Small and midsize businesses (SMBs) have become a common target of cybercriminals, mainly because of their lack of resources and limited IT budgets. In fact, the Verizon 2019 Data Breach Investigations Report (DBIR) found that 43 percent of security breaches affect small businesses — that’s a pretty big number.
According to the 2019 Kaseya State of IT Operations Report for SMBs, 32 percent of the participants have experienced a security breach in the past five years and 10 percent of respondents experienced a security breach in the past year. And about 57 percent of the participants said ‘improving security’ is the topmost priority. Security is top of mind for most businesses these days as cyberattacks increase in frequency and sophistication.
In our earlier post, we presented Top 5 Ways to Improve the Security of Your Business. Today we bring you five more ways to maximize the IT security of your company.
5 More Ways to Improve the IT Security of Your Business
1. Educate your Employees
GetApp reports that 43 percent of employees do not get regular cybersecurity training, while eight percent have never received any training at all.
It’s critically important for organizations to develop security awareness programs that educate employees on phishing scams, ways to avoid unintentional downloads of malware, and the security policies of the company.
It’s necessary for employees to have an appropriate level of awareness regarding IT security and to understand their individual responsibilities when it comes to securing the infrastructure of the organization. Many cases of security breaches that involve “internal actors” are the result of negligent behavior on the part of employees, not malicious activity. Taking another stat from the Verizon 2019 DBIR, 15 percent of breaches were the result of “misuse by authorized users.”
2. Monitor Your Exposure on the Dark Web
The so called Dark Web is a hidden part of the Internet where stolen business and personal data is sold and purchased by cybercriminals. Dark web monitoring searches the dark web for indications that an organization’s data, including login credentials, has been compromised. In 2019, hundreds of millions of records are known to have been sold on the dark web.
The impact of a data breach can be devastating to an SMB. Companies can take a big hit to their reputation, incur heavy non-compliance costs, and might even have to shut their doors permanently. The average cost of a breach globally is nearly $4 million according to the Ponemon 2019 Cost of Data Breach report. For smaller organizations (500 to 1000 employees), the cost is $2.65 million, on average.
Organizations should look for a dark web monitoring solution that proactively identifies, analyzes and monitors compromised employee and customer data.
3. Create a layered defense
Some small companies still lack basic IT security defenses such as setting up a firewall with URL filtering and malicious site blocking, DNS filtering, network segmentation, and deployment of security clients (anti-virus and anti-malware) to all of their endpoints. Make sure your organization is covering all of the basics to improve its security posture.
4. Practice your incident response plan
Cyberattacks cannot be completely avoided. Despite your best efforts, there may come a time when your company falls prey to an attack. And when that happens, it’s important for IT professionals to handle the situation as quickly and efficiently as possible. Drawing an incident response plan enables employees to strategically evaluate the aspects of the business that could be at risk and mitigate damage after a breach.
Another scary statistic from the Ponemon 2019 Cost of Data Breach Report is that the average lifecycle of a breach is 279 days. This is the time from when the breach occurs to when it is fully contained. Many breaches go undetected for long periods of time. And, the longer the breach lifecycle, the higher the cost to your business.
5.Outsource your security operations to a Managed Service Provider
If you are dealing with a complex IT environment and don’t have the budget to hire expert cybersecurity professionals, outsourcing security to a managed service provider (MSP) can be a good option. A good MSP is dedicated to building a partnership with its clients, constantly monitoring the client’s network for a monthly fee. MSPs do everything from managing the security of networks and running the helpdesk, to the installation of software and the backup of systems and files. Specific to security operations, they monitor your network, manage security alerts and proactively prevent breaches.
To learn more, register for our webinar, being presented in conjunction with Bitdefender — Top 6 Ways to Improve IT Security for Your Business.