Important Steps to Boost Your Business Cybersecurity

Hackers have set their sights on small businesses because they often have weaker cybersecurity and can unknowingly serve as entry points to much larger corporations that they may have as customers. In fact, a staggering 71 percent of cyberattacks occur at organizations with fewer than 100 employees, according to the Small Business Committee.

At the same time, it’s challenging for a small business to keep up with the wide range of potential cyberattacks. Small businesses often don’t know they have become vulnerable to attackers until it’s too late.

To help you navigate this cyberterrain, Business News Daily compiled the top tips and best practices from the pros on how to keep your business from falling prey to cybercrime.

Research has shown that unmanaged administrator privileges are some of the biggest IT security threats to an organization. Yet many small businesses still don’t take the time to set up the proper access limitations for nonadmin employees, especially when those workers are using their own devices. [Cybersecurity: A Small Business Guide]

“Security policies and mechanisms must be put in place for company data access from personal devices,” said P.J. Gupta, a mobile security expert and the founder and CEO of iPlum. “Tight control on who has the privileges to run which enterprise apps from which devices helps minimize the risk of data loss or corruption.”

Gupta recommended enforcing time-window and location-based fencing for controlling access to sensitive information.

Security needs to be an ongoing process and not just a single event, said Marc Malizia, chief technology officer for the managed cloud solutions provider RKON Technologies. The best security consists of a layered approach, he said.

To secure your operating systems, you should perform ongoing tests for vulnerabilities and penetration by hackers, Malizia advised. He also recommended installing specialized security software to look out for abnormal web traffic, block attempted logins from out-of-the-ordinary locations or unknown devices, and authenticate your online activities in real time by correlating behavioral analysis, device profiling and data feeds from fraud networks. Finally, businesses should layer in application firewalls in front of external-facing web servers to further block malicious traffic, Malizia said.

In the past several years, cyberinsurance policies have become an increasingly popular option for small businesses looking to protect credit card information, customer names and addresses, and other sensitive data stored in online systems. Cyberrisks aren’t typically covered under general liability insurance, so it’s important to find out which types of coverage are available.

“Cyberinsurance is not a one-size-fits-all product,” said Tim Francis, enterprise cyber lead at Travelers, a provider of cyberinsurance. “It’s hard to identify what a ‘small’ business is when it comes to the world of cyber. Traditional measures, like revenue and number of employees, aren’t good indicators of how much [risk] a company has in terms of data breaches. A small company can have very big exposure.”

Cyberinsurance isn’t a necessity for every company, but business owners should speak with their insurance agent about their options.