Maintaining online security is one of the very biggest challenges faced by any small business today. Whilst in an emergency the mega corporations can afford to spend millions or even billions of dollars overhauling their systems, that route is not available to the start-up still operating on a shoestring. For many, there is no realistic option other than getting it right the first time. Failure to do so can quite literally mean wipeout.
Cyber criminals target small businesses for a number of reasons but possibly the biggest amongst them is intelligence gathering, achieved by the straightforward theft of data. A 2017 report by the Ponemon Institute found that 419 small companies monitored by its research had lost a total of $3.62 million between them due to cyber theft. The Federal Communications Commission has recommended to small businesses that they train their employees as a matter of course in all aspects of cyber security.
Tools for Combating Cyber Criminality in Small and Medium Enterprises
Experts advise small firms to include tools to counter cyber criminality as an integral feature of their overall business toolkits. Part of this process has involved the introduction of more sophisticated authentication systems to protect commercially vital incoming payments. Click here to see a great example of such a tool which is possibly the best of several now on the market. Biometric and app-based systems, integration with digital wallets and reduced reliance on customer participation all point us towards a future in which these welcome additional security features become an accepted norm.
Passwords and Software Updates
Keeping security programs which are integrated into computerized systems up to date is also an absolute must for small firms, irrespective of whether they are diverse enough to have their own in-house security provisions or whether the work is done by other employees as part of their training regime. Passwords need to be professionally managed rather than allowed to operate on ad hoc basis or through random and unco-ordinated action by separate employees. Software updates and patches should be routinely introduced as and when they become available to prevent viruses or malware from entering the system through outdated apps. Where possible Virtual Private Networks (VPNs) should be introduced to encrypt data entering and leaving all devices.
Systems to Ensure Individual Responsibility
One simple yet effective way to minimize the risk of major incidents or even deliberate internal sabotage is to control individual access to computer systems and specifically to features within those systems. Operate on a “need to use” basis in which separate batches of information are only made available to those who need that information for their work, and think of every employee departing the company as a potential hacker when changing passwords. Create a separate account for each employee so that malicious or careless activity can be more easily tracked down to the responsible individual. And always be sure only to grant additional access privileges to trusted members of staff and then only if and when they absolutely need them.