By now, many of you know National Cyber Security Awareness Month 2018 is well underway.
At CenturyLink, we’re proud to do our part to promote awareness of online safety and privacy – and one of the key themes for this month is especially near and dear to my heart: how to ensure online safety at work.
Security for small to medium-sized businesses is no easy task, so I want to share a few tips for how you can keep your customers and your employees safe online
1. Remember: Every size business can be a target.
Many businesses think they are too small to be attacked. But, we know, according to the National Cyber Security Alliance (NSCA), about half of all cyber-attacks target SMBs because bad actors think they are easier to compromise.
In fact, bad actors often specifically target small credit card processors, for example, because they can be easier to compromise than larger organizations. Some of the notable breaches we’ve seen in recent years have originated within small businesses that were part of the supply chain for other businesses, including HVAC systems and accounting software providers, among others.
With 668 data breaches in the first half of 2018, alone, we know that cyber criminals are taking every opportunity they can, so recognizing the vulnerability is a key first step in protecting any business.
2. Know (and protect) your data.
The second tip is to know and protect your sensitive data. Many businesses don’t know what they have when it comes to sensitive data, where it is stored or transferred. It’s important to know: sensitive data is more than credit card numbers and healthcare information. We’ve seen breaches targeting everything from intellectual property to litigation strategies and payroll data.
Once you understand the value of your data, you can evaluate your business applications for risk and vulnerabilities, as well as implement a regular, disciplined back-up schedule to protect your operations against attacks. If your files are backed up, malware like ransomware, when hackers steal your data and hold it for ransom, have much less power to impact your business.
3. Get with the program. (A cybersecurity program)
Finally, setting up a security program is vital. A successful security program is a combination of people, processes and technology. A good place to start is outlining a governance framework: a set of standards, guidelines and best practices to manage your cybersecurity-related risk. The National Institute for Standards and Technology (NIST) has a wealth of resources to assist. There are many options to choose from; select a system that works for your company.
Next, you’ll need to train your employees regularly, because, as we know, humans can be your weakest link or your biggest asset in identifying phishing attacks, which still account for 90 percent of all cyberattacks according to PhishMe.
Only once you have a proper framework in place should you turn to technology. If you understand your most valuable assets, you can take the right steps and invest in the right technology to protect them.
Another option for small businesses who may lack in-house expertise is to take advantage of managed security services. By tapping into a provider with a wealth of experience and a full staff of cybersecurity professionals, you and your staff can focus on your core business.
Bonus: Collaborate with your internet service provider (ISP).
It should go without saying that businesses should collaborate with their ISPs. Providers like CenturyLink can provide guidance on the characteristics of a particular exploit or attack, and work with you to protect your business operations.
As a Champion of National Cyber Security Awareness Month, we at CenturyLink are proud to help businesses stay safer and more secure online.
To learn more about how you can promote online safety at work, follow the conversation online at #CyberAware and visit these sites: