The good news is that data breaches appear to be declining in 2018, according to the Risk Based Security Q1 2018 Data Breach QuickView Report. The first three months of 2018 witnessed 686 breaches compared to 1,442 breaches in the same quarter in 2017.
The bad news is that numerous breach strategies still work, including malware, phishing, skimming, hacking, and inadvertent disclosure of information on the Internet. These attacks cost businesses a significant amount of money. The IBM-sponsored 2018 Cost of a Data Breach study conducted by Ponemon Institute found the global average cost of a data breach is up 6.4 percent over the year prior, now totaling $3.86 million. The average cost for each lost or stolen record containing sensitive data has increased by 4.8 percent to $148 per record.
These breaches continue because small business owners think that basic security measures like antivirus software are adequately protecting their network infrastructure. David Wagner, president and CEO of Zix, a leading provider of email encryption solutions for financial institutions and healthcare organizations, notes that many small businesses rely on existing legacy security tools. However, that strategy no longer works.
“That was effective when hackers were taking a one-size-fits-all approach and targeting the lowest-hanging fruit. Now, however, hackers are using sophisticated and persistent attacks to target specific data at specific companies.” This means companies now have to take further steps to improve their security.
Conduct Cybersecurity Training Programs
A first step is to undertake a multi-session security training program. These sessions can show staff why they might not want to open a URL or download an email attachment. After an initial training session on digital security, future sessions can provide updates about new threats and potential solutions.
For example, the U.S. Small Business Administration provides a free online course on cybersecurity. This is a good starting point for an overall look at what might happen if you don’t focus on digital security. Other cybersecurity training resources are offered by organizations like Wombat, which features a web-based security education platform that combines education with testing to ensure that what your team members learn becomes part of what they put into practice. Its digital training courses include such subjects as safer web browsing, social engineering, mobile device security, and email security.
Sometimes, it helps to have on-site training, which is what companies like Native Intelligence provide. This approach delivers hands-on learning, and the comprehensive training presentations can include your own security framework as a real-world example.
Implement Private, Dedicated Connectivity to a Public Cloud Provider
Another step is to use private, dedicated connectivity to a public cloud provider. Alissa Lovens, leader of Zayo Group’s global marketing strategy for its finance and professional services sector, suggests this step because it “reduces many of the performance and security concerns associated with public internet environments. Data transfer happens securely without exposure to service attacks and network hijackings.”
This approach enhances security for businesses that use mobile devices to handle certain tasks, such as an advisor at a financial services branch using a tablet to assist customers with their accounts. It also benefits small businesses by helping to avoid slow response times while lowering costs and increasing bandwidth.
Engage Cybersecurity Experts
Every small business needs powerful allies on its side. In this case, it’s security experts who work specifically on your network infrastructure. They understand human motivations and behaviors, and armed with that knowledge, they can use their past experiences to assess current and future risk.
By engaging digital security experts, you gain access to the latest security tools that you may not have heard about. In addition, if your team hasn’t undergone extensive training yet, cybersecurity experts can fill this skills gap, immediately protecting the company until your team is ready to take over.
As small businesses struggle to get to the next level of cybersecurity, it can be hard to know which security measures to use and which are not worth the investment. Security experts can determine the best ways to evolve the existing network infrastructure to minimize vulnerability.
Vigilance is Everything
There is no moment when a small business can say it has conquered cybersecurity challenges. It’s a never-ending quest to keep your customer and corporate data secure. As you read this, criminals are hard at work devising new strategies to get what they want. Therefore, you need to stay even more vigilant with your security strategy.