8 Essential Security Strategies for SMBs in 2015
In the past year a bevy of big-time companies like Sony (NYSE:SNE), Target (NYSE:TGT) and Home Depot (NYSE:HD) were hit with data breaches. Amid the chaos, it might be easy to overlook the fact small businesses are just as vulnerable if not more so than their large-cap counterparts.
Larger companies typically have stronger security measures in place to ward off intruders, but independent businesses often can’t afford these expensive protections. Either way, small businesses still have access to a vast trove of client information, which makes them ripe for hacks.
In fact, Hartford Steam Boiler (HSB) recently found more than half of all small- and mid-sized enterprises have been hacked at some point, and 72% of those affected by breaches were unable to restore the stolen data.
Fred Touchette, senior security analyst at AppRiver, which specializes in SMB security, has pinpointed eight essential strategies small businesses should implement to strengthen their data defenses.
1. Always Run Anti-Virus and Firewalls
“Firewalls are important as they typically act as the first line of defense against network attacks, while anti-virus solutions serve as a strong last line of defense,” Touchette says.
2. Update All Devices with the Latest Patches
“Attackers and researchers continually find vulnerabilities in software, and a patch, or hot fix, is designed to correct those security flaws,” Touchette explains. “And if unpatched software is left on a device, it makes it easier for an attacker to leverage them. The same rule applies to all software.”
3. Always Use Complex Passwords and Mix It Up
“Make sure your password is lengthy and has a healthy mix of symbols, characters, lowercase and uppercase letters,” he says, adding that using the same password across multiple sites and devices gives the attacker “immediate access” to everything. Therefore, “by utilizing different passwords for every account, the user is limiting the effectiveness of an attack to a single compromise.”
4. Protect Your Personal Information
“Remember, do not advertise sensitive information online,” Touchette warns. “Tighten your security settings on social media” by limiting the personal information (birth dates, addresses) you provide. “This information can be used to fuel custom attacks or [help decode] account security questions,” he says.
5. Be Mindful of Your Digital Foot Print
And be careful what you post online. Touchette says it’s best not to “post anything online that you wouldn’t want everyone in the world to see. Really.”
6. Only Visit Trusted Sites
“There are roughly 252 million registered domains and a large portion of those domains are malicious. Some are quite obvious while other, legitimate sites can be compromised to host malware within its pages,” he says. Sticking to well-known, established sites, the security expert adds, increases “the odds of staying safe online.”
7. Think Twice Before Opening Attachments
“This is a very, very common method for attackers to use -- delivering malware straight to your inbox, which is both convenient and highly effective,” Touchette explains. “Do not click on an unsolicited link or open an attachment unless you know it is reputable.”
8. Review Financial Accounts Regularly for Suspicious Activity
“By monitoring accounts on a regular basis, you raise your chances of catching an attack before it causes too much damage … and possibly even catch the attacker,” he says.