small business security

Most small and midsize businesses are weak on cyber security. In fact, in a study by Verizon, published in their 2013 Data Breach Investigations Report, it was found that as many as 83% of all small businesses had no formal strategy to prevent or manage their cyber security risk. Flatly stated, most small to midsize businesses don’t believe it will happen to them.

If you still believe it won’t happen to your business, this article is not meant to change your mind, but please be aware that this is a serious threat. According to a different study from 2012 by the National Cyber Security Alliance, 60% of businesses who suffer a significant data breach are out of business in 6 months or less.

The purpose of this article is to give any reader some simple, easy-to-implement suggestions to help minimize risk and provide a framework for 2016 planning.

Generally accepted Hardware & Software minimums:

There are some minimum requirements that all businesses should have in place, regardless of their size. The cost of this insurance is relatively cheap compared with the risk of a threat.

Firewall: This is the system that secures your perimeter, it ensures that anything (ALL data packets) coming in from the internet is filtered before it enters your network. The software running on the firewall is updated constantly to prevent most threats. Make sure the unit has a current comprehensive threat management software running.

Antivirus & Anti-Malware: This software runs on computers and servers to ensure they are individually protected from any threat. This could be an email you open, a thumb drive with a corrupted file on it, or a website you visit. It is the last line of defense.

Backup & Disaster Recovery system: Every business should have a thoughtful and comprehensive backup disaster recovery service that will allow them to restore their data and operations in the event of a security breach corrupting data and files.

Talk with your IT Team, Create a plan

Every family should have an emergency preparedness conversation, every doctor should have a HIPAA violation discussion, and every business should have a cyber security plan. This is a marriage of policies, responsibilities and delegations meant to prevent and/or mitigate a cyber problem. For instance, you should designate one person who is in charge of working with your IT vendor who can cover and review the generally accepted hardware and software minimums on a pre-determined basis. This person can act as the mouthpiece for best practices, reminding people of the strategies and policies that keep the business safe, and ideally incorporating it into a policy manual. For instance:

Passwords will be reset every 90 days. If a user fails to do so they will lose access to their systems and need to place a trouble ticket to reinstate access.

If a cell phone containing work emails is lost or stolen, the user must notify the business manager within 1 business day of noticing the loss, and all data will be remotely wiped off the device.

All laptops used for credit card or financial/accounting purposes must employ BitLocker on the hard drive to encrypt data should it be stolen. Etc.

These conversations take time, but are otherwise free, and they can pay huge dividends in preventing problems in the first place.

(Strongly) Consider Cyber Insurance

Guess what, cyber insurance is expensive! But so is fire insurance in rain-parched California or tsunami insurance on the Oregon coast. This means that the actuaries who define risk for the insurance companies think there is significant risk, which means you should seriously look into coverage IF a data breach would potentially compromise intellectual or private data. Insurance is a lot cheaper than going out of business, and shows thoughtfulness and consideration on the policy-holders side that would be reassuring to customers or vendors in the case of a nasty event.


For any business owner or manager, we would offer this suggestion: Think about walking into your business on a Monday morning, and not being able to log into your systems. Imagine scrambling to figure out why, only to learn that an unknown actor has maliciously infiltrated your network and has locked you out. What is it worth to you to avoid a scenario like this?

Contact Upward Technology if you would like to have a cyber security strategy.