The post 3 Digital Security Tips for Your Small Business appeared first on HostGator Blog . 3 Simple Tips to Keep Your SMB’s Digital Assets Secure While most news stations report only on the attacks and data breaches of large organizations, your small business is just as much at risk, if not more. In 2017, 61 percent of SMBs have experienced an attack and 54 percent have experienced a data breach, according to a report from Keeper Security . Your company may be small, but that’s what makes it more vulnerable. To an attacker, that means you’re less likely to have a solid security strategy in place, and even less likely to have a cybersecurity team monitoring your digital assets. Just because your business is small doesn’t mean you have to accept this potential security threat. Instead, protect yourself against an attack or breach with the right insurance, knowledge of what’s most vulnerable, and better employee security management. 1. Identify Vulnerable Assets Only 37 percent of small businesses feel very confident about the security of their digital asset storage. In such a remote and collaborative culture, assets need to be readily available to a large number of employees, if not most or all of them. This makes keeping them secure challenging. The good news is, not all assets should be of concern. An old press release or recent product photos aren’t likely a target for hacking or breach. The following assets are vulnerable to attack, however, and should be protected as such, according to Leonardo Cooper , CEO of VaultOne: Domain name registrar: You may not even consider your domain name as an asset, but it is, and it’s one of your most vulnerable. “Management should put access to the domain name credentials in a vault or safe place, and never discuss passwords or usernames via email with colleagues. Access should be limited to a select few team members whose role dictates they need access to the DNS, and passwords should be changed frequently following basic password safety rules ,” suggests Cooper. Backup systems: Cloud storage is extremely vulnerable, with some of the largest corporations worldwide experiencing breaches to data stored here. Your best method of protection for this is twofold: make a regular habit of backing up all assets in the cloud to an external hard drive and create an emergency plan, in case the worst happens. Secure your HostGator website with daily, automatic backups from CodeGuard . Third party payment services: While it may seem safer to use a third party payment processor, it’s hard to be sure what their security practices actually are. Don’t let your data, or that of your customers, fall into the wrong hands by using one simple technique: two factor authentication (2FA). This adds one extra layer of security by requiring another password, a specific code, or the use of an app like Google Authenticator, making it harder to hack. 2. Bolster Your Cyber Defense There are many ways to ensure you have a strong defense to protect your business in case of an attack. Here are two simple ways to bolster your current security measures. Cyber Liability: You insure your business to avoid expensive legal issues with employees or customers, but do you have insurance for cyber liabilities as well? Update your current insurance plan to protect your digital assets: “Some general business owner policies will include specific provisions protecting a business in the case of a cyber attack. Depending on your specific policy and business, you might need errors and omission insurance, which protects your company from liabilities arising from mistakes made by you or your employees, or even specific cyber security policies,” explains the guide, Cyber Liability: How to Protect Your Business . This added protection can likely be included with your current policy, making it easy to update quickly. Better Protection: If you don’t have a security team, your next best option is to work with a service provider who can monitor your domain and assets for breaches or vulnerabilities. Choosing a service provider can be confusing. Steve Bassi, CEO of PolySwarm , shares some suggestions for vetting products and teams: “Companies shouldn’t look at any one tool, rather how is the service provider protecting them with defense and response in depth. Put another way, how does the service provider plan to layer defenses and man them with experienced technical folk?” Don’t forget to ask the right questions, referring to specifics like automated monitoring and threat detection. Bassi continues, “A good provider here will provide tools that automate the detection of attackers on employee’s machines and across servers. Good examples of this are tools like Carbon black, which does something very simple: if it sees an application executed that has never been seen before in the enterprise it reports it. That’s one layer of defense but a good service provider should analyze any foreign applications and see if they look malicious.” Protect your website from malware and digital threats with SiteLock: 3. Address Your Biggest Threat: Employees Your greatest cybersecurity threat is not outside attackers, but the people working for you—or former employees. While in some cases their intent is not to harm the company, employees have access to a wide range of assets that can be breached or attacked due to lack of strong passwords or poor sharing and security management. In many cases, even former employees may still have access to these assets. In fact, the 2017/18 Kroll Annual Global Fraud and Risk Report found that 71 percent of businesses that reported a security incident cited insiders as the perpetrators. More importantly, they found that 39 percent of those perpetrators were junior employees and 37 percent were former employees. There are two ways to combat this in your small business: Create a culture of security, where all employees are empowered to be safe in their interactions, and requirements like 2FA for all employee logins are enforced. Follow a specific procedure when employees are fired or quit. Even when leaving on good terms, your assets are vulnerable if that employee can still access them. In general, it’s wise to create a culture of security within your small business, which encourages employees to take ownership of their security and that of the business. TechBeacon shares six great tips for making this happen with your team: Remind employees: security belongs to everyone. Focus on awareness. Create a secure development lifecycle. Reward employees that do the right thing for security. Create a security community. Make security fun and engaging. Get Serious About Digital Asset Security Cybersecurity is no joke for small businesses. With so many digital assets being created, used and shared, this is an important vulnerability to address. Luckily, there are a number of ways to protect your business from breach or attack, including working with a security consultant, creating a culture of security and identifying and protecting the assets that are most vulnerable. Learn more about securing your small business website with our free Website Security Checklist . Find the post on the HostGator Blog
-
Recent Posts
Recent Comments
Archives
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- March 2011
- November 2010
Categories
Meta