There have been a number of recent data breaches in 2020 which should be of enormous concern to businesses.
Just this year, we’ve seen a dramatic rise in attacks, mostly driven by hackers looking to take advantage of weakened security measures as a result of remote work.
Aside from the growing familiarity of data breaches which have affected some of the biggest corporations around, there is growing anxiety among small business owners about the how they could fall victim in the near future.
Unfortunately, in today’s cybersecurity market, many SMBs are poorly equipped to deal with cyber threats and find themselves at risk of being breached.
IT decision makers are virtually unanimous in believing that their organizations are susceptible to external attacks, and 71% of these decision makers say they don’t have the cybersecurity infrastructure to prepare for an attack.
With the combined costs of falling foul of regulations, losing the confidence of customers, and (most importantly) losing sensitive data, SMBs simply cannot afford costly cyberattacks on their business.
Here’s six lessons we’ve learned from recent data breaches that you can use to protect your business:
1. Take the Lead From the Top
Some of the more high-profile breaches in recent years have helped to bring the issue of cybersecurity to light for executives.
The Equifax breach towards the end of 2017, for example, was responsible for compromising the personal information of nearly 150 million people and has made been making headlines ever since.
2018 saw a record number of personal records exposed in data breaches—incidents increased by 126%.
As the threat of cyberattacks grows and occurrences increase, top decision makers have to—and more commonly are—become more involved with cybersecurity, implementing practices from the top down.
This is a trend that has progressed in 2019, with 54% of executives and 39% of directors knowledgeable and engaged in the planning responses for data breaches.
This is a trend that should continue; having the involvement of C-suite executives is crucial. As with many technology implementations, it must have buy-in from the top-down to show that the organization is serious about data protection.
2. Train Your Workforce
Mistakes happen, it’s inevitable and cannot be avoided. However, mitigating the probability of human error is an absolute necessity and the cornerstone of any thorough cybersecurity plan.
It’s one of the reasons we at Impact Networking provide security awareness training as a core part of our cybersecurity protection to ensure that workers are more aware and more informed about how should be handling important data sets.
47% of data breaches are caused by employee negligence like accidental loss of a device or misplacing a document online. With cyberattacks costing businesses an average of $5 million, this is an area in which all SMBs should look to improve.
Improving awareness of cybersecurity will mean addressing common bad habits regarding tech use, ensuring that remote work is conducted safely, and improving the culture of the workplace to embrace ‘digital hygiene’.
Of organizations that implemented cyber training methods, 79% of them avoided a breach; compared to 69% of those that didn’t.
3. Manage Your IoT Devices
The Internet of Things market has seen explosive growth over the last two years. The market was worth $235 billion in 2017 and is predicted to be worth $520 billion by 2021.
As with virtually any form of new technology, cybersecurity has to play catch-up, and the increased use of connected devices in the workplace is no different.
Nearly half of all SMBs have experienced at least one IoT data breach.
This is primarily because of distinct lack of security plans which comprehensively cover all devices in a network. With 9 out of 10 employees bringing their own technology into the workplace, this liability is a major consideration to address.
For this reason, ensuring that your business’ security is enforced at the network-level is fundamental. The huge amount of IoT devices that exist in a work environment make it impossible to implement security at the device level.
The benefits of cloud security become clearer here. With so many new devices accessing and collecting the vast amounts of data now stored on cloud systems, having a comprehensive program for cloud security is essential for protecting your client data and organization data.
In practice, this will mean having a platform that allows the management of network devices through a single device, provisions devices, pushing software updates, and even wiping them if they’re lost.
Related Post: What Makes a Good Mobile Device Management System
4. Have a Disaster Recovery Plan
This is an absolute must for any small business. The longer a breach’s lifecycle, the more it costs and the more damage it does to the organization.
The average time it takes for a company to identify and contain a data breach in their system is 279 days—that’s over nine months.
Having a disaster recovery and business continuity plan in place to deal with attacks quickly and effectively should be right at the top of your cybersecurity agenda.
This means having access to a secure source of any and all affected data. Solutions should include:
- Image backups of the entire OS; including all applications, configurations, and data
- The ability to completely restore everything exactly as it was prior to the breach
- Restored servers up and running in a predetermined amount of time after a breach
All of this can be done in 2020 by using the cloud. Data centers have become far more secure than they once were, and a quality cloud backup can guarantee virtually no downtime for a business.
For more information, read our blog post about data center tiers for keeping your data safe.
5. Understand That Cybersecurity Is an Ongoing Process
A disaster recovery and business continuity plan that monitors your organization on a continuous basis is one of the best proactive steps you can take to maintaining your cyber integrity.
Another is ensuring that your business is regularly assessed to test its capabilities against attacks. This can be done with penetration testing, where specialist tools are used to simulate real-world attacks to actively and safely breach systems and recognize weaknesses.
An assessment can then be made on the vulnerability of a business network and a determination can be made on how to improve existing functions and implement new ones.
At Impact, we recommend semi-regular penetration testing, in addition to updated security policy and compliance checks, often on a quarterly basis.
The landscape of cybersecurity changes constantly. New technical and system vulnerabilities are found every day.
This is particularly pertinent to the large numbers of SMBs undergoing some kind of digital transformation—the implementations and changes to business processes and workflow systems are a ripe environment for cyberattacks.
For these reasons we recommend that decision makers view cybersecurity as an ongoing process for the future and not as a one-and-done installation process.
6. Invest In Your Cybersecurity
There is more investment in cybersecurity than ever before.
The cybersecurity market was worth $3.5 billion in 2004. This year the market is worth an estimated $124 billion.
The reason for this enormous growth is that SMB decision makers are becoming more aware of the need to invest in a cybersecurity strategy that protects their organization.
While there are cases where SMBs are not investing in the IT solutions they need, the majority understand that investment is a necessity for a modern, forward-looking business.
When decision makers find that the results of their investments are unsatisfying, it is often the result of acquiring the wrong solutions or services.
This is where an MSSP can step in and provide an extensive assessment which analyzes processes, discovers pain points, and determines the necessary solutions for comprehensive cybersecurity implementation.
For business leaders, cybersecurity is one of the most pressing issues facing their companies today. Impact’s program provides vital cybersecurity protection for clients, keeping their minds at ease in the knowledge that their IT infrastructure is being monitored and maintained by our cybersecurity experts. Learn more about Impact’s offerings here.