If you think that your business firm is too small to be a lucrative target for the cyber criminals, you’re mistaken! The 2014 Data Breach Investigations Study showed that 977 data breaches occurred among which 75% occurred in small business firms with less than 100 employees. The same report also says that such cyberattacks are increasing in record levels. An eminent person has reported that what you advertise about the clients with whom you work, has an important impact on the possibility of an attack. In the course of conducting your business, you have to ensure tight security of all data so as to avoid being a victim of such data breaches. Check out some overlooked tips.
- Don’t overly rely on technology.
With security vendors all touting their software or hardware as the one missing link in cybersecurity, it’s best to remember that technology is simply a tool. Most data breaches are not due to a lack of technology, but rather human error. Michael Baker, Principle at Mosaic451, a bespoke cyber security services provider and consultancy, warns organizations not to fall into the trap of thinking technology is “magic”, but rather ensuring that the professionals tasked to oversee Security Operations Centers (SOCs) are of the highest caliber.
- Keep abreast of trends and their security implications.
Often times, new regulations or compliance measures open up entire new frontiers of security risks that were unforeseen. Case in point is the mandate that all US retailers move to accepting EMV cards at the point of sale. While this may secure financial transactions in stores, the consequence is that fraudsters are moving their activities to online CNP (Card Not Present) transactions that are easier pickings. Online fraud charges add up to billions of dollars each year, losing retailers $ 3.08 for every dollar of fraud they incurred in 2014. Srii Srinivasan, CEO of Chargeback Gurus, warns all online retailers to be prepared for a surge in fraud, and to take proactive measures such as activating AVS (Address Verification Service) in payment gateways and build a chargeback customer database, among other steps.
- Conduct internal simulations of attacks.
War games are effective means to simulate crises in both the military and business. When it comes to cybersecurity, businesses need to start attacking their own network to identify where the vulnerabilities are. Solutions like LUCY, for instance, allow companies to launch their own simulated realistic phishing campaigns. A study conducted by IDC and the National University of Singapore found the cost of data breaches and malware to be $ 491 billion in 2014, a staggering figure. Phishing, malware and “drive-by” attacks could be reduced by more frequent simulated attacks.
- Remember to close the loop.
The primary focus has been on prevention, but equally important is closing the loop when a security breach does occur. Security alerts, alarms and incident reporting for quick, automated resolution is just as important to ensure that a breach is resolved and future breaches are minimized. Cody Cornell, CEO of Swimlane, says that the security industry needs to move beyond detection and start focusing more on automated incident response. Speed is of the essence during a crisis, where hours and minutes matter.
- Don’t just protect the perimeter, encrypt the data as well.
Most security configurations are vulnerable to malicious actors who have penetrated the perimeter defense, leaving all the data exposed. New technology like MicroTokenization looks to secure the actual bytes of the data, using tried and true tokenization technology that has been in place for decades to transmit credit card information. Even data transmission such as email or fax is overlooked as a security risk. Data-in-motion and data-at-rest both require attention, says . Newer encryption methods hold promise in both areas.
The message of this post is not to scare and fret the entrepreneurs about how serious a cyberattack can be and how they should take action. Rather it is to put stress on the fact that while business firms can do much about avoiding the breaches, they can at least prepare themselves for the worst kind of attack.Business & Finance Articles on Business 2 Community