years happened at companies with less than 100 employees, and those with less than 10 employees were targeted more often.
Neglected IT systems are a common entry point for cyber threats to gain a foothold and worm their way in.
Some small businesses develop proprietary systems. Then, there are no updates after the IT staffer who set it up leaves the organization. Over time, a lack of updates leaves software bugs that can be exploited and allow a breach.
More commonly, small business use popular business applications such as Adobe and Microsoft 365 and Teams. However, they also are prone to delay or ignore upgrade and security patch notifications.
The end result is the same - software bugs that can be exploited and allow a breach. More and more, small business are getting wise to the benefits of IT automation.
Prevent A Disaster
An average breach at an SMB today costs over $120,000 and averages 19 days of total or partial downtime while you scramble to recover.
Share a distraction free version of this post with your team and take action to protect your business.
Hackers are highly motivated - and automated.
You might think of hooded individuals furiously typing away to break down firewalls. But it’s not even that hard.
Cybercrime gangs are using automation to scan millions of computers.
They buy ready made exploit kits on the dark web. The ROI on exploit kits is estimated to be over 1400%.
And this is just what amateur criminals can do.
They run these pre-purchased exploits. They automatically probe for vulnerable networks until they get a hit.
Then, they go to work dismantling your business.
Small businesses are at risk of cyberattack, because it is so easy.
Plus, the payoff - or payout - by you - can be huge.
You might think, “it’s one little breach, how bad could that be?”
The answer is pretty bad. Consider these consequences.
The average total down time and recovery of a breach in an SMB is now 19 days and an average of $120,000 in recovery costs.
Losing significant revenue is a common in a security breach. Consider your lost revenue over a 19 day span of total or partial downtime.
Recent ransomware demands in Toronto and Durham Region were as high as $25,000 and $50,000 for a single small business server.
Reporting requirements are becoming more regulated.
You don't want to have to explain to the community, the media, or to your customers that your business and their data was compromised.
Recovery & Hidden Costs
The loss of revenue will be a hit.
On top of that, the IT service bill to recover will be significant.
In addition, you could also be looking at costs such as regulatory fines, legal fees, and more; or your business may have to pay higher insurance rates or invest more in marketing to combat the bad press or lost trust with your client base.
Below are some basic steps to start with right away.
A full cyber security solution will require more than these basics. Cyber security management involves multiple layers of security checks and balances, failovers, automation of threat scanning, detection and remediation, manual review of all threat alerts, continual monitoring and adjustment of systems, and a deep level of knowledge and experience.
Speak to an IT consultant to plan changes in the coming months.
Keep software up to date
Software and computer updates often include new code to address known security threats. Don't ignore the prompts on your computer to update now. If you can’t update, take the device offline.
Increase network security
Firewalls, antivirus software, and intrusion prevention systems should address every network layer.
Encrypt any stored or shared electronic files and documents, both at rest and while in transit.
If you do not have these technologies in place, you would fail a compliance audit.
Plan for improvements right away.
Increase cloud security
If you do not use a local server and are 100% cloud based, you will need Identity Access Management and Device Management solutions.
Without these in place, you would fail a compliance audit.
Limit access to data (use zero trust security prinicples)
Not everyone in your business has the same needs for data access.
Limit information access to an as-needed basis. Determine roles and responsibilities and information needed. Assign appropriate access privileges based on roles.
Revoke admin access on all computers to greatly reduce accidental malware infections.
Everyone working at your business needs to understand the value of your client data.
You can’t expect someone to effectively avoid phishing scams and other social engineering tactics if they don’t understand the danger.
According to a new report by RSA, a Dell Technologies subsidiary, Canada was the most frequently targeted country for phishing attacks during the first quarter of 2020.
Of global phishing attacks recorded during the quarter, 66% were targeted at Canadians.
Use 2 factor authentication
Every email account, and ideally, every cloud account that has this security feature available, should have it enabled.
Multi factor authentication drastically reduces risk of account breaches.
Enforce password security
Consider a password manager for your team, such as BitWarden.
Use the strong password generator in BitWarden or another tool to create passwords 12 characters or longer, made of up random characters.
Never write down passwords. Never store passwords in email.
Learn more about password security for small business.
Block high risk websites from company computers
Use content filtering tools to block high risk websites that aim to download malware to users computers.
Require employees to report lost and stolen devices if those devices ever logged in to a work account.
In fact, to pass any type of IT security audit or compliance check, you would need to have powerful BYOD policies in place.
You should control every device that touches your company data.
Have An Acceptable Use Policy For Employees
Put policies in place for sharing, storing, and disposing of client data.
Have staff sign acceptable use policies so they better understand their role and responsibility in data security.
Humans are often the weakest link in an IT security posture. It's important to share and re-iterate acceptable use and common risks with all staff, both at the time of hiring, and via quareterly or annual team meetings.
Outsource IT To A Managed Services Provider
Cyber threats have exploded in recent years, and the risks keep increasing.
Protecting your business and meeting compliance requirements requires in depth knowledge and continuous monitoring.
A Managed Services Provider will become your outsourced IT department.
They will help you close all security gaps, be compliance ready, and then take over the day to day monitoring and management of all systems for you.
With better security and help desk support services for your staff, your business will be better equipped to navigate the every changing technology landscape.
Next Steps: Learn more about how TUCU Managed IT Services Inc can help you remediate your IT security gaps and defend your business from cyber attacks.
We help you protect everything you have worked so hard to build.