3 Simple Tips to Keep Your SMB’s Digital Assets Secure
While most news stations report only on the attacks and data breaches of large organizations, your small business is just as much at risk, if not more.
In 2017, 61 percent of SMBs have experienced an attack and 54 percent have experienced a data breach, according to a report from Keeper Security.
Your company may be small, but that’s what makes it more vulnerable. To an attacker, that means you’re less likely to have a solid security strategy in place, and even less likely to have a cybersecurity team monitoring your digital assets.
Just because your business is small doesn’t mean you have to accept this potential security threat. Instead, protect yourself against an attack or breach with the right insurance, knowledge of what’s most vulnerable, and better employee security management.
1. Identify Vulnerable Assets
Only 37 percent of small businesses feel very confident about the security of their digital asset storage. In such a remote and collaborative culture, assets need to be readily available to a large number of employees, if not most or all of them. This makes keeping them secure challenging.
The good news is, not all assets should be of concern. An old press release or recent product photos aren’t likely a target for hacking or breach.
The following assets are vulnerable to attack, however, and should be protected as such, according to Leonardo Cooper, CEO of VaultOne:
Domain name registrar: You may not even consider your domain name as an asset, but it is, and it’s one of your most vulnerable. 'Management should put access to the domain name credentials in a vault or safe place, and never discuss passwords or usernames via email with colleagues. Access should be limited to a select few team members whose role dictates they need access to the DNS, and passwords should be changed frequently following basic password safety rules,' suggests Cooper.
Backup systems: Cloud storage is extremely vulnerable, with some of the largest corporations worldwide experiencing breaches to data stored here. Your best method of protection for this is twofold: make a regular habit of backing up all assets in the cloud to an external hard drive and create an emergency plan, in case the worst happens.
Secure your HostGator website with daily, automatic backups from CodeGuard.
Third party payment services: While it may seem safer to use a third party payment processor, it’s hard to be sure what their security practices actually are. Don’t let your data, or that of your customers, fall into the wrong hands by using one simple technique: two factor authentication (2FA). This adds one extra layer of security by requiring another password, a specific code, or the use of an app like Google Authenticator, making it harder to hack.
2. Bolster Your Cyber Defense
There are many ways to ensure you have a strong defense to protect your business in case of an attack. Here are two simple ways to bolster your current security measures.
Cyber Liability: You insure your business to avoid expensive legal issues with employees or customers, but do you have insurance for cyber liabilities as well? Update your current insurance plan to protect your digital assets:
'Some general business owner policies will include specific provisions protecting a business in the case of a cyber attack. Depending on your specific policy and business, you might need errors and omission insurance, which protects your company from liabilities arising from mistakes made by you or your employees, or even specific cyber security policies,' explains the guide, Cyber Liability: How to Protect Your Business.
This added protection can likely be included with your current policy, making it easy to update quickly.
Better Protection: If you don’t have a security team, your next best option is to work with a service provider who can monitor your domain and assets for breaches or vulnerabilities. Choosing a service provider can be confusing. Steve Bassi, CEO of PolySwarm, shares some suggestions for vetting products and teams:
'Companies shouldn’t look at any one tool, rather how is the service provider protecting them with defense and response in depth. Put another way, how does the service provider plan to layer defenses and man them with experienced technical folk?'
Don’t forget to ask the right questions, referring to specifics like automated monitoring and threat detection. Bassi continues, 'A good provider here will provide tools that automate the detection of attackers on employee’s machines and across servers. Good examples of this are tools like Carbon black, which does something very simple: if it sees an application executed that has never been seen before in the enterprise it reports it. That’s one layer of defense but a good service provider should analyze any foreign applications and see if they look malicious.'
Protect your website from malware and digital threats with SiteLock:
3. Address Your Biggest Threat: Employees
Your greatest cybersecurity threat is not outside attackers, but the people working for you-or former employees. While in some cases their intent is not to harm the company, employees have access to a wide range of assets that can be breached or attacked due to lack of strong passwords or poor sharing and security management. In many cases, even former employees may still have access to these assets.
In fact, the 2017/18 Kroll Annual Global Fraud and Risk Report found that 71 percent of businesses that reported a security incident cited insiders as the perpetrators. More importantly, they found that 39 percent of those perpetrators were junior employees and 37 percent were former employees.
There are two ways to combat this in your small business:
- Create a culture of security, where all employees are empowered to be safe in their interactions, and requirements like 2FA for all employee logins are enforced.
- Follow a specific procedure when employees are fired or quit. Even when leaving on good terms, your assets are vulnerable if that employee can still access them.
In general, it’s wise to create a culture of security within your small business, which encourages employees to take ownership of their security and that of the business. TechBeacon shares six great tips for making this happen with your team:
- Remind employees: security belongs to everyone.
- Focus on awareness.
- Create a secure development lifecycle.
- Reward employees that do the right thing for security.
- Create a security community.
- Make security fun and engaging.
Get Serious About Digital Asset Security
Cybersecurity is no joke for small businesses. With so many digital assets being created, used and shared, this is an important vulnerability to address. Luckily, there are a number of ways to protect your business from breach or attack, including working with a security consultant, creating a culture of security and identifying and protecting the assets that are most vulnerable.
Learn more about securing your small business website with our free Website Security Checklist.
Jessica Thiefels has been writing and editing for more than 10 years and spent the last six years in marketing. She’s worked with a number of small businesses and security clients, and you can find her work on publications like Virgin, Forbes, and Manta.