Are you worried that your company’s data might be at risk? With the seemingly endless succession of front-page stories about hacks and breaches, it’s an understandable fear. Even online giants like eBay, Adobe and Yahoo aren’t immune!
But navigating the complex world of cyber security isn’t easy.
In this short guide, I want to dispel the myth that you need to be an expert to protect your company. The majority of attacks (60% according to Symantec) are aimed at small to medium-sized business. So it’s vital that you’re aware.
- Risky employee practices
Information security starts with your employees. You could have the most secure cloud storage that money can buy, along with industry-leading antivirus software. But it doesn’t mean squat if those with access to your data are carefree.
The key lies in creating a culture of security. Training employees to use robust password-management tools like LastPass, creating strict protocols around the transfer of data (USBs belong in the bin) and carefully controlling user privileges are all good examples.
It’s also important to recognize that data protection extends beyond the obvious areas. While most would agree that sensitive customer data requires a high degree of security, would they say the same about employee records or company financial information? What about private online conversations via email and chat?
- Not investigating third-party providers
There are two key areas that SMEs need to be aware of in regards to third-party services: cloud storage and use of software-as-a-service (SaaS). Because both involve the storage of potentially sensitive data on servers that are not under your control, a proper vetting process is vital.
Some key questions you might want to ask:
- How will a provider use your data beyond simple storage? Big companies, like Google, often use your information for other purposes.
- What type of access (if any) will third-party integrations have to your own network?
- How robust and up-to-date is their security infrastructure in regards to things like antivirus software, backups and encryption?
- Do providers have any security certifications and compliance checks?
Don’t be afraid to drill providers for this information. Big players can often be a more prominent target for hackers, so it’s important that they implement the best of the best when it comes to security practices.
- Outsourcing without proper research
It’s neither practically feasible nor cost-effective to manage all aspects of cyber-security in-house. Outsourcing is a requirement. But it’s important to make sure that the providers you choose are best-suited to the needs of your business.
Pay particular attention to the following:
- Antivirus software – The recent WannaCry ransomware attack has shown that everybody, from FedEx to mom-and-pop’s pizzeria on the corner, are at risk. Opt for antivirus providers that have a track record of updating for emerging threats.
- VPNs (Virtual Private Networks) – Out-of-office working is becoming more prevalent. Virtual private networks allow remote employees to access company servers securely, thus diminishing the risk of data leaks.
- Collaboration software – When using third-party collaboration software, where large amounts of data will be generated and stored, look for key features like encryption, SCIM provisioning, and contingency plans for any data loss.
You shouldn’t have to worry about your company’s safety. A mixture of robust in-house procedures, along with carefully selected third-party providers, will provide you with a water-tight cyber-security infrastructure.
It’s also important to remember that more consumers are becoming privacy-savvy. By reassuring them that their data is secure, you’ll be providing a key competitive edge. Along with saving yourself any embarrassment!