Has your business had a cyber security breach in the last twelve months? If you’re a small or medium-sized company, there’s a 50 percent chance that the answer is yes.
October is National Cyber Security Awareness Month, a time dedicated to ensuring that everyone has the resources they need to stay safe and secure online. On the business side, the focus of the month is to teach organizations how to think about cyber security.
Cyber security isn’t just about staying compliant. According to the 2016 State of Small & Medium Business (SMB) Cybersecurity Report, companies are most concerned about loss or theft of their customers’ information and their intellectual property. Those are some pretty big fears, and their ones that proper cyber security can solve.
It’s not surprising that these are SMBs’ main concerns when it comes to cyber security. When data breaches happen to large companies, they have the resources to mitigate the problem, as expensive as it may be. For small and medium companies, it can be nearly impossible to recover—not just your finances, but your reputation.
You may think you have the right cyber defenses in place, but what’s really going on behind the scenes? Here are three big reasons you should care about cyber security for your business.
1. Your employees cause the most IT security problems.
Your employees are good people. You hired them, you vetted them, and you know them well. But good people sometimes make inadvertent mistakes. Though they rarely have malicious intent, employees are some of the most vulnerable intangible assets of company when it comes to cyber security.
The most prevalent attacks against SMBs are web-based attacks and phishing/social engineering.
Phishing scams are designed to trick people into providing valuable information. The most common type of phishing attack that a law firm might experience is an email scam. Employees receive emails that appear to be from legitimate sources, but the real purpose of these emails is to trick people into providing sensitive information.
Social engineering is a form of business attack that involves manipulating people to get them to break normal security procedures.
While negligent employees cause the most data breaches at companies, it’s often due to a lack of education and security policies. For example, strong passwords are an essential part of the security defense; however, 59 percent of SMBs have no visibility into employee password practices, such as the use of unique or strong passwords and sharing passwords with others.
Even worse, password policies are not strictly enforced at most companies. 65 percent of SMBs that have password policies say they do not strictly enforce them.
It’s not enough to put some firewalls and other online defense tactics in place and call it a day. When you have humans working for your company, the company is vulnerable to a cyber attack. Create a culture of cyber security and make it clear that everyone needs to stay alert.
2. Cloud computing and mobile devices are now the norm.
It’s not a novelty anymore; cloud computing and the remote workforce are here to stay. Despite the growing prevalence of cloud usage and mobile devices that access business-critical applications and IT infrastructure on a daily basis, only 18 percent of study respondents say their companies use cloud-based IT security services.
It’s pretty scary to think about. We all want to make our businesses more efficient and productive through innovative technology such as cloud computing. And yet very few businesses actually take the steps needed to secure their cloud-based and mobile applications.
As you work to keep your business environment relevant and efficient, cloud solutions and mobile devices will play a deeper and more significant role. Along with all of the fantastic benefits of moving to the cloud, you need to consider the role that cyber security will play in monitoring these new vulnerabilities.
3. Your budget isn’t big enough to gain traction with IT security.
Most companies do not devote enough budget, technology, and personnel to cyber security. In fact, in many organizations, it’s not even clear whose responsibility it is to determine IT security priorities.
Typically, the two functions most responsible for IT security decisions are CEOs and CIOs; however, 35 percent of study respondents say that no single function in their company determines IT security priorities.
The challenge of not having adequate resources may prevent companies from investigating the technologies needed to mitigate security risks. As a result, some companies engage managed service providers to support an average of 34 percent of their IT security operations.
Whether you decide to outsource your IT security functions to a third party or invest more budget, technology and human resources to cyber security, steps must be taken in every business to heighten the awareness of IT risks within the company.
Every business faces cyber security challenges, no matter their industry or size. Take steps to proactively protect your customers, employees and intellectual property—and by extension your business’s success.