Two-thirds of large businesses have experienced a data breach in the last year, and nearly half of small and midsized businesses (SMBs) have been the victim of a cyber attack. With the increase in cyber breaches, the National Institute of Standards and Technology established a framework in 2013 for reducing risks to the nation’s critical infrastructure. The framework takes a “best practice” approach to analyzing and mitigating risks and recommends five steps that any sized company can take for addressing cyber threats.The five steps are:
- Identify: Inventory your most valuable assets, the “crown jewels” that are of greatest importance to your business and would be most valuable to criminals, such as employee, customer and payment data.
- Protect: Assess what protective measures you need to have in place to be as defended as possible against a cyber incident.
- Detect: Have systems in place that would alert you if an incident occurs, including the ability for employees to report problems.
- Respond: Make and practice an incidence response plan to contain an attack and maintain business operations in the short-term.
- Recover: Know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.
On a day-to-day basis, businesses can improve their online safety practices by following these four tips:
1. Keep a clean machine Having the latest security software, web browser and operating system in your business are the best defenses against viruses, malware and other online threats.
2. Protect information Secure accounts by adding two-factor authentication and making passwords long, strong and unique.
3. Protect the company’s online reputation Set security and privacy settings to your comfort level of sharing.
4. Educate employees Teach your employees basic best practices. For example, if an email, social network post or text message looks suspicious—even if you know the source—delete it.
Many SMBs are increasingly vulnerable to cyber attacks. All businesses should focus on creating a culture of cybersecurity and keep protecting the company top of mind for employees.