The Blog

3 Easy Cyber Security Precautions Your Small Business Should Take Today

Until now, small business owners and managers have felt safe because they weren't large enough to draw the attention of attackers. But, in what seems like the blink of an eye, all that has changed.
This post was published on the now-closed HuffPost Contributor platform. Contributors control their own work and posted freely to our site. If you need to flag this entry as abusive, send us an email.

For years, small businesses have avoided dealing with Cyber Security. They have thought of it as a problem for big retailers, big financial institutions, and big government. Until now, small business owners and managers have felt safe because they weren't large enough to draw the attention of attackers.

But, in what seems like the blink of an eye, all that has changed. Recent statistics indicate that 77% of breaches occur in companies of less than 1000 employees. And, of those, 93% have less than 100 employees. The frequency and success of attacks on smaller organizations is expected to continue to increase.

The reasons are twofold:
• The lack of vigilance by small businesses has led to an attacker's paradise of easy access with worthwhile payoffs.
• Cyber Security tends to be a complex issue that leaves small business people overwhelmed with options and uncertain about what to do.

3 Precautions Your Small Business Should Take Today

Cyber security doesn't have to be complicated. There are three important steps that every small business can take, which are vital to shielding your company from the majority of Cyber attacks.

1. Start End User Security Training - Routinely remind your employees to make common sense choices.

It happens to all of us; we get complacent, busy, or just plain lazy and leave ourselves open to becoming the next victim. Attackers don't always use intricate computer algorithms to take advantage of us, they simply pretend to be somebody or something we can trust. A small amount of the right information can be used by an attacker to gain our confidence. They are modern day conmen who obtain the data they need and use it to convince us to believe them.

Regular training reminds us to pay attention and to think before we act. It better prepares us to recognize attempts to gain confidential information through email, phone solicitation, or even in person. There are a number of free programs available including an excellent online tool through the Department of Defense. It's an easy, inexpensive strategy that every small business should use to raise awareness among their employees.

2. Evaluate Physical Security - Routinely check that your surroundings are secure.

Physical security entails everything from sufficient exterior lighting to the placement of computers and servers within your facility. Theft is most often a crime of opportunity. Have a site survey completed by a security professional. They'll view your interior layout as well as find easy points of entry from outside your office. It's important to occasionally look at your business through the eyes of someone else.

3. Maintain Controls on your Environment - Routinely run patches, updates, and more.

According to the Defence Signal Directorate (DSD), which is the intelligence agency in the Australian Government Department of Defence, "At least 85% of the intrusions that DSD responded to in 2011 involved adversaries using unsophisticated techniques that would have been mitigated by implementing the top four mitigation strategies as a package."

These Top 4 Strategies are:
1. Application Whitelisting - this technique only allows approved applications to run on your system. Traditional antivirus software attempts to detect and prevent malicious programs from running. Whitelisting blocks them by only allowing approved programs to execute.
2. Application Patching - as vulnerabilities are detected software vendors release patches to close them and protect your system from intrusion. However, they only work if you routinely install them.
3. Operating System Updating - it is imperative that your network computers are running on the latest version of the Operating System. It's necessary to ensure that security gaps that attackers will exploit are closed.
4. Administrative Privilege Control - use the built in security features of your network and the applications running on it. Only allow administrative privileges to those resources in your company that understand the security implications and truly need the total access administrative rights allow.

Covering the basics doesn't have to be complicated or expensive. Take a few moments today to talk to your IT service provider about how to get started implementing these practical steps toward Cyber Security in your company.

This blogger graduated from Goldman Sach's 10,000 Small Businesses program. The Goldman Sachs Foundation is a partner of the What Is Working: Small Businesses section.