I recently hosted a live Q&A session focused on small-business security, courtesy of CenturyLink Business. For a lot of businesses, of all sizes, security can be an overwhelming topic, and it can sound like there’s a long laundry list of things to do. I wanted to make sure everyone felt like it was possible for SMBs to be just as secure as their larger-business counterparts. Throughout the Q&A, I received a lot of questions, most of which focused on four main areas:
- Why do hackers attack small and mid-sized businesses (SMBs)?
- What are some of the most common cyber attacks and what can I do about them?
- How can I tell I’ve been hacked and what can I do about it?
- What should be included in a formal cybersecurity plan?
To watch a full recording of the event check out: http://www.centurylinkbrightideas.com/centurylink-business-cybersecurity-facebook-live-event/
A couple of additional questions came up that are important to address when it comes to protecting your business.
Is Your Data Safe?
Today, SMBs face more options than ever when it comes to choosing where to store data and host business services. With the countless number of on-premises solutions and cloud providers, it can be daunting choosing how to balance functionality and security.
One of the first considerations is determining what type of data you have and where it’s located. Cybercriminals tend to be most interested in personal and financial data, as it leads them directly to a profit via fraud.
The next pressing factor is deciding whether your data is safer in your office or in a cloud service. As a security practitioner, it can be nerve-wracking to use a cloud service. Having an outsider looking after your data raises questions about where your data resides, if skilled people are taking care of it and how you will be notified if there is a breach.
The truth is that the security standards of cloud service providers can range from excellent to rather poor. In my experience, there are several cloud providers that offer much greater security technology and skilled security staffs than any SMB could afford. Additionally, some cloud services are simply safer places for SMBs to store data. Using a cloud service to host documents, files and backups can be superior to on-premises solutions. For example, if you are using a business-grade service to store your files in the cloud, they tend to default to strong encryption, use a substantial security team to monitor for malpractice and make backups with versioning, which allows files to exist in several versions at the same time. In this case, if a SMB with this service solution is impacted by ransomware, they could click a few buttons and restore the majority of their data. That is not to say that on-premises solutions cannot achieve the same results through certain configuration, but doing so would require resources that many SMBs cannot afford.
Unfortunately, all cloud providers aren’t created equally. Even large enterprises with significant security resources struggle with deciding whether a given cloud provider is secure. It’s important to watch out for key warning signs when evaluating the level of security.
Should You Trust a Cloud Provider?
Many people ask me, “What should my cloud security policy be?” However, given the variability in cloud services, the real question should be, “Is provider X secure and what should my policy for that service be?”
Seeking consensus from other users is a valuable way to assess a service, but there are key indicators that identify if a provider takes security seriously. Make sure to ask a potential provider:
- How will my data be backed up? How quickly can you restore it if a service failure occurs?
- How am I notified in the event of a breach or an attack? What time frames and processes will be used?
- Which regulations do you comply with? Do you comply with the local regulations and laws that apply to my business?
- What security standards are followed to protect my data?
- Can I do security testing to validate that the service is secure? (You may not actually want to do this, but the service’s willingness to let you do testing can indicate its level of confidence.)
There are a variety of valid answers to these questions, but directly asking them to a potential provider, or even looking online for published answers, will help build your confidence in that provider. While most SMBs don’t have the resources to run their own security assessment, asking a few questions and making a risk assessment is a very valuable process. I’ve vetted many service providers and quickly found that they do not comply with the recommended security expectations.
Protecting your business’ data is key to your overall success. Investing in a cloud provider for added security is a major factor to consider. Before making the decision, I hope you now realize the significance of thoroughly evaluating the policies and practices of your potential provider. Your investment fundamentally comes down to trust and your chances are much higher with a provider that has a reliable security plan.